urlscan.io logo urlscan.io
SecurityTrails logo

clone-e46cc.web.app Open in urlscan Pro
2620:0:890::100  Public Scan

Go To Rescan Add Verdict Report
URL: https://clone-e46cc.web.app/login
Submission: On January 23 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 1 countries across 5 domains to perform 16 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is clone-e46cc.web.app.
TLS certificate: Issued by GTS CA 1D4 on December 19th 2022. Valid for: 3 months.
This is the only time clone-e46cc.web.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 2620:0:890::100 54113 (FASTLY)
3 99.86.4.122 16509 (AMAZON-02)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2620:0:862:ed... 14907 (WIKIMEDIA)
3 54.186.23.98 16509 (AMAZON-02)
2 2600:9000:211... 16509 (AMAZON-02)
1 54.203.32.168 16509 (AMAZON-02)
16 7
5    2620:0:890::100 (United States)

ASN54113 (FASTLY, US)
clone-e46cc.web.app
3    99.86.4.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-122.fra6.r.cloudfront.net
js.stripe.com
1    2606:4700:20::681a:46c (United States)

ASN13335 (CLOUDFLARENET, US)
pngimg.com
1    2620:0:862:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)
upload.wikimedia.org
3    54.186.23.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-186-23-98.stripe.com
q.stripe.com
2    2600:9000:211a:3000:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
m.stripe.network
1    54.203.32.168 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-203-32-168.us-west-2.compute.amazonaws.com
m.stripe.com
Apex Domain
Subdomains		 Transfer
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 995
q.stripe.com — Cisco Umbrella Rank: 5906
m.stripe.com — Cisco Umbrella Rank: 991
107 KB
5 web.app
clone-e46cc.web.app
295 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1108
16 KB
1 wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2142
33 KB
1 pngimg.com
pngimg.com — Cisco Umbrella Rank: 97350
57 KB
16 5
Domain Requested by
5 clone-e46cc.web.app clone-e46cc.web.app
3 q.stripe.com clone-e46cc.web.app
3 js.stripe.com clone-e46cc.web.app
js.stripe.com
2 m.stripe.network js.stripe.com
m.stripe.network
1 m.stripe.com m.stripe.network
1 upload.wikimedia.org clone-e46cc.web.app
1 pngimg.com clone-e46cc.web.app
16 7

This site contains no links.

Subject Issuer Validity Valid
web.app
GTS CA 1D4		 2022-12-19 -
2023-03-19		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2023-01-10 -
2023-05-10		 4 months crt.sh
*.pngimg.com
GTS CA 1P5		 2022-12-08 -
2023-03-08		 3 months crt.sh
*.wikipedia.org
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-10-27 -
2023-11-17		 a year crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-11-12 -
2023-03-09		 4 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-01-08 -
2023-04-08		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://clone-e46cc.web.app/login
Frame ID: 580F064AF5B120F99B4F84C0B1C754E4
Requests: 8 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Frame ID: 1512C5247C98D2F8D3E9288745CB7978
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 06AD92A8876C84338D8317FACB31DC83
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Amazon Clone

Detected technologies

Overall confidence: 100%
Detected patterns
  • <a[^>]*href=[^>]*/Checkout
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Page Statistics

16
Requests

100 %
HTTPS

57 %
IPv6

5
Domains

7
Subdomains

7
IPs

1
Countries

507 kB
Transfer

1878 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
clone-e46cc.web.app/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://clone-e46cc.web.app/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
74ca813c199de3e9612fa5c36bead8bfd6856d02d6c515b6c14fbeba6e9c0b45
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
br
content-length
1250
content-type
text/html; charset=utf-8
date
Mon, 23 Jan 2023 08:58:34 GMT
etag
"91c5428d8c3bf52459e82a1cdc1437e3a8bea7300bfad5f04a48bd5586693fa7-br"
last-modified
Tue, 13 Apr 2021 02:33:46 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn-etou8220041-HHN
x-timer
S1674464315.741419,VS0,VE102
2.af3ab7ac.chunk.css
clone-e46cc.web.app/static/css/ 		3 KB
970 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://clone-e46cc.web.app/static/css/2.af3ab7ac.chunk.css
Requested by
Host: clone-e46cc.web.app
URL: https://clone-e46cc.web.app/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fffcb339236b7c18b2b75781576d7c4f7f362301f870a31e643571ce4feb5ff0
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://clone-e46cc.web.app/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-served-by
cache-hhn-etou8220041-HHN
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Mon, 23 Jan 2023 08:58:34 GMT
last-modified
Tue, 13 Apr 2021 02:33:46 GMT
x-timer
S1674464315.892164,VS0,VE79
etag
"22b6663a8a3b2a4bef1ea96f4e793f8df01b9b6662b95634e26cdc2d808d184c-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/css; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
839
x-cache-hits
0
main.0a8af315.chunk.css
clone-e46cc.web.app/static/css/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://clone-e46cc.web.app/static/css/main.0a8af315.chunk.css
Requested by
Host: clone-e46cc.web.app
URL: https://clone-e46cc.web.app/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f02d3175a32f27c0aa14dec7b2429d9fd7d47b43ca2de36eb6b0ee0db44cd7c0
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://clone-e46cc.web.app/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-served-by
cache-hhn-etou8220041-HHN
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Mon, 23 Jan 2023 08:58:35 GMT
last-modified
Tue, 13 Apr 2021 02:33:46 GMT
x-timer
S1674464315.892380,VS0,VE151
etag
"d53ab33867f40dd1047e406cc1f3b1ec4e4d77bdd64f937d6526e3792b41371b-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/css; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1287
x-cache-hits
0
2.8ebc0869.chunk.js
clone-e46cc.web.app/static/js/ 		1 MB
286 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://clone-e46cc.web.app/static/js/2.8ebc0869.chunk.js
Requested by
Host: clone-e46cc.web.app
URL: https://clone-e46cc.web.app/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0f83a72000d39b1399e30a35ef6ba8462871b5436fffb26266f02040af204a3c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://clone-e46cc.web.app/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-served-by
cache-hhn-etou8220041-HHN
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Mon, 23 Jan 2023 08:58:35 GMT
last-modified
Tue, 13 Apr 2021 02:33:46 GMT
x-timer
S1674464315.892396,VS0,VE161
etag
"878b76c917298add9ee5d34d80e86032863fc041d061d37842972ef83987f632-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
292478
x-cache-hits
0
main.e9521db8.chunk.js
clone-e46cc.web.app/static/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://clone-e46cc.web.app/static/js/main.e9521db8.chunk.js
Requested by
Host: clone-e46cc.web.app
URL: https://clone-e46cc.web.app/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7713ccea2792856808125827bc305813139d9e71b3c8bc0ac46c807ed84a05c6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://clone-e46cc.web.app/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-served-by
cache-hhn-etou8220041-HHN
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Mon, 23 Jan 2023 08:58:34 GMT
last-modified
Tue, 13 Apr 2021 02:33:46 GMT
x-timer
S1674464315.892649,VS0,VE81
etag
"2c3faabc43cdf681c501fe7c58d5d9e99f3d4aef206accf3489220830990b8a9-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
4802
x-cache-hits
0
v3
js.stripe.com/ 		424 KB
102 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: clone-e46cc.web.app
URL: https://clone-e46cc.web.app/static/js/2.8ebc0869.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-122.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
6019856b015413b6d3621f287c253f07882d15c61122ef73fc6c50904b91b587
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://clone-e46cc.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Mon, 23 Jan 2023 08:58:32 GMT
via
1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
22
x-cache
Hit from cloudfront
last-modified
Fri, 20 Jan 2023 20:18:17 GMT
server
Cloudfront
etag
W/"4d9ee149b04fe346bd553602e4ac11d0"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
hgyAEpTWtukCFzvBQcavM3nj820f92irtmGNWs6GCkVSnSODbiXSLQ==
amazon_PNG11.png
pngimg.com/uploads/amazon/ 		56 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pngimg.com/uploads/amazon/amazon_PNG11.png
Requested by
Host: clone-e46cc.web.app
URL: https://clone-e46cc.web.app/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:46c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7085c148bb5a5060616dbaacdb8954af2ebb46d80b8e69ad5aad0766ae0778ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://clone-e46cc.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 23 Jan 2023 08:58:35 GMT
cf-cache-status
REVALIDATED
last-modified
Mon, 25 Mar 2019 12:21:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"e093"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0CGVUN0H%2FANSWzOCzdhr1qEiTaXtbmrvFMqnknXDJHE9KAgma8xSxw%2FwEgY2BD%2BmmNiT9GfZWvoLn6eGcnVbTPJz7l1RkWFUyLCVlBasDVEqk4OiXzLpZRbH4bD4wFJaz%2FHlXRBvl88%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=1800
accept-ranges
bytes
cf-ray
78df5412dc0c918c-FRA
content-length
57491
1024px-Amazon_logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/a/a9/Amazon_logo.svg/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.wikimedia.org/wikipedia/commons/thumb/a/a9/Amazon_logo.svg/1024px-Amazon_logo.svg.png
Requested by
Host: clone-e46cc.web.app
URL: https://clone-e46cc.web.app/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
ATS/9.1.3 /
Resource Hash
0abf08fd5e92475c99c44c9a2fccdfa284ae4d74785384ad45a125ea23897901
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://clone-e46cc.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sun, 22 Jan 2023 17:09:52 GMT
strict-transport-security
max-age=106384710; includeSubDomains; preload
nel
{ "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age
56922
x-cache-status
hit-front
x-cache
cp3065 hit, cp3061 hit/14
content-disposition
inline;filename*=UTF-8''Amazon_logo.svg.png
server-timing
cache;desc="hit-front", host;desc="cp3061"
content-length
32535
x-client-ip
2001:1b60:1010:2:1012:5d53:8b4c:e219
last-modified
Mon, 11 Apr 2022 04:17:33 GMT
server
ATS/9.1.3
accept-ch
Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
etag
17030a9d7784c974d9babfd119f68bb7
report-to
{ "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
permissions-policy
interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
accept-ranges
bytes
timing-allow-origin
*
m-outer-93afeeb17bc37e711759584dbfc50d47.html
js.stripe.com/v3/ Frame 1512 		200 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-122.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://clone-e46cc.web.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
663
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 23 Jan 2023 08:47:33 GMT
etag
"93afeeb17bc37e711759584dbfc50d47"
last-modified
Fri, 13 Jan 2023 19:40:57 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront)
x-amz-cf-id
nNSNxfZec2OoJCWVno_MXF04VrBkNaednimFZbAknM7U_S8UECZeRQ==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
csp-report
q.stripe.com/ Frame 1512 		0
600 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: clone-e46cc.web.app
URL: https://clone-e46cc.web.app/login
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 23 Jan 2023 08:58:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame 1512 		0
600 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: clone-e46cc.web.app
URL: https://clone-e46cc.web.app/login
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 23 Jan 2023 08:58:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
2
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
m-outer-8cb24ab2d649fd36a488d04d8c457933.js
js.stripe.com/v3/fingerprinted/js/ Frame 1512 		631 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-122.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Mon, 23 Jan 2023 08:42:44 GMT
x-content-type-options
nosniff
via
1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
955
x-cache
Hit from cloudfront
content-length
631
last-modified
Fri, 13 Jan 2023 19:40:57 GMT
server
Cloudfront
etag
"f8f6a4584135f737b26927596ce6e0a7"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
vZb6EmS02johfXvGfQpT6h_PjM-qrE4T-5kpEtSHo3UEhO6uKNPn7w==
inner.html
m.stripe.network/ Frame 06AD 		930 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:3000:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
285
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 23 Jan 2023 08:57:47 GMT
etag
"fc2e029628f163bb59adc6fa5a31161c"
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-id
cGuVYpqBcZW3rRBiSgietDLsEIvwurnmXY8NaWBlaBMtiQNnJv_ZSw==
x-amz-cf-pop
VIE50-C2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
csp-report
q.stripe.com/ Frame 06AD 		0
375 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: clone-e46cc.web.app
URL: https://clone-e46cc.web.app/login
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/csp-report

Response headers

x-stripe-bg-intended-route-color
green
pragma
no-cache
date
Mon, 23 Jan 2023 08:58:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
server
nginx
cross-origin-opener-policy
same-origin
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
x-robots-tag
none
content-length
0
expires
0
out-4.5.42.js
m.stripe.network/ Frame 06AD 		86 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.42.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:3000:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Mon, 23 Jan 2023 08:58:07 GMT
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
via
1.1 4a5fd700eeb5cfa099084cd70fa5bf54.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C2
etag
W/"21df7244385e5c0bdf32da01d0dad6c0"
age
31
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
x-amz-cf-id
M8PNgW3qeB4WVFwppaGW9FbdJd1LXcOMmPh2I5bzzJvfsspe_Qga2g==
6
m.stripe.com/ Frame 06AD 		156 B
552 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.203.32.168 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-203-32-168.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
18b419b2f94080f4dfdddd867a56e472c555ee2601623c07e2e88de0bf52f7af
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
blue
date
Mon, 23 Jan 2023 08:58:36 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
server
nginx
content-type
application/json;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange object| webpackJsonpamazon-clone number| 2f1acc6c3a606b082e5eef5e54414ffb object| regeneratorRuntime object| webpackChunkStripeJSouter function| Stripe

3 Cookies

Domain/Path Name / Value
m.stripe.com/ Name: m
Value: 58739b1d-7468-4830-ad9a-98c9a36baefe7f4b1c
.clone-e46cc.web.app/ Name: __stripe_mid
Value: da0256fe-950b-404e-bac1-f2497301ed7383e281
.clone-e46cc.web.app/ Name: __stripe_sid
Value: 7d145798-2a25-429a-86c8-41e3fbe73442a30423

2 Console Messages

Source Level URL
Text
security warning URL: https://clone-e46cc.web.app/login
Message:
Mixed Content: The page at 'https://clone-e46cc.web.app/login' was loaded over HTTPS, but requested an insecure element 'http://pngimg.com/uploads/amazon/amazon_PNG11.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload