staging.auth.rfdme.io Open in urlscan Pro
52.68.140.27 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://staging.auth.rfdme.io/
Submission: On September 20 via automatic, source certstream-suspicious (September 20th 2024, 12:57:55 am UTC) — Scanned from JP

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 17 HTTP transactions. The main IP is 52.68.140.27, located in Tokyo, Japan and belongs to AMAZON-02, US. The main domain is staging.auth.rfdme.io.
TLS certificate: Issued by Amazon RSA 2048 M03 on October 20th 2023. Valid for: a year.

This is the only time staging.auth.rfdme.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	52.68.140.27 52.68.140.27	16509 (AMAZON-02) (AMAZON-02)
1	2404:6800:400... 2404:6800:4004:823::200a	15169 (GOOGLE) (GOOGLE)
3	172.217.175.68 172.217.175.68	15169 (GOOGLE) (GOOGLE)
6	2404:6800:400... 2404:6800:4004:820::2003	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4004:825::2003	15169 (GOOGLE) (GOOGLE)
17	5

6 52.68.140.27 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-68-140-27.ap-northeast-1.compute.amazonaws.com

staging.auth.rfdme.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:823::200a (Australia)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.175.68 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt20s20-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2404:6800:4004:820::2003 (Australia)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:825::2003 (Australia)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	gstatic.com fonts.gstatic.com www.gstatic.com	395 KB
6	rfdme.io staging.auth.rfdme.io	3 MB
3	google.com www.google.com — Cisco Umbrella Rank: 3	989 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	34 KB
17	4

	Domain	Requested by
6	fonts.gstatic.com	fonts.googleapis.com
6	staging.auth.rfdme.io	staging.auth.rfdme.io
3	www.google.com	staging.auth.rfdme.io www.gstatic.com
1	www.gstatic.com	www.google.com
1	fonts.googleapis.com	staging.auth.rfdme.io
17	5

This site contains no links.

Subject Issuer	Validity	Valid
staging.auth.rfdme.io Amazon RSA 2048 M03	`2023-10-20` - `2024-11-18`	a year	crt.sh
upload.video.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.gstatic.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://staging.auth.rfdme.io/
Frame ID: 06AF828387C23D9BADAB1748856B1BD2
Requests: 15 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNmRYjAAAAAFuFUYGpCu_OSdR8Ukw0TUJz1m6V&co=aHR0cHM6Ly9zdGFnaW5nLmF1dGgucmZkbWUuaW86NDQz&hl=ja&type=image&v=EGbODne6buzpTnWrrBprcfAY&theme=light&size=normal&badge=bottomright&cb=pi8jkb9d7d8l
Frame ID: DC56C7BDB68908037115CD3DD15B7585
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=ja&v=EGbODne6buzpTnWrrBprcfAY&k=6LcNmRYjAAAAAFuFUYGpCu_OSdR8Ukw0TUJz1m6V
Frame ID: 6F152002125DC7120070B8D4D52EEAA3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

RFD Auth System

Detected technologies

Ant Design (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]*class="ant-(?:btn|col|row|layout|breadcrumb|menu|pagination|steps|select|cascader|checkbox|calendar|form|input-number|input|mention|rate|radio|slider|switch|tree-select|time-picker|transfer|upload|avatar|badge|card|carousel|collapse|list|popover|tooltip|table|tabs|tag|timeline|tree|alert|modal|message|notification|progress|popconfirm|spin|anchor|back-top|divider|drawer)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

17
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

3519 kB
Transfer

3933 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
staging.auth.rfdme.io/ 743 B
894 B 39ms
5ms Document
text/html 52.68.140.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://staging.auth.rfdme.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.140.27 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-140-27.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: 0536fa004ab126913a5f9ccb44f12eaacce231dd740fea1b236f47e77cb6d404

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-length: 743
content-type: text/html
date: Fri, 20 Sep 2024 00:57:50 GMT
etag: "66d70501-2e7"
last-modified: Tue, 03 Sep 2024 12:45:53 GMT
server: nginx/1.22.1

GET
H2 200 css2
fonts.googleapis.com/ 122 KB
34 KB 90ms
43ms Stylesheet
text/css 2404:6800:4004:823::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans+TC&family=Roboto&display=swap

Requested by

Host: staging.auth.rfdme.io
URL: https://staging.auth.rfdme.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:823::200a , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e4cf58bb54380aaea03ce523c1e0d52f1c7fcbbe9feb14d9f9ae933125e3b6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://staging.auth.rfdme.io/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 20 Sep 2024 00:57:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 20 Sep 2024 00:57:50 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 20 Sep 2024 00:43:52 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 main.7717c244.js Show response
staging.auth.rfdme.io/static/js/ 2 MB
2 MB 16ms
15ms Script
application/javascript 52.68.140.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://staging.auth.rfdme.io/static/js/main.7717c244.js
Requested by: Host: staging.auth.rfdme.io
URL: https://staging.auth.rfdme.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.140.27 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-140-27.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: b6ca17b642df713b4e0c585d9aa191d97643a15d270123f87db66ab0c783d493

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://staging.auth.rfdme.io/

Response headers

accept-ranges: bytes
content-length: 2573605
date: Fri, 20 Sep 2024 00:57:50 GMT
etag: "66d70501-274525"
content-type: application/javascript
last-modified: Tue, 03 Sep 2024 12:45:53 GMT
server: nginx/1.22.1

GET
H2 200 main.854c6ce3.css
staging.auth.rfdme.io/static/css/ 542 KB
543 KB 8ms
8ms Stylesheet
text/css 52.68.140.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://staging.auth.rfdme.io/static/css/main.854c6ce3.css
Requested by: Host: staging.auth.rfdme.io
URL: https://staging.auth.rfdme.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.140.27 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-140-27.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: 53c7d15574b13c70f22283f2caac9efd5438e95d64fe0cb7592caccffb840632

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://staging.auth.rfdme.io/

Response headers

accept-ranges: bytes
content-length: 555370
date: Fri, 20 Sep 2024 00:57:50 GMT
etag: "66d70501-8796a"
content-type: text/css
last-modified: Tue, 03 Sep 2024 12:45:53 GMT
server: nginx/1.22.1

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
989 B 95ms
47ms Script
text/javascript 172.217.175.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit

Requested by

Host: staging.auth.rfdme.io
URL: https://staging.auth.rfdme.io/static/js/main.7717c244.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.175.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt20s20-in-f4.1e100.net

Software

ESF /

Resource Hash

502f6ff7b90fb11c809baa247df7f013d42de295c603b8d86cf3943080c5ac2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://staging.auth.rfdme.io/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Fri, 20 Sep 2024 00:57:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Fri, 20 Sep 2024 00:57:50 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
19 KB 53ms
2ms Font
font/woff2 2404:6800:4004:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+TC&family=Roboto&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:820::2003 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://staging.auth.rfdme.io
Referer: https://fonts.googleapis.com/

Response headers

age: 86179
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 19 Sep 2025 01:01:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Sep 2024 01:01:31 GMT
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18536
x-xss-protection: 0
server: sffe

GET
H2 200 -nFuOG829Oofr2wohFbTp9ifNAn722rq0MXz76Cy_C8mrWSt1KeqzFVoizG-KdWhyhvKuGOf8EUcrq3YKp7nxxk.119.woff2
fonts.gstatic.com/s/notosanstc/v36/ 18 KB
18 KB 61ms
11ms Font
font/woff2 2404:6800:4004:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosanstc/v36/-nFuOG829Oofr2wohFbTp9ifNAn722rq0MXz76Cy_C8mrWSt1KeqzFVoizG-KdWhyhvKuGOf8EUcrq3YKp7nxxk.119.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+TC&family=Roboto&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:820::2003 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd971787c86f0bacc83325e1c0abf66d6cca0fddfbf8e19e0afd05f801f1fcf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://staging.auth.rfdme.io
Referer: https://fonts.googleapis.com/

Response headers

age: 66267
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 19 Sep 2025 06:33:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Sep 2024 06:33:23 GMT
last-modified: Mon, 29 Jul 2024 22:35:45 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18704
x-xss-protection: 0
server: sffe

GET
H2 200 -nFuOG829Oofr2wohFbTp9ifNAn722rq0MXz76Cy_C8mrWSt1KeqzFVoizG-KdWhyhvKuGOf8EUcrq3YKp7nxxk.118.woff2
fonts.gstatic.com/s/notosanstc/v36/ 31 KB
32 KB 58ms
8ms Font
font/woff2 2404:6800:4004:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosanstc/v36/-nFuOG829Oofr2wohFbTp9ifNAn722rq0MXz76Cy_C8mrWSt1KeqzFVoizG-KdWhyhvKuGOf8EUcrq3YKp7nxxk.118.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+TC&family=Roboto&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:820::2003 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2539a378b0d3b6f92a1df7bc51b3789fa5a3e5d51f96535c6cac53c867fb85d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://staging.auth.rfdme.io
Referer: https://fonts.googleapis.com/

Response headers

age: 30177
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 19 Sep 2025 16:34:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Sep 2024 16:34:53 GMT
last-modified: Mon, 29 Jul 2024 22:35:44 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 32172
x-xss-protection: 0
server: sffe

GET
H2 200 -nFuOG829Oofr2wohFbTp9ifNAn722rq0MXz76Cy_C8mrWSt1KeqzFVoizG-KdWhyhvKuGOf8EUcrq3YKp7nxxk.117.woff2
fonts.gstatic.com/s/notosanstc/v36/ 34 KB
34 KB 59ms
9ms Font
font/woff2 2404:6800:4004:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosanstc/v36/-nFuOG829Oofr2wohFbTp9ifNAn722rq0MXz76Cy_C8mrWSt1KeqzFVoizG-KdWhyhvKuGOf8EUcrq3YKp7nxxk.117.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+TC&family=Roboto&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:820::2003 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fae238fdb4d0634940ae287fefaab52a148841830b5d04f1c906e9af4ccac705

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://staging.auth.rfdme.io
Referer: https://fonts.googleapis.com/

Response headers

age: 35336
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 19 Sep 2025 15:08:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Sep 2024 15:08:54 GMT
last-modified: Mon, 29 Jul 2024 22:36:15 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34840
x-xss-protection: 0
server: sffe

GET
H2 200 -nFuOG829Oofr2wohFbTp9ifNAn722rq0MXz76Cy_C8mrWSt1KeqzFVoizG-KdWhyhvKuGOf8EUcrq3YKp7nxxk.115.woff2
fonts.gstatic.com/s/notosanstc/v36/ 38 KB
39 KB 55ms
5ms Font
font/woff2 2404:6800:4004:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosanstc/v36/-nFuOG829Oofr2wohFbTp9ifNAn722rq0MXz76Cy_C8mrWSt1KeqzFVoizG-KdWhyhvKuGOf8EUcrq3YKp7nxxk.115.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+TC&family=Roboto&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:820::2003 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5772fabd926438897c97c9b740173baecfa31aac01dfdaa50831a1d8daf2813

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://staging.auth.rfdme.io
Referer: https://fonts.googleapis.com/

Response headers

age: 29279
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 19 Sep 2025 16:49:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Sep 2024 16:49:51 GMT
last-modified: Mon, 29 Jul 2024 22:37:33 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 39392
x-xss-protection: 0
server: sffe

GET
H2 200 -nFuOG829Oofr2wohFbTp9ifNAn722rq0MXz76Cy_C8mrWSt1KeqzFVoizG-KdWhyhvKuGOf8EUcrq3YKp7nxxk.116.woff2
fonts.gstatic.com/s/notosanstc/v36/ 37 KB
37 KB 56ms
6ms Font
font/woff2 2404:6800:4004:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosanstc/v36/-nFuOG829Oofr2wohFbTp9ifNAn722rq0MXz76Cy_C8mrWSt1KeqzFVoizG-KdWhyhvKuGOf8EUcrq3YKp7nxxk.116.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans+TC&family=Roboto&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:820::2003 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

205a5c61870631a2e2e06f2c287cffde8f5ed1fcc8e1f23c75f877785ea9b1f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://staging.auth.rfdme.io
Referer: https://fonts.googleapis.com/

Response headers

age: 35527
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 19 Sep 2025 15:05:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Sep 2024 15:05:43 GMT
last-modified: Mon, 29 Jul 2024 22:37:40 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 38020
x-xss-protection: 0
server: sffe

GET
H2 200 logo_login.6aa209dae1eb3e541f981c7e905024b2.svg
staging.auth.rfdme.io/static/media/ 24 KB
25 KB 7ms
6ms Image
image/svg+xml 52.68.140.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staging.auth.rfdme.io/static/media/logo_login.6aa209dae1eb3e541f981c7e905024b2.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.140.27 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-140-27.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: f515cfd5aefb3ff2905f6d7e968acd7581167daa66fc8c91c4e8dd9ae434045a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://staging.auth.rfdme.io/login

Response headers

accept-ranges: bytes
content-length: 24963
date: Fri, 20 Sep 2024 00:57:50 GMT
etag: "66d70501-6183"
content-type: image/svg+xml
last-modified: Tue, 03 Sep 2024 12:45:53 GMT
server: nginx/1.22.1

GET
H2 200 favicon.ico
staging.auth.rfdme.io/ 4 KB
4 KB 5ms
5ms Other
image/x-icon 52.68.140.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://staging.auth.rfdme.io/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.140.27 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-140-27.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: f7346b69c5bbba2a0ba6668a467fa88ab9c0aaa1dec2d8b404c19d7640410301

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://staging.auth.rfdme.io/login

Response headers

accept-ranges: bytes
content-length: 4286
date: Fri, 20 Sep 2024 00:57:50 GMT
etag: "66d70501-10be"
content-type: image/x-icon
last-modified: Tue, 03 Sep 2024 12:45:53 GMT
server: nginx/1.22.1

GET
H2 200 favicon.ico
staging.auth.rfdme.io/ 4 KB
0 5ms
5ms Other
image/x-icon 52.68.140.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://staging.auth.rfdme.io/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.140.27 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-140-27.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: f7346b69c5bbba2a0ba6668a467fa88ab9c0aaa1dec2d8b404c19d7640410301

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://staging.auth.rfdme.io/login

Response headers

accept-ranges: bytes
content-length: 4286
date: Fri, 20 Sep 2024 00:57:50 GMT
etag: "66d70501-10be"
content-type: image/x-icon
last-modified: Tue, 03 Sep 2024 12:45:53 GMT
server: nginx/1.22.1

GET
H2 200 recaptcha__ja.js Show response
www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/ 542 KB
217 KB 50ms
4ms Script
text/javascript 2404:6800:4004:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__ja.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:825::2003 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c3ecc39856ed3dd146a5547490f5bf001beb4ed3ab8bb106082576e64519500

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://staging.auth.rfdme.io
Referer: https://staging.auth.rfdme.io/

Response headers

content-encoding: gzip
age: 34853
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Fri, 19 Sep 2025 15:16:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Sep 2024 15:16:57 GMT
last-modified: Tue, 03 Sep 2024 02:00:38 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 221112
x-xss-protection: 0
server: sffe

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame DC56 0
0 120ms
83ms Document
text/html 172.217.175.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNmRYjAAAAAFuFUYGpCu_OSdR8Ukw0TUJz1m6V&co=aHR0cHM6Ly9zdGFnaW5nLmF1dGgucmZkbWUuaW86NDQz&hl=ja&type=image&v=EGbODne6buzpTnWrrBprcfAY&theme=light&size=normal&badge=bottomright&cb=pi8jkb9d7d8l

Requested by

Host: staging.auth.rfdme.io
URL: https://staging.auth.rfdme.io/static/js/main.7717c244.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.175.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt20s20-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FzkeILg_3V61ck92daHhtA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://staging.auth.rfdme.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-FzkeILg_3V61ck92daHhtA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Fri, 20 Sep 2024 00:57:51 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bframe
www.google.com/recaptcha/api2/ Frame 6F15 0
0 49ms
48ms Document
text/html 172.217.175.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=ja&v=EGbODne6buzpTnWrrBprcfAY&k=6LcNmRYjAAAAAFuFUYGpCu_OSdR8Ukw0TUJz1m6V

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__ja.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.175.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt20s20-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XWO4tOGwpooN0U1CO3AZQw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://staging.auth.rfdme.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-XWO4tOGwpooN0U1CO3AZQw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Fri, 20 Sep 2024 00:57:51 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
staging.auth.rfdme.io
www.google.com
www.gstatic.com
172.217.175.68
2404:6800:4004:820::2003
2404:6800:4004:823::200a
2404:6800:4004:825::2003
52.68.140.27
0536fa004ab126913a5f9ccb44f12eaacce231dd740fea1b236f47e77cb6d404
205a5c61870631a2e2e06f2c287cffde8f5ed1fcc8e1f23c75f877785ea9b1f4
2e4cf58bb54380aaea03ce523c1e0d52f1c7fcbbe9feb14d9f9ae933125e3b6c
502f6ff7b90fb11c809baa247df7f013d42de295c603b8d86cf3943080c5ac2b
53c7d15574b13c70f22283f2caac9efd5438e95d64fe0cb7592caccffb840632
6c3ecc39856ed3dd146a5547490f5bf001beb4ed3ab8bb106082576e64519500
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
a2539a378b0d3b6f92a1df7bc51b3789fa5a3e5d51f96535c6cac53c867fb85d
b6ca17b642df713b4e0c585d9aa191d97643a15d270123f87db66ab0c783d493
cd971787c86f0bacc83325e1c0abf66d6cca0fddfbf8e19e0afd05f801f1fcf8
d5772fabd926438897c97c9b740173baecfa31aac01dfdaa50831a1d8daf2813
f515cfd5aefb3ff2905f6d7e968acd7581167daa66fc8c91c4e8dd9ae434045a
f7346b69c5bbba2a0ba6668a467fa88ab9c0aaa1dec2d8b404c19d7640410301
fae238fdb4d0634940ae287fefaab52a148841830b5d04f1c906e9af4ccac705

staging.auth.rfdme.io Open in urlscan Pro 52.68.140.27 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

60 %IPv6

4 Domains

5 Subdomains

5 IPs

3 Countries

3519 kBTransfer

3933 kBSize

0 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

0 Cookies

Indicators

staging.auth.rfdme.io Open in urlscan Pro
52.68.140.27 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

3519 kB
Transfer

3933 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions