urlscan.io logo urlscan.io
SecurityTrails logo

ecom.acimacredit.com Open in urlscan Pro
54.69.168.142  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ecom.acimacredit.com/
Effective URL: https://ecom.acimacredit.com/
Submission: On May 12 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 13 HTTP transactions. The main IP is 54.69.168.142, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is ecom.acimacredit.com.
TLS certificate: Issued by Amazon on November 14th 2019. Valid for: a year.
This is the only time ecom.acimacredit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 54.69.168.142 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
2 52.129.74.12 395492 (IOVATION3)
1 147.75.0.207 35914 (ARMOR-DEF...)
13 6
8    54.69.168.142 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-168-142.us-west-2.compute.amazonaws.com
ecom.acimacredit.com
cc.acimacredit.com
1    2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700:20::681a:7ad (United States)

ASN13335 (CLOUDFLARENET, US)
code.ionicframework.com
1    2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com
2    52.129.74.12 (United States)

ASN395492 (IOVATION3, US)
PTR: mpsnare.iesnare.com
mpsnare.iesnare.com
1    147.75.0.207 (United States)

ASN35914 (ARMOR-DEFENSE, US)
htp.tokenex.com
Domain Requested by
7 ecom.acimacredit.com 1 redirects ecom.acimacredit.com
2 mpsnare.iesnare.com ecom.acimacredit.com
mpsnare.iesnare.com
1 htp.tokenex.com cc.acimacredit.com
1 cc.acimacredit.com ecom.acimacredit.com
1 maxcdn.bootstrapcdn.com ecom.acimacredit.com
1 code.ionicframework.com ecom.acimacredit.com
1 fonts.googleapis.com ecom.acimacredit.com
13 7

This site contains no links.

Subject Issuer Validity Valid
*.acimacredit.com
Amazon		 2019-11-14 -
2020-12-14		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
ionicframework.com
CloudFlare Inc ECC CA-2		 2019-12-04 -
2020-10-09		 10 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year crt.sh
mpsnare.iesnare.com
DigiCert SHA2 High Assurance Server CA		 2019-04-24 -
2020-05-26		 a year crt.sh
api.tokenex.com
Go Daddy Secure Certificate Authority - G2		 2019-01-22 -
2021-01-31		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://ecom.acimacredit.com/
Frame ID: 699D1107F487D34ABFB09AFB0D2081D4
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://ecom.acimacredit.com/ HTTP 301
    https://ecom.acimacredit.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /^envoy$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+ionicons(?:\.min)?\.css/i

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

325 kB
Transfer

974 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ecom.acimacredit.com/ HTTP 301
    https://ecom.acimacredit.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ecom.acimacredit.com/
Redirect Chain
  • http://ecom.acimacredit.com/
  • https://ecom.acimacredit.com/
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ecom.acimacredit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.69.168.142 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-168-142.us-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
af8866f1a3094183df048df7fb6af3163ac1af3358485082a3e5fb04c5bbd581
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' https://fonts.gstatic.com code.ionicframework.com; frame-src 'self' data: about: https://fts.cardconnect.com https://fts.cardconnect.com:8443 https://fts.prinpay.com:6443 https://portal.icheckgateway.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js https://portal.acimacredit.com ; connect-src 'self' ws://localhost:35729 https://api.rollbar.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com code.ionicframework.com https://test-htp.tokenex.com/ https://api.tokenex.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:35729 https://mpsnare.iesnare.com https://www.google-analytics.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; object-src 'self' data: about: https://mpsnare.iesnare.com; img-src 'self' https://www.google-analytics.com;

Request headers

:method
GET
:authority
ecom.acimacredit.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 12 May 2020 21:09:03 GMT
content-type
text/html;charset=utf-8
server
envoy
vary
Accept-Encoding
api-version
0.26.39.f441e53
content-security-policy
default-src 'self'; font-src 'self' https://fonts.gstatic.com code.ionicframework.com; frame-src 'self' data: about: https://fts.cardconnect.com https://fts.cardconnect.com:8443 https://fts.prinpay.com:6443 https://portal.icheckgateway.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js https://portal.acimacredit.com ; connect-src 'self' ws://localhost:35729 https://api.rollbar.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com code.ionicframework.com https://test-htp.tokenex.com/ https://api.tokenex.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:35729 https://mpsnare.iesnare.com https://www.google-analytics.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; object-src 'self' data: about: https://mpsnare.iesnare.com; img-src 'self' https://www.google-analytics.com;
content-encoding
gzip
x-envoy-upstream-service-time
2

Redirect headers

Server
awselb/2.0
Date
Tue, 12 May 2020 21:09:02 GMT
Content-Type
text/html
Content-Length
150
Connection
keep-alive
Location
https://ecom.acimacredit.com:443/
css
fonts.googleapis.com/ 		461 B
440 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Shadows+Into+Light
Requested by
Host: ecom.acimacredit.com
URL: https://ecom.acimacredit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1183812eaab0458cf831843ea466bfaf5f60602478f17737596f00b6350daf25
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://ecom.acimacredit.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 12 May 2020 21:09:03 GMT
server
ESF
date
Tue, 12 May 2020 21:09:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 12 May 2020 21:09:03 GMT
ionicons.min.css
code.ionicframework.com/ionicons/2.0.1/css/ 		50 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
Requested by
Host: ecom.acimacredit.com
URL: https://ecom.acimacredit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92ac508220f5bb60ec94e07650528eb66625f82a4740ada068cde05365781286

Request headers

Referer
https://ecom.acimacredit.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id
f1bb221d984f0e635928c28573926c2f6bb0444f
date
Tue, 12 May 2020 21:09:03 GMT
via
1.1 varnish
cf-cache-status
HIT
age
2615
x-cache
HIT
status
200
x-cache-hits
1
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
02ac514b81000017769d2cb200000001
x-served-by
cache-fra19125-FRA
last-modified
Thu, 23 Apr 2020 20:57:29 GMT
server
cloudflare
x-github-request-id
B2F4:7441:77E59D:949376:5EB52D0B
x-timer
S1589315129.870090,VS0,VE1
etag
W/"5ea20139-c854"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
x-proxy-cache
MISS
cf-ray
59271e58cbe71776-FRA
x-origin-cache
1
expires
Fri, 08 May 2020 10:07:31 GMT
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 		141 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Requested by
Host: ecom.acimacredit.com
URL: https://ecom.acimacredit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://ecom.acimacredit.com/
Origin
https://ecom.acimacredit.com

Response headers

date
Tue, 12 May 2020 21:09:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:34:10 GMT
status
200
etag
"1544639650"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
20563
leaseApp-32bdb68e23a7ef713def.css
ecom.acimacredit.com/assets/ 		6 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecom.acimacredit.com/assets/leaseApp-32bdb68e23a7ef713def.css
Requested by
Host: ecom.acimacredit.com
URL: https://ecom.acimacredit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.69.168.142 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-168-142.us-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
ba6669ef023726d27820370f6eab829c35bfd10db17014f0dee9142c94afa193
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' https://fonts.gstatic.com code.ionicframework.com; frame-src 'self' data: about: https://fts.cardconnect.com https://fts.cardconnect.com:8443 https://fts.prinpay.com:6443 https://portal.icheckgateway.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js https://portal.acimacredit.com ; connect-src 'self' ws://localhost:35729 https://api.rollbar.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com code.ionicframework.com https://test-htp.tokenex.com/ https://api.tokenex.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:35729 https://mpsnare.iesnare.com https://www.google-analytics.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; object-src 'self' data: about: https://mpsnare.iesnare.com; img-src 'self' https://www.google-analytics.com;

Request headers

Referer
https://ecom.acimacredit.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 12 May 2020 21:09:03 GMT
content-encoding
gzip
last-modified
Mon, 13 Apr 2020 16:18:24 GMT,Mon, 13 Apr 2020 16:18:24 GMT
server
envoy
vary
Accept-Encoding
content-type
text/css
status
200
x-envoy-upstream-service-time
2
content-security-policy
default-src 'self'; font-src 'self' https://fonts.gstatic.com code.ionicframework.com; frame-src 'self' data: about: https://fts.cardconnect.com https://fts.cardconnect.com:8443 https://fts.prinpay.com:6443 https://portal.icheckgateway.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js https://portal.acimacredit.com ; connect-src 'self' ws://localhost:35729 https://api.rollbar.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com code.ionicframework.com https://test-htp.tokenex.com/ https://api.tokenex.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:35729 https://mpsnare.iesnare.com https://www.google-analytics.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; object-src 'self' data: about: https://mpsnare.iesnare.com; img-src 'self' https://www.google-analytics.com;
api-version
0.26.39.f441e53
leaseApp.e94e5b8d27c37dda133f.js
ecom.acimacredit.com/assets/ 		288 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecom.acimacredit.com/assets/leaseApp.e94e5b8d27c37dda133f.js
Requested by
Host: ecom.acimacredit.com
URL: https://ecom.acimacredit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.69.168.142 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-168-142.us-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
90fd8a8e919156ee1705d03964419040dcb3caffa8ccdfbb40859363248a13de
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' https://fonts.gstatic.com code.ionicframework.com; frame-src 'self' data: about: https://fts.cardconnect.com https://fts.cardconnect.com:8443 https://fts.prinpay.com:6443 https://portal.icheckgateway.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js https://portal.acimacredit.com ; connect-src 'self' ws://localhost:35729 https://api.rollbar.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com code.ionicframework.com https://test-htp.tokenex.com/ https://api.tokenex.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:35729 https://mpsnare.iesnare.com https://www.google-analytics.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; object-src 'self' data: about: https://mpsnare.iesnare.com; img-src 'self' https://www.google-analytics.com;

Request headers

Referer
https://ecom.acimacredit.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 12 May 2020 21:09:03 GMT
content-encoding
gzip
last-modified
Mon, 13 Apr 2020 16:18:24 GMT,Mon, 13 Apr 2020 16:18:24 GMT
server
envoy
vary
Accept-Encoding
content-type
application/javascript
status
200
x-envoy-upstream-service-time
2
content-security-policy
default-src 'self'; font-src 'self' https://fonts.gstatic.com code.ionicframework.com; frame-src 'self' data: about: https://fts.cardconnect.com https://fts.cardconnect.com:8443 https://fts.prinpay.com:6443 https://portal.icheckgateway.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js https://portal.acimacredit.com ; connect-src 'self' ws://localhost:35729 https://api.rollbar.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com code.ionicframework.com https://test-htp.tokenex.com/ https://api.tokenex.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:35729 https://mpsnare.iesnare.com https://www.google-analytics.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; object-src 'self' data: about: https://mpsnare.iesnare.com; img-src 'self' https://www.google-analytics.com;
api-version
0.26.39.f441e53
service_production.js
cc.acimacredit.com/v2/ 		390 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cc.acimacredit.com/v2/service_production.js
Requested by
Host: ecom.acimacredit.com
URL: https://ecom.acimacredit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.69.168.142 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-168-142.us-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
688859df4c1217acc5ca0a8ec635821a2bc09bbafcecb240af2b3e9e72212f76
Security Headers
Name Value
Content-Security-Policy default-src 'self' credit-card.production.acima.io; base-uri credit-card.production.acima.io; connect-src 'self' wss: api.rollbar.com; font-src 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; frame-src 'self' htp.tokenex.com *.prinpay.com:6443 *.icheckgateway.com credit-card.production.acima.io 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' htp.tokenex.com api.rollbar.com credit-card.production.acima.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' credit-card.production.acima.io 'unsafe-eval'
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ecom.acimacredit.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 12 May 2020 21:09:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
content-security-policy-report-only
default-src 'self' credit-card.production.acima.io; base-uri credit-card.production.acima.io; block-all-mixed-content; connect-src 'self' wss: api.rollbar.com; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' htp.tokenex.com fts.prinpay.com:6443 *.icheckgateway.com credit-card.production.acima.io; img-src 'self' data:; object-src 'self'; script-src 'self' htp.tokenex.com api.rollbar.com credit-card.production.acima.io; style-src 'self' 'unsafe-inline' credit-card.production.acima.io; report-uri /csp
status
200
x-envoy-upstream-service-time
8
vary
Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
b3b2e77e-4c69-46f0-ae79-366d52139c7a
x-runtime
0.005005
server
envoy
x-frame-options
sameorigin
x-download-options
noopen
access-control-max-age
1728000
access-control-allow-methods
POST, GET, PUT, PATCH, DELETE, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
content-security-policy
default-src 'self' credit-card.production.acima.io; base-uri credit-card.production.acima.io; connect-src 'self' wss: api.rollbar.com; font-src 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; frame-src 'self' htp.tokenex.com *.prinpay.com:6443 *.icheckgateway.com credit-card.production.acima.io 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' htp.tokenex.com api.rollbar.com credit-card.production.acima.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' credit-card.production.acima.io 'unsafe-eval'
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, Token, Auth-Token, Email, X-User-Token, X-User-Email, x-xsrf-token, ___Intercept
dyn_wdp.js
ecom.acimacredit.com/iojs/5.0.0/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecom.acimacredit.com/iojs/5.0.0/dyn_wdp.js?loaderVer=5.0.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=true
Requested by
Host: ecom.acimacredit.com
URL: https://ecom.acimacredit.com/assets/leaseApp.e94e5b8d27c37dda133f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.69.168.142 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-168-142.us-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
a88f5f4e4a315ddb591443ed51b9d2cd22b67f1db6a53a5e97b482003f70dc15

Request headers

Referer
https://ecom.acimacredit.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 May 2020 21:09:04 GMT
content-encoding
gzip
server
envoy
vary
Accept-Encoding
p3p
CP="NON DSP COR CURa"
status
200
cache-control
no-cache, private
x-envoy-upstream-service-time
12
content-type
text/javascript; charset=utf-8
expires
0
wdp.js
mpsnare.iesnare.com/5.0.0/ 		36 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/5.0.0/wdp.js?loaderVer=5.0.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=true
Requested by
Host: ecom.acimacredit.com
URL: https://ecom.acimacredit.com/assets/leaseApp.e94e5b8d27c37dda133f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.129.74.12 , United States, ASN395492 (IOVATION3, US),
Reverse DNS
mpsnare.iesnare.com
Software
nginx /
Resource Hash
7cc12aeadcc42ade9e12a535f96341c079de1c1378b441c530e813edc46aba9f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://ecom.acimacredit.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 12 May 2020 21:09:04 GMT
Content-Encoding
gzip
Server
nginx
Strict-Transport-Security
max-age=15552000; includeSubDomains
p3p
CP="NON DSP COR CURa"
Cache-Control
no-cache, private
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Expires
0
loading-spinner-34cf53375f840ece721fc985de40d881.gif
ecom.acimacredit.com/assets/ 		51 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ecom.acimacredit.com/assets/loading-spinner-34cf53375f840ece721fc985de40d881.gif
Requested by
Host: ecom.acimacredit.com
URL: https://ecom.acimacredit.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.69.168.142 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-168-142.us-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
bbee24cb8cf3f1cdc8bf2251c22ce5d1a696f17b7370d0003a1ca47c94d82291
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' https://fonts.gstatic.com code.ionicframework.com; frame-src 'self' data: about: https://fts.cardconnect.com https://fts.cardconnect.com:8443 https://fts.prinpay.com:6443 https://portal.icheckgateway.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js https://portal.acimacredit.com ; connect-src 'self' ws://localhost:35729 https://api.rollbar.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com code.ionicframework.com https://test-htp.tokenex.com/ https://api.tokenex.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:35729 https://mpsnare.iesnare.com https://www.google-analytics.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; object-src 'self' data: about: https://mpsnare.iesnare.com; img-src 'self' https://www.google-analytics.com;

Request headers

Referer
https://ecom.acimacredit.com/assets/leaseApp-32bdb68e23a7ef713def.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 12 May 2020 21:09:04 GMT
last-modified
Mon, 13 Apr 2020 16:18:24 GMT,Mon, 13 Apr 2020 16:18:24 GMT
server
envoy
content-type
image/gif
status
200
x-envoy-upstream-service-time
1
content-security-policy
default-src 'self'; font-src 'self' https://fonts.gstatic.com code.ionicframework.com; frame-src 'self' data: about: https://fts.cardconnect.com https://fts.cardconnect.com:8443 https://fts.prinpay.com:6443 https://portal.icheckgateway.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js https://portal.acimacredit.com ; connect-src 'self' ws://localhost:35729 https://api.rollbar.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com code.ionicframework.com https://test-htp.tokenex.com/ https://api.tokenex.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:35729 https://mpsnare.iesnare.com https://www.google-analytics.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; object-src 'self' data: about: https://mpsnare.iesnare.com; img-src 'self' https://www.google-analytics.com;
api-version
0.26.39.f441e53
accept-ranges
bytes
content-length
52250
Iframe-v3.min.js
htp.tokenex.com/Iframe/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://htp.tokenex.com/Iframe/Iframe-v3.min.js
Requested by
Host: cc.acimacredit.com
URL: https://cc.acimacredit.com/v2/service_production.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
147.75.0.207 , United States, ASN35914 (ARMOR-DEFENSE, US),
Reverse DNS
Software
/
Resource Hash
6d32cf084fd4e5d08a3702bb7a59acb50a6e1d3a7c6c3ee070f2e96d6bd6cbdd
Security Headers
Name Value
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ecom.acimacredit.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=60
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 27 Feb 2020 18:34:29 GMT
ETag
"8068988b9cedd51:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Date
Tue, 12 May 2020 21:08:41 GMT
Accept-Ranges
bytes
Content-Length
1883
X-XSS-Protection
1; mode=block
logo.js
mpsnare.iesnare.com/5.0.0/ 		348 B
704 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/5.0.0/logo.js
Requested by
Host: mpsnare.iesnare.com
URL: https://mpsnare.iesnare.com/5.0.0/wdp.js?loaderVer=5.0.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.129.74.12 , United States, ASN395492 (IOVATION3, US),
Reverse DNS
mpsnare.iesnare.com
Software
nginx /
Resource Hash
c163b6d8e693937470ab2428ce1bad5bb46a7704c80dd879cff0a71762d46e0f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://ecom.acimacredit.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 12 May 2020 21:09:04 GMT
Content-Encoding
gzip
Last-Modified
Tue, 06 May 2014 00:01:40 GMT
Server
nginx
Strict-Transport-Security
max-age=15552000; includeSubDomains
p3p
CP="NON DSP COR CURa"
Cache-Control
private
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Expires
Wed, 12 May 2021 21:09:04 GMT
logo.js
ecom.acimacredit.com/iojs/5.0.0/ 		348 B
558 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ecom.acimacredit.com/iojs/5.0.0/logo.js
Requested by
Host: ecom.acimacredit.com
URL: https://ecom.acimacredit.com/assets/leaseApp.e94e5b8d27c37dda133f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.69.168.142 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-168-142.us-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
44b57c4d7d6bbf90adc5895b129aa5fd13346ab23c0507926bafe0042c4a38f4

Request headers

Referer
https://ecom.acimacredit.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 12 May 2020 21:09:04 GMT
content-encoding
gzip
last-modified
Tue, 06 May 2014 00:01:40 GMT
server
envoy
vary
Accept-Encoding
p3p
CP="NON DSP COR CURa"
status
200
cache-control
private
x-envoy-upstream-service-time
10
content-type
text/javascript; charset=utf-8
expires
Wed, 12 May 2021 21:09:04 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| IGLOO number| _rollbarStartTime function| rollbar boolean| _rollbarDidLoad function| _rollbarURH object| __core-js_shared__ object| core object| CreditCardServiceV2 object| TokenEx

1 Cookies

Domain/Path Name / Value
ecom.acimacredit.com/ Name: fp_token_7c6a6574-f011-4c9a-abdd-9894a102ccef
Value: NBIrwTr/qaCIVAtHR/YIO+Fum0XbM1NFXl3zum7ZdTE=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; font-src 'self' https://fonts.gstatic.com code.ionicframework.com; frame-src 'self' data: about: https://fts.cardconnect.com https://fts.cardconnect.com:8443 https://fts.prinpay.com:6443 https://portal.icheckgateway.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js https://portal.acimacredit.com ; connect-src 'self' ws://localhost:35729 https://api.rollbar.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com code.ionicframework.com https://test-htp.tokenex.com/ https://api.tokenex.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:35729 https://mpsnare.iesnare.com https://www.google-analytics.com https://test-htp.tokenex.com/ https://htp.tokenex.com https://cc.acimacredit.com https://cc.acimacredit.com/v2/service_production.js; object-src 'self' data: about: https://mpsnare.iesnare.com; img-src 'self' https://www.google-analytics.com;