alpha.edp.security.aws.dev Open in urlscan Pro
44.240.249.124 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://alpha.edp.security.aws.dev/
Submission: On March 11 via automatic, source certstream-suspicious (March 11th 2022, 10:48:25 am UTC) — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 12 HTTP transactions. The main IP is 44.240.249.124, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is alpha.edp.security.aws.dev.
TLS certificate: Issued by Amazon on March 10th 2022. Valid for: a year.

This is the only time alpha.edp.security.aws.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	44.240.249.124 44.240.249.124	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:303... 2606:4700:3033::ac43:d23b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2

11 44.240.249.124 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-249-124.us-west-2.compute.amazonaws.com

alpha.edp.security.aws.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::ac43:d23b (United States)

ASN13335 (CLOUDFLARENET, US)

gate.rapidsec.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	aws.dev alpha.edp.security.aws.dev	3 MB
1	rapidsec.net gate.rapidsec.net — Cisco Umbrella Rank: 113196	655 B
12	2

	Domain	Requested by
11	alpha.edp.security.aws.dev	alpha.edp.security.aws.dev
1	gate.rapidsec.net	alpha.edp.security.aws.dev
12	2

This site contains no links.

Subject Issuer	Validity	Valid
alpha.edp.security.aws.dev Amazon	`2022-03-10` - `2023-04-08`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-28` - `2022-06-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://alpha.edp.security.aws.dev/
Frame ID: 584FA0B437DB301D90F364A9681505D9
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in • Ava Reveal

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

2918 kB
Transfer

9123 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
alpha.edp.security.aws.dev/ 9 KB
4 KB 479ms
161ms Document
text/html 44.240.249.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://alpha.edp.security.aws.dev/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.249.124 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-249-124.us-west-2.compute.amazonaws.com

Software

Resource Hash

39a168a0cdcad2a2fd520944772c208ef4d366751427a111854c14e0833c9c02

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Fri, 11 Mar 2022 10:48:15 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2410
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Content-Security-Policy: default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Content-Security-Policy-Report-Only: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' *.ava.uk; style-src 'self' 'report-sample' 'unsafe-inline' *.ava.uk; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self' data: *.avasecurity.com *.ava.uk; font-src 'self'; connect-src 'self' *.avasecurity.com gate.rapidsec.net *.ava.uk; manifest-src 'self' *.ava.uk *.avasecurity.com; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report;
Etag: "848c8e6dcfe8fff6ff407c585963e2cfaee2ba40"
Expires: 0
Pragma: no-cache
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-Xss-Protection: 1; mode=block

POST
H2 200 3
gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/ 0
655 B 210ms
157ms Other
application/javascript 2606:4700:3033::ac43:d23b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report

Requested by

Host: alpha.edp.security.aws.dev
URL: https://alpha.edp.security.aws.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:d23b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 11 Mar 2022 10:48:15 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
max-age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2F6%2FE%2BJxWZ1cnsBI8Vn695ygc4zH1OYdERQ3RW06cCnsRkQ56AfBSyR0zuSsiGofHb%2FPwaakx6%2FUZD0kJtYJh9L7zLGtz6N7FWpNnvRaKGqWELg8pL37MdSkDUPu60NwOz%2BnaEHd%2BvDHVwxoBVwVhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://alpha.edp.security.aws.dev
vary: Origin
cf-ray: 6ea3b77819d159d1-MXP

GET
H/1.1 200
OK main-13e704936a3147efa03d.css
alpha.edp.security.aws.dev/static/css/ 108 KB
26 KB 162ms
162ms Stylesheet
text/css 44.240.249.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://alpha.edp.security.aws.dev/static/css/main-13e704936a3147efa03d.css

Requested by

Host: alpha.edp.security.aws.dev
URL: https://alpha.edp.security.aws.dev/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.249.124 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-249-124.us-west-2.compute.amazonaws.com

Software

Resource Hash

c78f90968b9ea7e14a72dba592a69fedb32e9cbb8947ca815b2d44a4679e6d1a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://alpha.edp.security.aws.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 11 Mar 2022 10:48:15 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Etag: "d9c20ed437498bccfa4021d102e0a7f83ca1803f"
X-Frame-Options: sameorigin
Connection: keep-alive
Content-Type: text/css; charset=utf-8
Cache-Control: public, max-age=120
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' *.ava.uk; style-src 'self' 'report-sample' 'unsafe-inline' *.ava.uk; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self' data: *.avasecurity.com *.ava.uk; font-src 'self'; connect-src 'self' *.avasecurity.com gate.rapidsec.net *.ava.uk; manifest-src 'self' *.ava.uk *.avasecurity.com; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report;
Content-Length: 25732
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK elm-13e704936a3147efa03d.js Show response
alpha.edp.security.aws.dev/static/js/ 3 MB
846 KB 477ms
163ms Script
text/javascript 44.240.249.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://alpha.edp.security.aws.dev/static/js/elm-13e704936a3147efa03d.js

Requested by

Host: alpha.edp.security.aws.dev
URL: https://alpha.edp.security.aws.dev/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.249.124 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-249-124.us-west-2.compute.amazonaws.com

Software

Resource Hash

440269ddb254e4566797020f20f6ceef0698d8b97b385e0d645cd98dc9ce9ea9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://alpha.edp.security.aws.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 11 Mar 2022 10:48:15 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Etag: "f1b96a80452e527aac9b64a0b3eea82104992f2b"
X-Frame-Options: sameorigin
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, max-age=120
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' *.ava.uk; style-src 'self' 'report-sample' 'unsafe-inline' *.ava.uk; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self' data: *.avasecurity.com *.ava.uk; font-src 'self'; connect-src 'self' *.avasecurity.com gate.rapidsec.net *.ava.uk; manifest-src 'self' *.ava.uk *.avasecurity.com; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report;
Content-Length: 864855
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK main-13e704936a3147efa03d.js Show response
alpha.edp.security.aws.dev/static/js/ 1 MB
581 KB 479ms
164ms Script
text/javascript 44.240.249.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://alpha.edp.security.aws.dev/static/js/main-13e704936a3147efa03d.js

Requested by

Host: alpha.edp.security.aws.dev
URL: https://alpha.edp.security.aws.dev/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.249.124 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-249-124.us-west-2.compute.amazonaws.com

Software

Resource Hash

17267df743fbe271d85f9edbadccb2b399e5b4d1d3d796595b5cfac6bb1bb222

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://alpha.edp.security.aws.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 11 Mar 2022 10:48:15 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Etag: "847dc824e5a375ca633dcbae5d0f5a90df3ed10a"
X-Frame-Options: sameorigin
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, max-age=120
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' *.ava.uk; style-src 'self' 'report-sample' 'unsafe-inline' *.ava.uk; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self' data: *.avasecurity.com *.ava.uk; font-src 'self'; connect-src 'self' *.avasecurity.com gate.rapidsec.net *.ava.uk; manifest-src 'self' *.ava.uk *.avasecurity.com; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report;
Content-Length: 593613
X-Xss-Protection: 1; mode=block

GET
H/1.1 401
Unauthorized status Show response
alpha.edp.security.aws.dev/api/v1/login/ 0
1 KB 163ms
163ms XHR
text/plain 44.240.249.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://alpha.edp.security.aws.dev/api/v1/login/status

Requested by

Host: alpha.edp.security.aws.dev
URL: https://alpha.edp.security.aws.dev/static/js/elm-13e704936a3147efa03d.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.249.124 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-249-124.us-west-2.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://alpha.edp.security.aws.dev/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 11 Mar 2022 10:48:19 GMT
Referrer-Policy: same-origin
X-Frame-Options: sameorigin
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Connection: keep-alive
Content-Security-Policy-Report-Only: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' *.ava.uk; style-src 'self' 'report-sample' 'unsafe-inline' *.ava.uk; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self' data: *.avasecurity.com *.ava.uk; font-src 'self'; connect-src 'self' *.avasecurity.com gate.rapidsec.net *.ava.uk; manifest-src 'self' *.ava.uk *.avasecurity.com; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report;
Content-Length: 0
X-Xss-Protection: 1; mode=block
Expires: 0

GET
H/1.1 200
OK countries.hi.json Show response
alpha.edp.security.aws.dev/static/ 3 MB
943 KB 164ms
164ms XHR
application/json 44.240.249.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://alpha.edp.security.aws.dev/static/countries.hi.json

Requested by

Host: alpha.edp.security.aws.dev
URL: https://alpha.edp.security.aws.dev/static/js/main-13e704936a3147efa03d.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.249.124 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-249-124.us-west-2.compute.amazonaws.com

Software

Resource Hash

55040824808e99cd2879e797f00eaed6cc14428fe2a977d5f80184959abc0cd7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://alpha.edp.security.aws.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 11 Mar 2022 10:48:19 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Etag: "4d6575da20679baac621c8788552259fe59818b7"
X-Frame-Options: sameorigin
Connection: keep-alive
Content-Type: application/json
Cache-Control: public, max-age=120
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' *.ava.uk; style-src 'self' 'report-sample' 'unsafe-inline' *.ava.uk; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self' data: *.avasecurity.com *.ava.uk; font-src 'self'; connect-src 'self' *.avasecurity.com gate.rapidsec.net *.ava.uk; manifest-src 'self' *.ava.uk *.avasecurity.com; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report;
Content-Length: 963950
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK bg-white-waves-dim.jpg
alpha.edp.security.aws.dev/static/img/ 441 KB
237 KB 162ms
162ms Image
image/jpeg 44.240.249.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alpha.edp.security.aws.dev/static/img/bg-white-waves-dim.jpg

Requested by

Host: alpha.edp.security.aws.dev
URL: https://alpha.edp.security.aws.dev/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.249.124 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-249-124.us-west-2.compute.amazonaws.com

Software

Resource Hash

d4de449b868386d7fc5d13cb8520d97816afc51034bf00698acb908af4de5fd8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://alpha.edp.security.aws.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 11 Mar 2022 10:48:19 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Etag: "7905f31ea7ec6d802d198a39d30ccf3d654e9bd7"
X-Frame-Options: sameorigin
Connection: keep-alive
Content-Type: image/jpeg
Cache-Control: public, max-age=120
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' *.ava.uk; style-src 'self' 'report-sample' 'unsafe-inline' *.ava.uk; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self' data: *.avasecurity.com *.ava.uk; font-src 'self'; connect-src 'self' *.avasecurity.com gate.rapidsec.net *.ava.uk; manifest-src 'self' *.ava.uk *.avasecurity.com; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report;
Content-Length: 241401
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK f89e7e0baa09dd94fd9883ef3f61a248.woff2
alpha.edp.security.aws.dev/static/css/ 86 KB
87 KB 322ms
163ms Font
application/x-gzip 44.240.249.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://alpha.edp.security.aws.dev/static/css/f89e7e0baa09dd94fd9883ef3f61a248.woff2

Requested by

Host: alpha.edp.security.aws.dev
URL: https://alpha.edp.security.aws.dev/static/css/main-13e704936a3147efa03d.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.249.124 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-249-124.us-west-2.compute.amazonaws.com

Software

Resource Hash

984d24d2adcddd25dc17a09de7426f55cbc55241c9527d387dad306a2a1e371d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://alpha.edp.security.aws.dev/static/css/main-13e704936a3147efa03d.css
Origin: https://alpha.edp.security.aws.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 11 Mar 2022 10:48:19 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Etag: "87b35f593357f69a8562a1fdbb7560d4f3ec3168"
X-Frame-Options: sameorigin
Connection: keep-alive
Content-Type: application/x-gzip
Cache-Control: public, max-age=120
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' *.ava.uk; style-src 'self' 'report-sample' 'unsafe-inline' *.ava.uk; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self' data: *.avasecurity.com *.ava.uk; font-src 'self'; connect-src 'self' *.avasecurity.com gate.rapidsec.net *.ava.uk; manifest-src 'self' *.ava.uk *.avasecurity.com; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report;
Content-Length: 88123
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK logo-ava-reveal-black.svg
alpha.edp.security.aws.dev/static/img/ 5 KB
3 KB 490ms
163ms Image
image/svg+xml 44.240.249.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alpha.edp.security.aws.dev/static/img/logo-ava-reveal-black.svg

Requested by

Host: alpha.edp.security.aws.dev
URL: https://alpha.edp.security.aws.dev/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.249.124 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-249-124.us-west-2.compute.amazonaws.com

Software

Resource Hash

1ff160246e8ac9eef75454d39ea1e5e3f56433fee43c9fa7c1f114523d3189e0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://alpha.edp.security.aws.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 11 Mar 2022 10:48:20 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Etag: "a077723c5dd92b510726327a0de1aab42562009d"
X-Frame-Options: sameorigin
Connection: keep-alive
Content-Type: image/svg+xml
Cache-Control: public, max-age=120
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' *.ava.uk; style-src 'self' 'report-sample' 'unsafe-inline' *.ava.uk; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self' data: *.avasecurity.com *.ava.uk; font-src 'self'; connect-src 'self' *.avasecurity.com gate.rapidsec.net *.ava.uk; manifest-src 'self' *.ava.uk *.avasecurity.com; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report;
Content-Length: 2009
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK 77859c1dd9731399ecd5e606df00deeb.woff2
alpha.edp.security.aws.dev/static/css/ 93 KB
94 KB 289ms
160ms Font
application/x-gzip 44.240.249.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://alpha.edp.security.aws.dev/static/css/77859c1dd9731399ecd5e606df00deeb.woff2

Requested by

Host: alpha.edp.security.aws.dev
URL: https://alpha.edp.security.aws.dev/static/css/main-13e704936a3147efa03d.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.249.124 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-249-124.us-west-2.compute.amazonaws.com

Software

Resource Hash

cd84b4a355a65990a137c6021fd5e7732b057f40dc8f009b2a91577b769329f1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://alpha.edp.security.aws.dev/static/css/main-13e704936a3147efa03d.css
Origin: https://alpha.edp.security.aws.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 11 Mar 2022 10:48:19 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Etag: "143b801222f5493a6681fdef8c5e37f9f2773dee"
X-Frame-Options: sameorigin
Connection: keep-alive
Content-Type: application/x-gzip
Cache-Control: public, max-age=120
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' *.ava.uk; style-src 'self' 'report-sample' 'unsafe-inline' *.ava.uk; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self' data: *.avasecurity.com *.ava.uk; font-src 'self'; connect-src 'self' *.avasecurity.com gate.rapidsec.net *.ava.uk; manifest-src 'self' *.ava.uk *.avasecurity.com; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report;
Content-Length: 94845
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK f6d88f032abe510eff1cc151a4c7e38e.woff2
alpha.edp.security.aws.dev/static/css/ 93 KB
94 KB 459ms
163ms Font
application/x-gzip 44.240.249.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://alpha.edp.security.aws.dev/static/css/f6d88f032abe510eff1cc151a4c7e38e.woff2

Requested by

Host: alpha.edp.security.aws.dev
URL: https://alpha.edp.security.aws.dev/static/css/main-13e704936a3147efa03d.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.249.124 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-249-124.us-west-2.compute.amazonaws.com

Software

Resource Hash

7f0b064c8c632ae616752c0fca4e205899af226bda23267013a38790b6da6fc9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://alpha.edp.security.aws.dev/static/css/main-13e704936a3147efa03d.css
Origin: https://alpha.edp.security.aws.dev
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 11 Mar 2022 10:48:20 GMT
Content-Encoding: gzip
Referrer-Policy: same-origin
Etag: "f8565b8541ebdaaf61bf736506a986ca15823cd6"
X-Frame-Options: sameorigin
Connection: keep-alive
Content-Type: application/x-gzip
Cache-Control: public, max-age=120
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' *.ava.uk; style-src 'self' 'report-sample' 'unsafe-inline' *.ava.uk; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self' data: *.avasecurity.com *.ava.uk; font-src 'self'; connect-src 'self' *.avasecurity.com gate.rapidsec.net *.ava.uk; manifest-src 'self' *.ava.uk *.avasecurity.com; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri https://gate.rapidsec.net/g/r/csp/8042dc41-1d31-4339-a722-d7c3827b646e/-1/2/3?sdkv=-1.-1.-1_unknown&sct=5df54b54-22a2-4e76-b8a2-deb54c11d854&dpos=report;
Content-Length: 95198
X-Xss-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'report-sample' *.ava.uk".
network	error	URL: https://alpha.edp.security.aws.dev/api/v1/login/status Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alpha.edp.security.aws.dev
gate.rapidsec.net
2606:4700:3033::ac43:d23b
44.240.249.124
17267df743fbe271d85f9edbadccb2b399e5b4d1d3d796595b5cfac6bb1bb222
1ff160246e8ac9eef75454d39ea1e5e3f56433fee43c9fa7c1f114523d3189e0
39a168a0cdcad2a2fd520944772c208ef4d366751427a111854c14e0833c9c02
440269ddb254e4566797020f20f6ceef0698d8b97b385e0d645cd98dc9ce9ea9
55040824808e99cd2879e797f00eaed6cc14428fe2a977d5f80184959abc0cd7
7f0b064c8c632ae616752c0fca4e205899af226bda23267013a38790b6da6fc9
984d24d2adcddd25dc17a09de7426f55cbc55241c9527d387dad306a2a1e371d
c78f90968b9ea7e14a72dba592a69fedb32e9cbb8947ca815b2d44a4679e6d1a
cd84b4a355a65990a137c6021fd5e7732b057f40dc8f009b2a91577b769329f1
d4de449b868386d7fc5d13cb8520d97816afc51034bf00698acb908af4de5fd8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

alpha.edp.security.aws.dev Open in urlscan Pro 44.240.249.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

12 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

2918 kBTransfer

9123 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

alpha.edp.security.aws.dev Open in urlscan Pro
44.240.249.124 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

2918 kB
Transfer

9123 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions