urlscan.io logo urlscan.io
SecurityTrails logo

www.stock-app.jp Open in urlscan Pro
2600:9000:221a:6000:12:6a55:7740:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.stock-app.jp/
Effective URL: https://www.stock-app.jp/
Submission: On May 08 via api from US — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 2 countries across 7 domains to perform 12 HTTP transactions. The main IP is 2600:9000:221a:6000:12:6a55:7740:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.stock-app.jp.
TLS certificate: Issued by Amazon RSA 2048 M02 on March 1st 2024. Valid for: a year.
This is the only time www.stock-app.jp was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2600:9000:221... 16509 (AMAZON-02)
1 2606:4700:311... 13335 (CLOUDFLAR...)
1 182.22.28.252 23816 (YAHOO Yah...)
1 153.120.48.143 7684 (SAKURA-A ...)
2 54.95.150.33 16509 (AMAZON-02)
1 34.120.195.249 396982 (GOOGLE-CL...)
1 151.101.192.176 54113 (FASTLY)
1 2a03:2880:f00... 32934 (FACEBOOK)
1 151.101.64.176 54113 (FASTLY)
1 18.65.185.126 16509 (AMAZON-02)
12 11
2    2600:9000:221a:6000:12:6a55:7740:93a1 (United States)

ASN16509 (AMAZON-02, US)
www.stock-app.jp
1    2606:4700:3110::6812:3303 (United States)

ASN13335 (CLOUDFLARENET, US)
polyfill.io
1    182.22.28.252 (Japan)

ASN23816 (YAHOO Yahoo Japan Corporation, JP)
s.yimg.jp
1    153.120.48.143 (Japan)

ASN7684 (SAKURA-A SAKURA Internet Inc., JP)
r.moshimo.com
2    54.95.150.33 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-95-150-33.ap-northeast-1.compute.amazonaws.com
api.stock-app.jp
1    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o465384.ingest.sentry.io
1    151.101.192.176 (San Francisco, United States)

ASN54113 (FASTLY, US)
js.stripe.com
1    2a03:2880:f00f:8:face:b00c:0:1 (Tokyo, Japan)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    151.101.64.176 (San Francisco, United States)

ASN54113 (FASTLY, US)
js.stripe.com
1    18.65.185.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-185-126.nrt57.r.cloudfront.net
www.stock-app.jp
Apex Domain
Subdomains		 Transfer
5 stock-app.jp
www.stock-app.jp
api.stock-app.jp
1 MB
2 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1088
167 KB
1 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 183
59 KB
1 sentry.io
o465384.ingest.sentry.io
308 B
1 moshimo.com
r.moshimo.com — Cisco Umbrella Rank: 456100
2 KB
1 yimg.jp
s.yimg.jp — Cisco Umbrella Rank: 6949
10 KB
1 polyfill.io
polyfill.io — Cisco Umbrella Rank: 1484
383 B
12 7
Domain Requested by
3 www.stock-app.jp www.stock-app.jp
2 js.stripe.com www.stock-app.jp
js.stripe.com
2 api.stock-app.jp www.stock-app.jp
1 connect.facebook.net www.stock-app.jp
1 o465384.ingest.sentry.io www.stock-app.jp
1 r.moshimo.com www.stock-app.jp
1 s.yimg.jp www.stock-app.jp
1 polyfill.io www.stock-app.jp
12 8

This site contains no links.

Subject Issuer Validity Valid
*.stock-app.jp
Amazon RSA 2048 M02		 2024-03-01 -
2025-03-30		 a year crt.sh
*.polyfill.io
Sectigo RSA Domain Validation Secure Server CA		 2024-02-20 -
2025-02-19		 a year crt.sh
edge01.yahoo.co.jp
Cybertrust Japan SureServer CA G4		 2024-02-02 -
2025-03-01		 a year crt.sh
*.moshimo.com
GeoTrust TLS RSA CA G1		 2023-07-18 -
2024-08-17		 a year crt.sh
api.stock-app.jp
Amazon RSA 2048 M03		 2023-08-07 -
2024-09-03		 a year crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-02 -
2024-12-02		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-03-27 -
2024-06-27		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-02-15 -
2024-05-15		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.stock-app.jp/
Frame ID: D1D09DF69538B62B40069B1F90BB8B04
Requests: 13 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 90152BD40D3B595D19F95B0FD8FA74AA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Stock

Page URL History Show full URLs

  1. http://www.stock-app.jp/ HTTP 307
    https://www.stock-app.jp/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js

Page Statistics

12
Requests

100 %
HTTPS

30 %
IPv6

7
Domains

8
Subdomains

11
IPs

2
Countries

1692 kB
Transfer

6343 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.stock-app.jp/ HTTP 307
    https://www.stock-app.jp/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.stock-app.jp/
Redirect Chain
  • http://www.stock-app.jp/
  • https://www.stock-app.jp/
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.stock-app.jp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:221a:6000:12:6a55:7740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4e56a85f3175d11c36f9280ab2dc9f94948df215ddb3489dd29f15c270bd2b17

Request headers

Accept-Language
jp-JP,jp;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, s-maxage=2
content-encoding
gzip
content-type
text/html
date
Wed, 08 May 2024 07:23:41 GMT
etag
W/"18dfd06c8a6c1e7a9dac056761c8edf8"
last-modified
Thu, 25 Apr 2024 09:46:09 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 80f9a735214ee6903d0442ea922d2030.cloudfront.net (CloudFront)
x-amz-cf-id
8Spf_6qhyhDCJ74bht72TameDVDU5U_2A2zDLA9eNZMD7SBSn9rzrQ==
x-amz-cf-pop
NRT57-P2
x-cache
Miss from cloudfront

Redirect headers

Location
https://www.stock-app.jp/
Non-Authoritative-Reason
HttpsUpgrades
polyfill.min.js
polyfill.io/v3/ 		104 B
383 B 		Script
General
Check archive.org
Download Go to
Full URL
https://polyfill.io/v3/polyfill.min.js?features=es2015%2CElement.prototype.closest%2CObject.assign%2CObject.entries%2CObject.values%2Cfetch%2CURLSearchParams%2CSymbol.replace%2CElement.prototype.remove%2CArray.prototype.flatMap%2CNodeList.prototype.forEach%2CElement.prototype.scrollBy%2CEvent%2CElement.prototype.replaceWith%2CElement.prototype.append%2CHTMLCanvasElement.prototype.toBlob%2CIntersectionObserver%2CIntersectionObserverEntry
Requested by
Host: www.stock-app.jp
URL: https://www.stock-app.jp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3110::6812:3303 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.stock-app.jp/
Accept-Language
jp-JP,jp;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 08 May 2024 07:23:41 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 15 Apr 2024 23:45:43 GMT
server
cloudflare
age
1928278
vary
Accept-Encoding, User-Agent
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
8807b4b109df206b-NRT
expires
Wed, 08 May 2024 11:23:41 GMT
index.bundle.js
www.stock-app.jp/ 		5 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.stock-app.jp/index.bundle.js
Requested by
Host: www.stock-app.jp
URL: https://www.stock-app.jp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:221a:6000:12:6a55:7740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e8a8db566d51357b6b91f48739a6c16ba596aa629a90fc5e1a0c8d84371a8d74

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.stock-app.jp/
Accept-Language
jp-JP,jp;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 08 May 2024 07:23:41 GMT
content-encoding
gzip
via
1.1 80f9a735214ee6903d0442ea922d2030.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 09:46:09 GMT
server
AmazonS3
x-amz-cf-pop
NRT57-P2
etag
W/"4710090837bef6b00fc6b5dcf9cdf473-2"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
sQAMJ-Qx8zzAQTukjWldowo2Kw4i_sS8exjujOSozbMipUv1afHnxw==
ytag.js
s.yimg.jp/images/listing/tool/cv/ 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.jp/images/listing/tool/cv/ytag.js
Requested by
Host: www.stock-app.jp
URL: https://www.stock-app.jp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
182.22.28.252 , Japan, ASN23816 (YAHOO Yahoo Japan Corporation, JP),
Reverse DNS
Software
nghttpx /
Resource Hash
3356ae8297d2248e8abc6b9a612dda94298164f0ee224a98002167cfe1a68ad3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.stock-app.jp/
Accept-Language
jp-JP,jp;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ats-carp-promotion
1
date
Wed, 08 May 2024 07:16:12 GMT
content-encoding
gzip
last-modified
Thu, 21 Mar 2024 02:12:50 GMT
server
nghttpx
accept-ch
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
age
449
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-ntap-sg-trace-id
2b7080bb3fb0039f
cache-control
public, max-age=600
permissions-policy
ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*
content-length
10012
maftag.js
r.moshimo.com/af/r/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.moshimo.com/af/r/maftag.js
Requested by
Host: www.stock-app.jp
URL: https://www.stock-app.jp/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
153.120.48.143 , Japan, ASN7684 (SAKURA-A SAKURA Internet Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
cddaebd92e57ee64a3c07e9f8ff4479aab2f3f67d1b7c2fb9c007f4020864bd2
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.stock-app.jp/
Accept-Language
jp-JP,jp;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 08 May 2024 07:23:41 GMT
Content-Encoding
gzip
Last-Modified
Mon, 16 Jan 2023 03:07:50 GMT
Server
Apache
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=3, max=30
Content-Length
2039
current_unix_time.json
api.stock-app.jp/api/v2/utils/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.stock-app.jp/api/v2/utils/current_unix_time.json
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.95.150.33 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-95-150-33.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
stock-devise-type,stock-environment,stock-os,stock-platform,stock-request-start-time,stock-version,window-id
Access-Control-Request-Method
GET
Origin
https://www.stock-app.jp
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
stock-devise-type,stock-environment,stock-os,stock-platform,stock-request-start-time,stock-version,window-id
access-control-allow-methods
GET, POST, DELETE, PUT, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
access-token, expiry, token-type, uid, client
access-control-max-age
1728000
date
Wed, 08 May 2024 07:23:41 GMT
/
o465384.ingest.sentry.io/api/5661129/envelope/ 		2 B
308 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o465384.ingest.sentry.io/api/5661129/envelope/?sentry_key=4a37f31ef7704e43875c651e2d2a3366&sentry_version=7&sentry_client=sentry.javascript.react%2F7.31.0
Requested by
Host: www.stock-app.jp
URL: https://www.stock-app.jp/index.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.stock-app.jp/
Accept-Language
jp-JP,jp;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 08 May 2024 07:23:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
truncated
/ 		450 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a9770ca8d3dbc14abf58132a968c8cff8f0f9f1e602f0fcf4527f8e23436dd8

Request headers

Accept-Language
jp-JP,jp;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		353 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
910d42773de429538b60f2bd714ebd734dd66dea33fcd52845228ea0daa77fe1

Request headers

Accept-Language
jp-JP,jp;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
v3
js.stripe.com/ 		604 KB
167 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: www.stock-app.jp
URL: https://www.stock-app.jp/index.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
e5d85fffbebeada87ff91b7e8794d4ba2ce4b94b227b88ac3cf26dff4b7ba431
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.stock-app.jp/
Accept-Language
jp-JP,jp;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Wed, 08 May 2024 07:23:41 GMT
via
1.1 varnish
age
37
x-cache
HIT
content-length
170351
x-request-id
871bdf01-8789-405b-98f0-3825b44daf0f
x-served-by
cache-nrt-rjtf7700067-NRT
last-modified
Tue, 07 May 2024 20:58:09 GMT
server
Fastly
etag
"2bda1d287c45fcfd1b24fb81a1e28168"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
5
current_unix_time.json
api.stock-app.jp/api/v2/utils/ 		24 B
435 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.stock-app.jp/api/v2/utils/current_unix_time.json
Requested by
Host: www.stock-app.jp
URL: https://www.stock-app.jp/index.bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.95.150.33 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-95-150-33.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
249c244f35d0b8176ae06b4d129715bed2741af23ee15577cbd8b4569b438e4a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Stock-Request-Start-Time
1715153021942
Stock-Devise-Type
pc
Stock-Environment
web
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9;q=0.9
Accept
application/json, text/plain, */*
Stock-Platform
web
Referer
https://www.stock-app.jp/
Stock-Version
6.9.3
Stock-Os
windows
Window-Id
a8f9dfaa-3873-4e13-b930-0dbb51262b3a
sec-ch-ua-platform
"Win32"

Response headers

x-runtime
0.007062
date
Wed, 08 May 2024 07:23:41 GMT
content-encoding
gzip
etag
W/"7f36f4963b10297d77398d07b28e2cb5"
vary
Accept-Encoding, Origin
access-control-max-age
1728000
access-control-allow-methods
GET, POST, DELETE, PUT, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
access-token, expiry, token-type, uid, client
cache-control
max-age=0, private, must-revalidate
content-type
application/json
x-request-id
e7d4d4de-0264-4872-ab0a-5a5711111e68
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
31f34a83159bb3849548025529e6b9e08d19522178ad496e41a88feb0f3770d0

Request headers

Accept-Language
jp-JP,jp;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.stock-app.jp
URL: https://www.stock-app.jp/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.stock-app.jp/
Accept-Language
jp-JP,jp;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 08 May 2024 07:23:42 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57845
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=2, rtx=1, c=12, mss=1294, tbw=2779, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
dn2U66kFHuO37RQ2cnfmHq/j/cu/3DTaVPagoOFr9hdyKhUy7BI+9oGz3sWwXcp4G5ejCHoBh6aujTdk9nqKRA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 9015 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9;q=0.9
Referer
https://www.stock-app.jp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2724351
cache-control
max-age=31536000
content-encoding
br
content-length
154
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 08 May 2024 07:23:42 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 05 Apr 2024 20:11:45 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
317779
x-content-type-options
nosniff
x-request-id
f3afbfac-a7c1-48f7-b798-2489b4326e4b
x-served-by
cache-nrt-rjtf7700066-NRT
favicon.ico
www.stock-app.jp/favicon/ 		269 B
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.stock-app.jp/favicon/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.65.185.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-185-126.nrt57.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2f190fd6552ab1d53a7e55085521e0d7ddd4ab23cfb2e5e9f6f7d1101f43b80e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.stock-app.jp/sign-in
Accept-Language
jp-JP,jp;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 08 May 2024 07:23:42 GMT
via
1.1 1b2ec020d55b8b35f77724dc49853982.cloudfront.net (CloudFront)
last-modified
Thu, 25 Apr 2024 09:46:09 GMT
server
AmazonS3
x-amz-cf-pop
NRT57-P2
etag
"4feeb259b40401e40e7bc4ab79e174ba"
x-cache
Miss from cloudfront
content-type
image/vnd.microsoft.icon
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
269
x-amz-cf-id
69KAy0mWWSQI5vv8hYaRexpC2_UmzHvDrxrIpnv4-5-oV3GBPY32bA==

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| __SENTRY__ object| FontAwesomeConfig object| ___FONT_AWESOME___ function| saveAs object| Konva object| __localeData__ object| MAF_CROSS function| mafcross function| gtag function| ytag object| dataLayer object| yjDataLayer function| fbq function| _fbq object| ytagapi object| webpackChunkStripeJSouter function| noop function| Stripe

4 Cookies

Domain/Path Name / Value
.stock-app.jp/ Name: _yjsu_yjad
Value: 1715153022.a907a9ce-da0f-4ed2-8304-251011a83260
m.stripe.com/ Name: m
Value: 0e2b677c-5994-4a6c-989c-56c5206088132b1486
.www.stock-app.jp/ Name: __stripe_mid
Value: 60ccf89a-5aaf-4c1a-8b47-bd5105805c10b9388d
.www.stock-app.jp/ Name: __stripe_sid
Value: 2915b017-d467-455d-a6a3-aa82dda487d5267b33

1 Console Messages

Source Level URL
Text
other warning URL: https://www.stock-app.jp/sign-in
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.