urlscan.io logo urlscan.io
SecurityTrails logo

navi.discount-domain.com Open in urlscan Pro
104.18.18.236  Public Scan

Go To Rescan Add Verdict Report
URL: https://navi.discount-domain.com/Default/Login
Submission: On June 10 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 4 countries across 4 domains to perform 20 HTTP transactions. The main IP is 104.18.18.236, located in and belongs to CLOUDFLARENET, US. The main domain is navi.discount-domain.com.
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on December 19th 2023. Valid for: a year.
This is the only time navi.discount-domain.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 104.18.18.236 13335 (CLOUDFLAR...)
5 103.3.190.49 7506 (INTERQ GM...)
3 142.250.186.100 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
20 4
Apex Domain
Subdomains		 Transfer
11 discount-domain.com
navi.discount-domain.com
111 KB
5 g-system.io
lss.g-system.io
53 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 5
945 B
1 gstatic.com
www.gstatic.com
205 KB
20 4
Domain Requested by
11 navi.discount-domain.com navi.discount-domain.com
5 lss.g-system.io navi.discount-domain.com
lss.g-system.io
3 www.google.com navi.discount-domain.com
www.gstatic.com
1 www.gstatic.com www.google.com
20 4

This site contains links to these domains. Also see Links.

Domain
gmo.jp
www.onamae.com
www.gmo.jp
Subject Issuer Validity Valid
navi.discount-domain.com
GlobalSign GCC R3 DV TLS CA 2020		 2023-12-19 -
2025-01-19		 a year crt.sh
*.g-system.io
GlobalSign GCC R3 DV TLS CA 2020		 2023-10-19 -
2024-11-19		 a year crt.sh
*.google.com
WR2		 2024-05-21 -
2024-08-13		 3 months crt.sh
*.gstatic.com
WR2		 2024-05-21 -
2024-08-13		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://navi.discount-domain.com/Default/Login
Frame ID: D5E08AFA4A54EDDD2BF3A665FDB494B1
Requests: 16 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ler654UAAAAAEetwlerfg0ArqFvWFf8xgOmllca&co=aHR0cHM6Ly9uYXZpLmRpc2NvdW50LWRvbWFpbi5jb206NDQz&hl=de&v=9pvHvq7kSOTqqZusUzJ6ewaF&size=invisible&cb=wwj9nh9pgksq
Frame ID: 13E325665BF4947759BFBE3B1A76EF57
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=9pvHvq7kSOTqqZusUzJ6ewaF&k=6Ler654UAAAAAEetwlerfg0ArqFvWFf8xgOmllca
Frame ID: B59676FBD3E3277839E53A712BCFF399
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

アカウントマネージャー COMNavi メインメニュー

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <div[^>]+class="g-recaptcha"
  • /recaptcha/api\.js

Page Statistics

20
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

370 kB
Transfer

875 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login
navi.discount-domain.com/Default/ 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://navi.discount-domain.com/Default/Login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
afd5b5ba8998ee67d98425ba553002cb98cec036b55bc8b1510acc4ee343e0d9
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
private,no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8918a0718f87bfc3-WAW
content-encoding
gzip
content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
content-type
text/html; charset=utf-8
date
Mon, 10 Jun 2024 10:20:05 GMT
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload;
x-content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
base.css
navi.discount-domain.com/Content/mixin/ 		76 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://navi.discount-domain.com/Content/mixin/base.css
Requested by
Host: navi.discount-domain.com
URL: https://navi.discount-domain.com/Default/Login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
300d0302bbcda7b2a5ac2f1f611109c8e41356f33c8aa31398bcbe2fcd08c22f
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/Default/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 10 Jun 2024 10:20:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload;
x-powered-by
ASP.NET
content-length
8420
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 09 Feb 2024 10:44:32 GMT
server
cloudflare
etag
"0e8f4f6445bda1:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
cf-ray
8918a0798c30bfc3-WAW
x-content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
modernizr
navi.discount-domain.com/bundles/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://navi.discount-domain.com/bundles/modernizr?v=wBEWDufH_8Md-Pbioxomt90vm6tJN2Pyy9u9zHtWsPo1
Requested by
Host: navi.discount-domain.com
URL: https://navi.discount-domain.com/Default/Login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
0ec4e0295f86b2142b8996e03d4195888843b50d1954d7e248341da032b7ebba
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/Default/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
date
Mon, 10 Jun 2024 10:20:07 GMT
content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
cf-cache-status
DYNAMIC
content-encoding
gzip
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Mon, 10 Jun 2024 10:20:06 GMT
server
cloudflare
vary
User-Agent
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
public,no-cache, no-store, must-revalidate
cf-ray
8918a0798c34bfc3-WAW
expires
Tue, 10 Jun 2025 10:20:06 GMT
back.js
navi.discount-domain.com/Scripts/ 		116 B
237 B 		Script
General
Check archive.org
Download Go to
Full URL
https://navi.discount-domain.com/Scripts/back.js
Requested by
Host: navi.discount-domain.com
URL: https://navi.discount-domain.com/Default/Login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
3ffc30ee15f43973db16fa1ae688ac3f627aac344ed5ebae84d0e311e154aeb2
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/Default/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 10 Jun 2024 10:20:07 GMT
content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
cf-cache-status
DYNAMIC
content-encoding
gzip
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 09 Feb 2024 10:44:32 GMT
server
cloudflare
etag
W/"db7a7cf7445bda1:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
no-cache, no-store, must-revalidate
cf-ray
8918a0798c35bfc3-WAW
x-content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
logo.gif
navi.discount-domain.com/images/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://navi.discount-domain.com/images/logo.gif
Requested by
Host: navi.discount-domain.com
URL: https://navi.discount-domain.com/Default/Login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
df2e060b68db5446bcea8c1785a246d5d05f1c3f9aba5c8d22f3bcdc33c34d6c
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/Default/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 10 Jun 2024 10:20:07 GMT
content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
cf-cache-status
DYNAMIC
x-powered-by
ASP.NET
content-length
10289
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 09 Feb 2024 10:44:33 GMT
server
cloudflare
etag
"259fc1f7445bda1:0"
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
cf-ray
8918a0798c37bfc3-WAW
x-content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
com_unix_ttl01.gif
navi.discount-domain.com/images/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://navi.discount-domain.com/images/com_unix_ttl01.gif
Requested by
Host: navi.discount-domain.com
URL: https://navi.discount-domain.com/Default/Login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
10b9538d91e9b6694be677a72c49e61684af53af0c448f8ab96389bd0575d7a4
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/Default/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 10 Jun 2024 10:20:06 GMT
content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
cf-cache-status
DYNAMIC
x-powered-by
ASP.NET
content-length
16883
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 09 Feb 2024 10:44:33 GMT
server
cloudflare
etag
"3bdabcf7445bda1:0"
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
cf-ray
8918a0798c38bfc3-WAW
x-content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
jquery
navi.discount-domain.com/bundles/ 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://navi.discount-domain.com/bundles/jquery?v=FVs3ACwOLIVInrAl5sdzR2jrCDmVOWFbZMY6g6Q0ulE1
Requested by
Host: navi.discount-domain.com
URL: https://navi.discount-domain.com/Default/Login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
8e36a92b48ce8c4a823f7703ae2b1d91a96baf49a3c5c20fa0441df4c20bb3ec
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/Default/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
date
Mon, 10 Jun 2024 10:20:07 GMT
content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
cf-cache-status
DYNAMIC
content-encoding
gzip
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Mon, 10 Jun 2024 10:20:06 GMT
server
cloudflare
vary
User-Agent
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
public,no-cache, no-store, must-revalidate
cf-ray
8918a07daa65bfc3-WAW
expires
Tue, 10 Jun 2025 10:20:06 GMT
bootstrap
navi.discount-domain.com/bundles/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://navi.discount-domain.com/bundles/bootstrap?v=2Fz3B0iizV2NnnamQFrx-NbYJNTFeBJ2GM05SilbtQU1
Requested by
Host: navi.discount-domain.com
URL: https://navi.discount-domain.com/Default/Login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
0c477768d9d0fad3f16c9a5a43644a5d0b8556181940a8646c7901e6dc2a8279
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/Default/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
date
Mon, 10 Jun 2024 10:20:07 GMT
content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
cf-cache-status
DYNAMIC
content-encoding
gzip
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Mon, 10 Jun 2024 10:20:07 GMT
server
cloudflare
vary
User-Agent
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
public,no-cache, no-store, must-revalidate
cf-ray
8918a08299c5bfc3-WAW
expires
Tue, 10 Jun 2025 10:20:07 GMT
main.js
lss.g-system.io/b/ 		53 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lss.g-system.io/b/main.js
Requested by
Host: navi.discount-domain.com
URL: https://navi.discount-domain.com/Default/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.3.190.49 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
unused-103-3-190-049.interq.or.jp
Software
nginx/1.16.1 /
Resource Hash
dc1602a2becaafa249ab8acd7d9f07259c510d70ffd6e7d7449c835e9e990c9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 10 Jun 2024 10:20:08 GMT
x-content-type-options
nosniff
last-modified
Thu, 16 Apr 2020 05:02:31 GMT
server
nginx/1.16.1
etag
"5e97e6e7-d300"
x-frame-options
DENY
content-type
application/javascript
accept-ranges
bytes
content-length
54016
x-xss-protection
1
jqueryval
navi.discount-domain.com/bundles/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://navi.discount-domain.com/bundles/jqueryval?v=hEGG8cMxk9p0ncdRUOJ-CnKN7NezhnPnWIvn6REucZo1
Requested by
Host: navi.discount-domain.com
URL: https://navi.discount-domain.com/Default/Login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
52a8b689a73c228618294e3e544fac3e62507eabf2fe490dc77a00c16e34c452
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/Default/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
date
Mon, 10 Jun 2024 10:20:07 GMT
content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
cf-cache-status
DYNAMIC
content-encoding
gzip
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Mon, 10 Jun 2024 10:20:07 GMT
server
cloudflare
vary
User-Agent
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
public,no-cache, no-store, must-revalidate
cf-ray
8918a08299c8bfc3-WAW
expires
Tue, 10 Jun 2025 10:20:07 GMT
api.js
www.google.com/recaptcha/ 		1 KB
945 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: navi.discount-domain.com
URL: https://navi.discount-domain.com/Default/Login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f4.1e100.net
Software
GSE /
Resource Hash
ce1a9b8660929c7a2de5ee020cc4984e92d8f5123e382bbaf84f3828fd3e0a1a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 10 Jun 2024 10:20:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 10 Jun 2024 10:20:07 GMT
navi_hdr_bg01.gif
navi.discount-domain.com/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://navi.discount-domain.com/images/navi_hdr_bg01.gif
Requested by
Host: navi.discount-domain.com
URL: https://navi.discount-domain.com/Content/mixin/base.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
064dd32267c9ae49d64cdca14f4603f925f4a7dcbdb5990c2fc864f419074c05
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/Content/mixin/base.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 10 Jun 2024 10:20:07 GMT
content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
cf-cache-status
DYNAMIC
x-powered-by
ASP.NET
content-length
9451
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 09 Feb 2024 10:44:33 GMT
server
cloudflare
etag
"4c1c4f7445bda1:0"
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
cf-ray
8918a08299c9bfc3-WAW
x-content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
bda
lss.g-system.io/v1/api/ 		0
129 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lss.g-system.io/v1/api/bda
Requested by
Host: lss.g-system.io
URL: https://lss.g-system.io/b/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.3.190.49 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
unused-103-3-190-049.interq.or.jp
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://navi.discount-domain.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Mon, 10 Jun 2024 10:20:12 GMT
x-content-type-options
nosniff
server
nginx/1.16.1
content-length
0
x-frame-options
DENY
x-xss-protection
1
bda
lss.g-system.io/v1/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://lss.g-system.io/v1/api/bda
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.3.190.49 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
unused-103-3-190-049.interq.or.jp
Software
nginx/1.16.1 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://navi.discount-domain.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
date
Mon, 10 Jun 2024 10:20:12 GMT
server
nginx/1.16.1
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1
recaptcha__de.js
www.gstatic.com/recaptcha/releases/9pvHvq7kSOTqqZusUzJ6ewaF/ 		515 KB
205 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/9pvHvq7kSOTqqZusUzJ6ewaF/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fdcf5ef19dcd3005f0369e3482b28be21a70496f2d045f5a4a15d64523018a1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/
Origin
https://navi.discount-domain.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 13:39:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
160869
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
209755
x-xss-protection
0
last-modified
Mon, 03 Jun 2024 04:00:47 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 08 Jun 2025 13:39:02 GMT
anchor
www.google.com/recaptcha/api2/ Frame 13E3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ler654UAAAAAEetwlerfg0ArqFvWFf8xgOmllca&co=aHR0cHM6Ly9uYXZpLmRpc2NvdW50LWRvbWFpbi5jb206NDQz&hl=de&v=9pvHvq7kSOTqqZusUzJ6ewaF&size=invisible&cb=wwj9nh9pgksq
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/9pvHvq7kSOTqqZusUzJ6ewaF/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-q02Cmiu2js3zCxAlenTjEQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://navi.discount-domain.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-q02Cmiu2js3zCxAlenTjEQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 10 Jun 2024 10:20:11 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
fpa
lss.g-system.io/v1/api/ 		0
129 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lss.g-system.io/v1/api/fpa
Requested by
Host: lss.g-system.io
URL: https://lss.g-system.io/b/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.3.190.49 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
unused-103-3-190-049.interq.or.jp
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://navi.discount-domain.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Mon, 10 Jun 2024 10:20:12 GMT
x-content-type-options
nosniff
server
nginx/1.16.1
content-length
0
x-frame-options
DENY
x-xss-protection
1
fpa
lss.g-system.io/v1/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://lss.g-system.io/v1/api/fpa
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.3.190.49 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
unused-103-3-190-049.interq.or.jp
Software
nginx/1.16.1 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://navi.discount-domain.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
date
Mon, 10 Jun 2024 10:20:12 GMT
server
nginx/1.16.1
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1
favicon.ico
navi.discount-domain.com/ 		31 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://navi.discount-domain.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
a94f8a8553caea8430dd4ca3cc01d4e318d19828f74cb65453ffb7f5d9e2f44d
Security Headers
Name Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://navi.discount-domain.com/Default/Login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 10 Jun 2024 10:20:13 GMT
content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
cf-cache-status
DYNAMIC
content-encoding
gzip
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 09 Feb 2024 10:44:33 GMT
server
cloudflare
etag
W/"fc50b3f7445bda1:0"
x-frame-options
SAMEORIGIN
content-type
image/x-icon
cache-control
no-cache, no-store, must-revalidate
cf-ray
8918a0a3eb00bfc3-WAW
x-content-security-policy
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
bframe
www.google.com/recaptcha/api2/ Frame B596 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=de&v=9pvHvq7kSOTqqZusUzJ6ewaF&k=6Ler654UAAAAAEetwlerfg0ArqFvWFf8xgOmllca
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/9pvHvq7kSOTqqZusUzJ6ewaF/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Al5v_1DRL8gnWhOm8WYnwg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://navi.discount-domain.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-Al5v_1DRL8gnWhOm8WYnwg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 10 Jun 2024 10:20:12 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| html5 object| Modernizr function| fxWin function| $ function| jQuery object| jQuery110208531931136672921 object| respond object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| Login function| submitValidate object| recaptcha object| closure_lm_824492

1 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09ANc4EB-P55uN0V0F-CxZDK_i6X-kT5HlFa50l86BHVZO-QkL5RhZ6RSfyWOOAhwa7-0HRcMzPQVK4I_igW0odYs

2 Console Messages

Source Level URL
Text
other warning URL: https://navi.discount-domain.com/Default/Login
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://navi.discount-domain.com/Default/Login
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Security-Policy default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' www.google.com www.gstatic.com lss.g-system.io 'unsafe-inline' 'unsafe-eval'; frame-src www.google.com; connect-src lss.g-system.io 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block