urlscan.io logo urlscan.io
SecurityTrails logo

account.withings.com Open in urlscan Pro
2a01:8200:1001:1:89:30:121:150  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://decim-al.com/
Effective URL: https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2d...
Submission: On November 25 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 25 HTTP transactions. The main IP is 2a01:8200:1001:1:89:30:121:150, located in France and belongs to BSO IX Reach Ltd, GB. The main domain is account.withings.com.
TLS certificate: Issued by R10 on October 15th 2024. Valid for: 3 months.
This is the only time account.withings.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 6 54.72.65.186 16509 (AMAZON-02)
4 2a04:4e42:200... 54113 (FASTLY)
1 15 2a01:8200:100... 4455 (BSO IX Re...)
2 2a00:1450:400... 15169 (GOOGLE)
1 89.30.121.180 4455 (BSO IX Re...)
25 5
6    54.72.65.186 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-65-186.eu-west-1.compute.amazonaws.com
decim-al.com
4    2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
15    2a01:8200:1001:1:89:30:121:150 (France)

ASN4455 (BSO IX Reach Ltd, GB)
account.withings.com
2    2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
1    89.30.121.180 (France)

ASN4455 (BSO IX Reach Ltd, GB)
static.withings.com
Apex Domain
Subdomains		 Transfer
16 withings.com
account.withings.com
static.withings.com — Cisco Umbrella Rank: 73941
1022 KB
6 decim-al.com
decim-al.com
176 KB
4 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 318
90 KB
2 google.com
apis.google.com — Cisco Umbrella Rank: 121
113 KB
25 4
Domain Requested by
15 account.withings.com 1 redirects decim-al.com
account.withings.com
6 decim-al.com 2 redirects decim-al.com
4 cdn.jsdelivr.net decim-al.com
2 apis.google.com account.withings.com
apis.google.com
1 static.withings.com account.withings.com
25 5

This site contains links to these domains. Also see Links.

Domain
www.withings.com
Subject Issuer Validity Valid
decim-al.com
E6		 2024-11-20 -
2025-02-18		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
*.withings.com
R10		 2024-10-15 -
2025-01-13		 3 months crt.sh
*.apis.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
Frame ID: 639F097F6294CCF31AE7D49158BD8B0E
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Mein Konto

Page URL History Show full URLs

  1. https://decim-al.com/ HTTP 302
    https://decim-al.com/chart Page URL
  2. https://decim-al.com/authorize HTTP 302
    https://account.withings.com/oauth2_user/authorize2?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a2... HTTP 302
    https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a45... Page URL

Detected technologies

Overall confidence: 75%
Detected patterns
  • /Chart(?:\.bundle)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

25
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

4
Countries

1398 kB
Transfer

2139 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://decim-al.com/ HTTP 302
    https://decim-al.com/chart Page URL
  2. https://decim-al.com/authorize HTTP 302
    https://account.withings.com/oauth2_user/authorize2?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https://decim-al.com/withings/callback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q HTTP 302
    https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://decim-al.com/ HTTP 302
  • https://decim-al.com/chart

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
chart
decim-al.com/
Redirect Chain
  • https://decim-al.com/
  • https://decim-al.com/chart
26 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://decim-al.com/chart
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.72.65.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-65-186.eu-west-1.compute.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
acd0829e76ea6522a46dca68c9d0fe3f601c4a4b273984519a4a1a02d3c78ed7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Mon, 25 Nov 2024 04:35:26 GMT
Server
nginx/1.22.1
Transfer-Encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
199
Content-Type
text/html; charset=utf-8
Date
Mon, 25 Nov 2024 04:35:26 GMT
Location
/chart
Server
nginx/1.22.1
chart.js
cdn.jsdelivr.net/npm/ 		201 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/chart.js
Requested by
Host: decim-al.com
URL: https://decim-al.com/chart
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9653a0813db743bbe78332a3896e28c7bc7546e4fff51e7e979e908d1f0471d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://decim-al.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"32441-Wxg9CflNBeP4FUgdFsdqB5YZCgQ"
age
17614
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Mon, 25 Nov 2024 04:35:26 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220086-FRA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
66011
x-jsd-version
4.4.6
hammerjs@2.0.8
cdn.jsdelivr.net/npm/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/hammerjs@2.0.8
Requested by
Host: decim-al.com
URL: https://decim-al.com/chart
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7953631f0e54794d2352a3cfa591c0914d73e14f90141058e3cf16bee7939bcf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://decim-al.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"511d-2r+t5mVqEBjQZbXzZz9BVKr3qLo"
age
1619696
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Mon, 25 Nov 2024 04:35:26 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220086-FRA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
7706
x-jsd-version
2.0.8
chartjs-plugin-zoom
cdn.jsdelivr.net/npm/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/chartjs-plugin-zoom
Requested by
Host: decim-al.com
URL: https://decim-al.com/chart
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
229c2c22b259cd9b8113876bb9dd1acd04ee1b9d3863ae7f65bd8921c9f94fea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://decim-al.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"3a6e-3lboMGnXNtKWGCLOxXCv6Fr0Z+s"
age
8934
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Mon, 25 Nov 2024 04:35:26 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220086-FRA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
5346
x-jsd-version
2.1.0
chartjs-adapter-date-fns
cdn.jsdelivr.net/npm/ 		49 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/chartjs-adapter-date-fns
Requested by
Host: decim-al.com
URL: https://decim-al.com/chart
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ea7ab30d26c38dcf1f2d26bb43e73a94537b58f1906f55e1a546dd09321b5615
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://decim-al.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"c5da-lPtvIsy8/3GehhLgcCr1+JNceIY"
age
4272
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Mon, 25 Nov 2024 04:35:26 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220086-FRA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
11976
x-jsd-version
3.0.0
trigger-update
decim-al.com/ 		100 B
279 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://decim-al.com/trigger-update
Requested by
Host: decim-al.com
URL: https://decim-al.com/chart
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.72.65.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-65-186.eu-west-1.compute.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
c2a5a73c3364f43aacbdcdc7b9cac16fddbbfe25ce3681ac41d6f0ebc2b20d5a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://decim-al.com/chart

Response headers

Content-Length
100
Date
Mon, 25 Nov 2024 04:35:26 GMT
Content-Type
application/json
Vary
Cookie
Server
nginx/1.22.1
Connection
keep-alive
favicon.ico
decim-al.com/static/images/ 		11 KB
11 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://decim-al.com/static/images/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.72.65.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-65-186.eu-west-1.compute.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://decim-al.com/chart

Response headers

Cache-Control
no-cache
Etag
"1732489528.7171543-11413-2223445508"
Connection
keep-alive
Content-Length
11413
Date
Mon, 25 Nov 2024 04:35:26 GMT
Content-Type
image/vnd.microsoft.icon
Content-Disposition
inline; filename=favicon.ico
Server
nginx/1.22.1
Last-Modified
Sun, 24 Nov 2024 23:05:28 GMT
Primary Request login
account.withings.com/oauth2_user/
Redirect Chain
  • https://decim-al.com/authorize
  • https://account.withings.com/oauth2_user/authorize2?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https://decim-al.com/withings/callback...
  • https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcal...
16 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
Requested by
Host: decim-al.com
URL: https://decim-al.com/chart
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
0f48a38c4fd0dd1f2df1c444a452831ec9962d8e94b3258de55f67f2155521f6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://app.withings.com/
X-Xss-Protection 1

Request headers

Referer
https://decim-al.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-store
content-encoding
gzip
content-length
5646
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
content-type
text/html; charset=UTF-8
date
Mon, 25 Nov 2024 04:35:26 GMT
permissions-policy
payment=(self https://*.withings.com)
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://app.withings.com/
x-xss-protection
1

Redirect headers

cache-control
no-store
content-length
0
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
content-type
text/html; charset=UTF-8
date
Mon, 25 Nov 2024 04:35:26 GMT
location
/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
permissions-policy
payment=(self https://*.withings.com)
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://app.withings.com/
x-xss-protection
1
weight-data
decim-al.com/ 		157 KB
157 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://decim-al.com/weight-data
Requested by
Host: decim-al.com
URL: https://decim-al.com/chart
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.72.65.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-65-186.eu-west-1.compute.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://decim-al.com/chart

Response headers

Access-Control-Allow-Origin
*
Content-Length
161058
Date
Mon, 25 Nov 2024 04:35:26 GMT
Content-Type
application/json
Server
nginx/1.22.1
Connection
keep-alive
g=baseCSS&881349ce
account.withings.com/min/ 		108 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.withings.com/min/g=baseCSS&881349ce
Requested by
Host: account.withings.com
URL: https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
431d3f257da57a390a8372c4c3eec437420e2fd60d40a8de32712f37311d1d5e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
cache-control
max-age=31536000
content-encoding
gzip
etag
"pub1732024745;gz"
expires
Tue, 25 Nov 2025 04:35:26 GMT
content-length
18474
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:05 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css; charset=utf-8
x-frame-options
ALLOW-FROM https://app.withings.com/
g=blockCSS&881349ce
account.withings.com/min/ 		96 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.withings.com/min/g=blockCSS&881349ce
Requested by
Host: account.withings.com
URL: https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
152f8646fe212581b55d918c53e855ec6b2f2503c8b9dc20e3fb5f7fc7296f30
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
cache-control
max-age=31536000
content-encoding
gzip
etag
"pub1732024746;gz"
expires
Tue, 25 Nov 2025 04:35:26 GMT
content-length
14277
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:06 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css; charset=utf-8
x-frame-options
ALLOW-FROM https://app.withings.com/
analytics.js
account.withings.com/js/libs/ 		557 B
824 B 		Script
General
Check archive.org
Download Go to
Full URL
https://account.withings.com/js/libs/analytics.js
Requested by
Host: account.withings.com
URL: https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
38c83e6179030118542b1ae9cd014b27247b11602b1f7984a0f73ff1c4b95a29
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
content-encoding
gzip
etag
"22d-627446fba3e80-gzip"
accept-ranges
bytes
content-length
324
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:06 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
x-frame-options
ALLOW-FROM https://app.withings.com/
utils.js
account.withings.com/js/helpers/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.withings.com/js/helpers/utils.js
Requested by
Host: account.withings.com
URL: https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
d47f3186d27d8d4749f7c1bef7e773671372c3204d9528c130afe886b1105f06
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
content-encoding
gzip
etag
"2153-627446fba3e80-gzip"
accept-ranges
bytes
content-length
3254
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:06 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
x-frame-options
ALLOW-FROM https://app.withings.com/
logo_apple.png
account.withings.com/images/apple/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.withings.com/images/apple/logo_apple.png
Requested by
Host: account.withings.com
URL: https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
a82466026286bf0b6e3b321c9c9e98f6e27759124a510caee20dd6f9fff6f3d5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
etag
"fda-627446faafc40"
accept-ranges
bytes
content-length
4058
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:05 GMT
content-type
image/png
server
Apache
x-frame-options
ALLOW-FROM https://app.withings.com/
logo_google.png
account.withings.com/images/google/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.withings.com/images/google/logo_google.png
Requested by
Host: account.withings.com
URL: https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
d38a219873b57266f4bf05f545bcb4feea9193ffe89c3c5d497bd10880581dc3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
etag
"313a-627446faafc40"
accept-ranges
bytes
content-length
12602
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:05 GMT
content-type
image/png
server
Apache
x-frame-options
ALLOW-FROM https://app.withings.com/
account-sw2.jpg
account.withings.com/images/withings/ 		615 KB
616 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.withings.com/images/withings/account-sw2.jpg
Requested by
Host: account.withings.com
URL: https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
623d6b5d4481c15202d129d2b3d19446b95499c31be96a712bd0458f9bf03d52
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
etag
"99ca4-627446fba3e80"
accept-ranges
bytes
content-length
629924
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:06 GMT
content-type
image/jpeg
server
Apache
x-frame-options
ALLOW-FROM https://app.withings.com/
g=baseJS&881349ce
account.withings.com/min/ 		201 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.withings.com/min/g=baseJS&881349ce
Requested by
Host: account.withings.com
URL: https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
0c194ab3fd853b5b0139dc495b73013c74de271de9def5cdbb0d71b64d0387a1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
cache-control
max-age=31536000
content-encoding
gzip
etag
"pub1732024746;gz"
expires
Tue, 25 Nov 2025 04:35:26 GMT
content-length
71296
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:06 GMT
vary
Accept-Encoding
server
Apache
content-type
application/x-javascript; charset=utf-8
x-frame-options
ALLOW-FROM https://app.withings.com/
api:client.js
apis.google.com/js/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/api:client.js
Requested by
Host: account.withings.com
URL: https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d0f6ca533ed73e3b81b4e819997739b90f5ba7446e8d9dad322d21339762eb3
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://account.withings.com/

Response headers

content-encoding
gzip
etag
"0691130e34dd8b95"
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
x-content-type-options
nosniff
expires
Mon, 25 Nov 2024 04:35:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 25 Nov 2024 04:35:26 GMT
content-type
text/javascript
vary
Accept-Encoding
content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cache-control
private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="gapi-team"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
5773
x-xss-protection
0
server
sffe
Gotham-Medium.woff2
account.withings.com/fonts/withings/ 		31 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://account.withings.com/fonts/withings/Gotham-Medium.woff2
Requested by
Host: account.withings.com
URL: https://account.withings.com/min/g=baseCSS&881349ce
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
d3dd655a5202f0212f3dc5c93738557fdf17fe127ce22e80805442aef1d01c6c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://account.withings.com
Referer
https://account.withings.com/min/g=baseCSS&881349ce

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
etag
"7ce4-627446faafc40"
accept-ranges
bytes
content-length
31972
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:05 GMT
content-type
font/woff2
server
Apache
x-frame-options
ALLOW-FROM https://app.withings.com/
aeonik-regular-webfont.woff2
account.withings.com/fonts/withings/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://account.withings.com/fonts/withings/aeonik-regular-webfont.woff2
Requested by
Host: account.withings.com
URL: https://account.withings.com/min/g=baseCSS&881349ce
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
026ab340a8977e595551a93a6ea13edb2a1da01e351fc0d9e4460e7a6efbd2ff
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://account.withings.com
Referer
https://account.withings.com/min/g=baseCSS&881349ce

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
etag
"5900-627446faafc40"
accept-ranges
bytes
content-length
22784
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:05 GMT
content-type
font/woff2
server
Apache
x-frame-options
ALLOW-FROM https://app.withings.com/
HMIconFont.ttf
static.withings.com/content/fonts/HMIcons/1.1.0/ 		160 KB
161 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.withings.com/content/fonts/HMIcons/1.1.0/HMIconFont.ttf
Requested by
Host: account.withings.com
URL: https://account.withings.com/min/g=baseCSS&881349ce
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.30.121.180 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
/
Resource Hash
f4410388ac0bc706f779fd0c4c81dfd002d727c7bc5eeb83946960c05033697f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://account.withings.com
Referer
https://account.withings.com/

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=3600
etag
"2819c-5edfe48a9a4cb"
age
514
expires
Mon, 25 Nov 2024 05:26:52 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
164252
date
Mon, 25 Nov 2024 04:26:52 GMT
last-modified
Mon, 21 Nov 2022 17:21:20 GMT
content-type
font/ttf
Gotham-Book.woff2
account.withings.com/fonts/withings/ 		31 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://account.withings.com/fonts/withings/Gotham-Book.woff2
Requested by
Host: account.withings.com
URL: https://account.withings.com/min/g=baseCSS&881349ce
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
c8ca8ed0f32f7a269e112b200f20e4fa74138a3e8c15318d54f930c86bc96625
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://account.withings.com
Referer
https://account.withings.com/min/g=baseCSS&881349ce

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
etag
"7cb4-627446faafc40"
accept-ranges
bytes
content-length
31924
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:05 GMT
content-type
font/woff2
server
Apache
x-frame-options
ALLOW-FROM https://app.withings.com/
aeonik-medium-webfont.woff2
account.withings.com/fonts/withings/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://account.withings.com/fonts/withings/aeonik-medium-webfont.woff2
Requested by
Host: account.withings.com
URL: https://account.withings.com/min/g=baseCSS&881349ce
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
dc388491b4a95892d1e646bb965e9ca854e6ea78a6f1cb6da5e3903e3c8255ff
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://account.withings.com
Referer
https://account.withings.com/min/g=baseCSS&881349ce

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
etag
"5744-627446faafc40"
accept-ranges
bytes
content-length
22340
date
Mon, 25 Nov 2024 04:35:26 GMT
last-modified
Tue, 19 Nov 2024 13:59:05 GMT
content-type
font/woff2
server
Apache
x-frame-options
ALLOW-FROM https://app.withings.com/
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.luG_e8tZd4w.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo-Oe4c_8IU7-7pJoJmmZXcVlzLgfg/ 		314 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.luG_e8tZd4w.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo-Oe4c_8IU7-7pJoJmmZXcVlzLgfg/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api:client.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
45dd8e30ec6e00e9d5865fd5dc76b6cc162a539289fc11606c930e97b943a4f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://account.withings.com/

Response headers

content-encoding
gzip
age
568049
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
x-content-type-options
nosniff
expires
Tue, 18 Nov 2025 14:47:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 14:47:57 GMT
last-modified
Mon, 11 Nov 2024 18:50:50 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
accept-ranges
bytes
access-control-allow-origin
*
content-length
108913
x-xss-protection
0
server
sffe
favicon.png
account.withings.com/ 		3 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://account.withings.com/favicon.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8200:1001:1:89:30:121:150 , France, ASN4455 (BSO IX Reach Ltd, GB),
Reverse DNS
Software
Apache /
Resource Hash
a30f3b48131ed0242ec2e9d0e1bde2be2e674e504e524f62fdd2c393b4b40262
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
Strict-Transport-Security max-age=31536000
X-Frame-Options ALLOW-FROM https://app.withings.com/

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://account.withings.com/oauth2_user/login?response_type=code&client_id=1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca&redirect_uri=https%3A%2F%2Fdecim-al.com%2Fwithings%2Fcallback&scope=user.metrics&state=epHgSmh9O27Ew1oW4ETO5Q&b=authorize2

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self' https://app.withings.com/ https://www.withings.com/ https://care.withings.com/
etag
"dd7-627446faafc40"
accept-ranges
bytes
content-length
3543
date
Mon, 25 Nov 2024 04:35:27 GMT
last-modified
Tue, 19 Nov 2024 13:59:05 GMT
content-type
image/png
server
Apache
x-frame-options
ALLOW-FROM https://app.withings.com/

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| decodeHtmlEntities function| isValidPassword function| convertWeightValue function| ftToCm function| cmToFt function| setCookie function| getCookie function| deleteCookie function| deleteAnalyticalCookies function| getUrlParamByName function| addOption function| addErrorMessage function| arrayBufferToBase64 function| base64ToBlob function| isPostalCodeValid function| callLog function| closeAllSections function| closeCookieModal function| onUserDontConsent function| onSubmit function| toggleDropDown function| getCookieByName function| $ function| jQuery function| Popper function| MobileDetect function| compareVersions function| initializeDropInUi function| checkWorkerStatus object| gapi object| ___jsl function| setCookieSigninRedirectUrl function| checkLength object| _F_toggles object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| googleapis

7 Cookies

Domain/Path Name / Value
decim-al.com/ Name: session
Value: w2obV71UAFAcgFq4_gpRq5JG2Fmng-T1D1jD3W9SMLw
account.withings.com/ Name: w_uuid
Value: 6fcecb5f26d3c9b7bbfdaf46f1abbcc0
.withings.com/ Name: next_workflow_login
Value: oauth2_user
.withings.com/ Name: next_block_login
Value: authorize2
.withings.com/ Name: current_path_login
Value: %3Fresponse_type%3Dcode%26client_id%3D1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca%26redirect_uri%3Dhttps%253A%252F%252Fdecim-al.com%252Fwithings%252Fcallback%26scope%3Duser.metrics%26state%3DepHgSmh9O27Ew1oW4ETO5Q%26b%3Dauthorize2
.withings.com/ Name: url_params
Value: %3Fresponse_type%3Dcode%26client_id%3D1ff2b0f0b7c4a17206d6d6a275a458561a60356af957b2b2de6dc0b9cc6078ca%26redirect_uri%3Dhttps%253A%252F%252Fdecim-al.com%252Fwithings%252Fcallback%26scope%3Duser.metrics%26state%3DepHgSmh9O27Ew1oW4ETO5Q%26b%3Dauthorize2
.withings.com/ Name: signin_authorize_state
Value: e9b9fa9b65

2 Console Messages

Source Level URL
Text
network error URL: https://decim-al.com/trigger-update
Message:
Failed to load resource: the server responded with a status of 401 (UNAUTHORIZED)
security warning
Message:
Error with Permissions-Policy header: Invalid allowlist item(https://*.withings.com) for feature payment. Allowlist item must be *, self or quoted url.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.withings.com
apis.google.com
cdn.jsdelivr.net
decim-al.com
static.withings.com
2a00:1450:4001:80b::200e
2a01:8200:1001:1:89:30:121:150
2a04:4e42:200::485
54.72.65.186
89.30.121.180
026ab340a8977e595551a93a6ea13edb2a1da01e351fc0d9e4460e7a6efbd2ff
0c194ab3fd853b5b0139dc495b73013c74de271de9def5cdbb0d71b64d0387a1
0f48a38c4fd0dd1f2df1c444a452831ec9962d8e94b3258de55f67f2155521f6
152f8646fe212581b55d918c53e855ec6b2f2503c8b9dc20e3fb5f7fc7296f30
229c2c22b259cd9b8113876bb9dd1acd04ee1b9d3863ae7f65bd8921c9f94fea
38c83e6179030118542b1ae9cd014b27247b11602b1f7984a0f73ff1c4b95a29
3d0f6ca533ed73e3b81b4e819997739b90f5ba7446e8d9dad322d21339762eb3
431d3f257da57a390a8372c4c3eec437420e2fd60d40a8de32712f37311d1d5e
45dd8e30ec6e00e9d5865fd5dc76b6cc162a539289fc11606c930e97b943a4f5
623d6b5d4481c15202d129d2b3d19446b95499c31be96a712bd0458f9bf03d52
7953631f0e54794d2352a3cfa591c0914d73e14f90141058e3cf16bee7939bcf
9653a0813db743bbe78332a3896e28c7bc7546e4fff51e7e979e908d1f0471d1
a30f3b48131ed0242ec2e9d0e1bde2be2e674e504e524f62fdd2c393b4b40262
a82466026286bf0b6e3b321c9c9e98f6e27759124a510caee20dd6f9fff6f3d5
acd0829e76ea6522a46dca68c9d0fe3f601c4a4b273984519a4a1a02d3c78ed7
c2a5a73c3364f43aacbdcdc7b9cac16fddbbfe25ce3681ac41d6f0ebc2b20d5a
c8ca8ed0f32f7a269e112b200f20e4fa74138a3e8c15318d54f930c86bc96625
d38a219873b57266f4bf05f545bcb4feea9193ffe89c3c5d497bd10880581dc3
d3dd655a5202f0212f3dc5c93738557fdf17fe127ce22e80805442aef1d01c6c
d47f3186d27d8d4749f7c1bef7e773671372c3204d9528c130afe886b1105f06
dc388491b4a95892d1e646bb965e9ca854e6ea78a6f1cb6da5e3903e3c8255ff
ea7ab30d26c38dcf1f2d26bb43e73a94537b58f1906f55e1a546dd09321b5615
f4410388ac0bc706f779fd0c4c81dfd002d727c7bc5eeb83946960c05033697f