URL: https://waterbill.lincoln.ne.gov/
Submission: On January 05 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 15 HTTP transactions. The main IP is 2620:1ec:46::60, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is waterbill.lincoln.ne.gov.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 06 on December 28th 2021. Valid for: a year.
This is the only time waterbill.lincoln.ne.gov was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 2620:1ec:46::60 8068 (MICROSOFT...)
5 151.101.64.176 54113 (FASTLY)
2 20.150.25.100 8075 (MICROSOFT...)
3 54.187.159.182 16509 (AMAZON-02)
1 52.41.18.135 16509 (AMAZON-02)
15 5
Domain Requested by
4 waterbill.lincoln.ne.gov waterbill.lincoln.ne.gov
3 q.stripe.com waterbill.lincoln.ne.gov
3 js.stripe.com waterbill.lincoln.ne.gov
js.stripe.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 beehivetilcache.blob.core.windows.net waterbill.lincoln.ne.gov
1 m.stripe.com m.stripe.network
15 6

This site contains no links.

Subject Issuer Validity Valid
*.azureedge.net
Microsoft Azure TLS Issuing CA 06
2021-12-28 -
2022-12-23
a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA
2021-10-21 -
2022-02-02
3 months crt.sh
*.blob.core.windows.net
Microsoft RSA TLS CA 01
2021-11-17 -
2022-11-17
a year crt.sh
*.stripe.com
DigiCert SHA2 Secure Server CA
2021-09-08 -
2022-09-07
a year crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1
2021-10-20 -
2022-02-02
3 months crt.sh

This page contains 3 frames:

Primary Page: https://waterbill.lincoln.ne.gov/
Frame ID: CD82EC6AE65510A32AB83FD7822B7500
Requests: 7 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-fd3c67f2efa9f22f2ecd16b13f2a7fb3.html
Frame ID: 86B0B03488784B999858AB438CFEF380
Requests: 3 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 7A6E89156714453325C2B10692BCC52E
Requests: 5 HTTP requests in this frame

Screenshot

Page Title

React App

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Page Statistics

15
Requests

73 %
HTTPS

20 %
IPv6

4
Domains

6
Subdomains

5
IPs

1
Countries

536 kB
Transfer

1395 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
waterbill.lincoln.ne.gov/
2 KB
1 KB
Document
General
Full URL
https://waterbill.lincoln.ne.gov/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
9efe2393404b2722aac74d98086747ef260a044b92df73639d657d50c7dea893

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html
content-encoding
br
content-md5
fTALYVoaTurfi7T3U65ddg==
last-modified
Tue, 04 Jan 2022 21:05:28 GMT
accept-ranges
bytes
etag
"0x8D9CFC5EFB738D3"
server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-cache
TCP_MISS
x-ms-request-id
c53700c4-601e-001b-6f7a-02a9b4000000
x-ms-version
2018-03-28
x-xcachep2c-rawcontentlength
2235
x-azure-ref-originshield
00wzWYQAAAABUNYAsKH/IR7W35BKkD1VZTE9OMjFFREdFMDIwOABkODYzNDA0OS0wMjU5LTQ3NWItODkxMy05NGZiMGYwNGFkMmU=
x-azure-ref
00wzWYQAAAAB05G9R8A1pRrtbke9LFdIaRlJBRURHRTEwMTEAZDg2MzQwNDktMDI1OS00NzViLTg5MTMtOTRmYjBmMDRhZDJl
date
Wed, 05 Jan 2022 21:25:38 GMT
main.0a4605a2.chunk.css
waterbill.lincoln.ne.gov/static/css/
8 KB
3 KB
Stylesheet
General
Full URL
https://waterbill.lincoln.ne.gov/static/css/main.0a4605a2.chunk.css
Requested by
Host: waterbill.lincoln.ne.gov
URL: https://waterbill.lincoln.ne.gov/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
dace4fdb6798c405cdce9117e826e093cdbb365009d094183a964b197aaa2027

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://waterbill.lincoln.ne.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 05 Jan 2022 21:25:39 GMT
content-encoding
br
x-xcachep2c-rawcontentlength
7758
last-modified
Tue, 04 Jan 2022 21:05:28 GMT
server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-md5
o1x+1zRnc9uo+WaICapbmw==
etag
"0x8D9CFC5EFB9D085"
x-azure-ref
00wzWYQAAAADOqlZxTs9xTbO06jO+WcJsRlJBRURHRTEwMTEAZDg2MzQwNDktMDI1OS00NzViLTg5MTMtOTRmYjBmMDRhZDJl
x-cache
TCP_MISS
content-type
text/css
x-ms-request-id
2ac7a9ac-b01e-0074-427a-020160000000
x-ms-version
2018-03-28
x-azure-ref-originshield
00wzWYQAAAADI38QfYa6MT7AJIGqvArq5TE9OMjFFREdFMDIwOABkODYzNDA0OS0wMjU5LTQ3NWItODkxMy05NGZiMGYwNGFkMmU=
accept-ranges
bytes
2.3b6ccbda.chunk.js
waterbill.lincoln.ne.gov/static/js/
708 KB
158 KB
Script
General
Full URL
https://waterbill.lincoln.ne.gov/static/js/2.3b6ccbda.chunk.js
Requested by
Host: waterbill.lincoln.ne.gov
URL: https://waterbill.lincoln.ne.gov/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
8d61099a1a16a0512fc10ef593b385f4b4b4d569c97127182c689f1494171791

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://waterbill.lincoln.ne.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 05 Jan 2022 21:25:39 GMT
content-encoding
br
x-xcachep2c-rawcontentlength
725260
last-modified
Tue, 04 Jan 2022 21:05:29 GMT
server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-md5
LWsBjqkLzlLaVfj+7cSDFA==
etag
"0x8D9CFC5F00E2598"
x-azure-ref
00wzWYQAAAAChOXk/fuECQ6jhX27ThC+FRlJBRURHRTEwMTEAZDg2MzQwNDktMDI1OS00NzViLTg5MTMtOTRmYjBmMDRhZDJl
x-cache
TCP_MISS
content-type
application/javascript
x-ms-request-id
81bc6cef-301e-0065-5c7a-02367b000000
x-ms-version
2018-03-28
x-azure-ref-originshield
00wzWYQAAAACYasvQekKiQZTY6KjW8A88TE9OMjFFREdFMTUxOABkODYzNDA0OS0wMjU5LTQ3NWItODkxMy05NGZiMGYwNGFkMmU=
accept-ranges
bytes
main.91bffcbc.chunk.js
waterbill.lincoln.ne.gov/static/js/
38 KB
8 KB
Script
General
Full URL
https://waterbill.lincoln.ne.gov/static/js/main.91bffcbc.chunk.js
Requested by
Host: waterbill.lincoln.ne.gov
URL: https://waterbill.lincoln.ne.gov/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
71c324ca77d478a809c5e64e2c86d61e22d1c39e73116195acf5f1fec8738549

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://waterbill.lincoln.ne.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 05 Jan 2022 21:25:39 GMT
content-encoding
br
x-xcachep2c-rawcontentlength
38909
last-modified
Tue, 04 Jan 2022 21:05:28 GMT
server
Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-md5
A7BgDmY8BXySPwwzPb9BOQ==
etag
"0x8D9CFC5EFBEB1CD"
x-azure-ref
00wzWYQAAAAB7+uvYWexYTIUC6XL8Q/ytRlJBRURHRTEwMTEAZDg2MzQwNDktMDI1OS00NzViLTg5MTMtOTRmYjBmMDRhZDJl
x-cache
TCP_MISS
content-type
application/javascript
x-ms-request-id
d4cff210-901e-004a-467a-02b741000000
x-ms-version
2018-03-28
x-azure-ref-originshield
00wzWYQAAAADFa7L3vEfXSoY3C66Z8+xSTE9OMjFFREdFMDExMABkODYzNDA0OS0wMjU5LTQ3NWItODkxMy05NGZiMGYwNGFkMmU=
accept-ranges
bytes
v3
js.stripe.com/
270 KB
65 KB
Script
General
Full URL
https://js.stripe.com/v3
Requested by
Host: waterbill.lincoln.ne.gov
URL: https://waterbill.lincoln.ne.gov/static/js/2.3b6ccbda.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
cb0c739620d5f491d4661814755d75aa871f7e3af33f5b1ce887a0356894fa70
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://waterbill.lincoln.ne.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
age
60
x-cache
HIT
content-length
66288
etag
"7d0b562b3525b5fed81c3b29652759aa"
x-request-id
aca6f99e-3e4b-4ec3-9943-ba9fae3b1bae
x-served-by
cache-cdg20762-CDG
access-control-allow-origin
*
last-modified
Wed, 05 Jan 2022 20:31:14 GMT
server
Fastly
date
Wed, 05 Jan 2022 21:25:41 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
18
Background.jpg
beehivetilcache.blob.core.windows.net/staticassets/B2C/NE_Lincoln/
268 KB
269 KB
Image
General
Full URL
https://beehivetilcache.blob.core.windows.net/staticassets/B2C/NE_Lincoln/Background.jpg
Requested by
Host: waterbill.lincoln.ne.gov
URL: https://waterbill.lincoln.ne.gov/static/css/main.0a4605a2.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.25.100 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
efe4ee70789a6dfa7710db44fd17c4f3f886773ae90c3561b03edef59a9dfef4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://waterbill.lincoln.ne.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Wed, 05 Jan 2022 21:25:41 GMT
Last-Modified
Fri, 19 Nov 2021 20:54:59 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
WFwI0YcGkj5Ez4rh2kl1+g==
ETag
0x8D9AB9ED97F9E71
Vary
Origin
Content-Type
image/jpeg
x-ms-request-id
b47825e6-a01e-0028-637a-02194c000000
x-ms-version
2009-09-19
Content-Length
274721
Logo.svg
beehivetilcache.blob.core.windows.net/staticassets/B2C/NE_Lincoln/
12 KB
12 KB
Image
General
Full URL
https://beehivetilcache.blob.core.windows.net/staticassets/B2C/NE_Lincoln/Logo.svg
Requested by
Host: waterbill.lincoln.ne.gov
URL: https://waterbill.lincoln.ne.gov/quickpay
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.25.100 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
b8f41d5cfb85299177f2eab05c9329745e65c609834097752ac68f668b8e071d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://waterbill.lincoln.ne.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Wed, 05 Jan 2022 21:25:40 GMT
Last-Modified
Fri, 19 Nov 2021 20:54:59 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
WoHMQ30cmwgPWdJrnJoGVg==
ETag
0x8D9AB9ED9731D21
Vary
Origin
Content-Type
image/svg+xml
x-ms-request-id
fc260222-201e-0009-577a-023d37000000
x-ms-version
2009-09-19
Content-Length
12334
m-outer-fd3c67f2efa9f22f2ecd16b13f2a7fb3.html
js.stripe.com/v3/ Frame 86B0
240 B
538 B
Document
General
Full URL
https://js.stripe.com/v3/m-outer-fd3c67f2efa9f22f2ecd16b13f2a7fb3.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
f5b3f1b9deff0b138c2506741a71c40f93ac85a02d45f017eac6fb92b3ff5b50
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://waterbill.lincoln.ne.gov/

Response headers

last-modified
Thu, 23 Dec 2021 18:50:06 GMT
etag
"fd3c67f2efa9f22f2ecd16b13f2a7fb3"
content-type
text/html; charset=utf-8
content-security-policy
default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
access-control-allow-origin
*
server
Fastly
content-encoding
br
accept-ranges
bytes
date
Wed, 05 Jan 2022 21:25:42 GMT
via
1.1 varnish
age
101
x-request-id
bc46f72e-a5ca-41c3-9ff2-6cb7780cf179
x-served-by
cache-cdg20762-CDG
x-cache
HIT
x-cache-hits
154
vary
Accept-Encoding
timing-allow-origin
*
cache-control
max-age=60
content-length
140
csp-report
q.stripe.com/ Frame 86B0
0
348 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: waterbill.lincoln.ne.gov
URL: https://waterbill.lincoln.ne.gov/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://js.stripe.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 05 Jan 2022 21:25:42 GMT
server
nginx
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
x-envoy-upstream-service-time
69
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length
0
m-outer-35486fb0f96ff904df60da905ccd0cda.js
js.stripe.com/v3/fingerprinted/js/ Frame 86B0
1 KB
774 B
Script
General
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-35486fb0f96ff904df60da905ccd0cda.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-fd3c67f2efa9f22f2ecd16b13f2a7fb3.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-fd3c67f2efa9f22f2ecd16b13f2a7fb3.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
age
65
x-cache
HIT
content-length
645
etag
"5213886b88cd72e6d0aebc89868e5d13"
x-request-id
55896a1e-ad2a-4fa0-a446-e37e7589dab4
x-served-by
cache-cdg20762-CDG
access-control-allow-origin
*
last-modified
Thu, 23 Dec 2021 18:49:59 GMT
server
Fastly
date
Wed, 05 Jan 2022 21:25:42 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
96
inner.html
m.stripe.network/ Frame 7A6E
932 B
1 KB
Document
General
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-35486fb0f96ff904df60da905ccd0cda.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd
Security Headers
Name Value
Content-Security-Policy connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://js.stripe.com/

Response headers

content-type
text/html; charset=utf-8
cache-control
max-age=300, public
content-security-policy
connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
server
Fastly
content-encoding
gzip
accept-ranges
bytes
date
Wed, 05 Jan 2022 21:25:42 GMT
via
1.1 varnish
age
68
x-request-id
2d5686cd-f630-46f1-90c8-6351cb4c423b
x-served-by
cache-cdg20762-CDG
x-cache
HIT
x-cache-hits
80
x-timer
S1641417942.346473,VS0,VE0
vary
Accept-Encoding, Origin
content-length
528
csp-report
q.stripe.com/ Frame 7A6E
0
121 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: waterbill.lincoln.ne.gov
URL: https://waterbill.lincoln.ne.gov/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://m.stripe.network/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 05 Jan 2022 21:25:42 GMT
x-envoy-upstream-service-time
83
server
nginx
content-length
0
strict-transport-security
max-age=31556926; includeSubDomains; preload
csp-report
q.stripe.com/ Frame 7A6E
0
121 B
Other
General
Full URL
https://q.stripe.com/csp-report
Requested by
Host: waterbill.lincoln.ne.gov
URL: https://waterbill.lincoln.ne.gov/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://m.stripe.network/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 05 Jan 2022 21:25:42 GMT
x-envoy-upstream-service-time
70
server
nginx
content-length
0
strict-transport-security
max-age=31556926; includeSubDomains; preload
out-4.5.41.js
m.stripe.network/ Frame 7A6E
85 KB
16 KB
Script
General
Full URL
https://m.stripe.network/out-4.5.41.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
98
x-cache
HIT
content-length
15786
x-request-id
d19521bd-49b8-4f16-9019-78eab53f741a
x-served-by
cache-cdg20762-CDG
server
Fastly
x-timer
S1641417942.375192,VS0,VE0
date
Wed, 05 Jan 2022 21:25:42 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=utf-8
via
1.1 varnish
cache-control
max-age=300, public
accept-ranges
bytes
x-cache-hits
104
6
m.stripe.com/ Frame 7A6E
156 B
523 B
XHR
General
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.41.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.41.18.135 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-41-18-135.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
7fccaa11bb4ba92ef2ae477020abe4c3a3ca3baf1e3207d6dc27ecb5529430ed
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 05 Jan 2022 21:25:42 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-type
application/json;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| webpackJsonppayment-portal object| regeneratorRuntime function| setImmediate function| clearImmediate object| __webpackStripeJSv3Jsonp function| Stripe

3 Cookies

Domain/Path Name / Value
m.stripe.com/ Name: m
Value: 67432f57-f1ea-4379-986e-316b35f10d73475ef3
.waterbill.lincoln.ne.gov/ Name: __stripe_mid
Value: 068e7b20-5545-4865-84f3-673ee2ea37422d66fa
.waterbill.lincoln.ne.gov/ Name: __stripe_sid
Value: 9f312eb1-1907-4909-b370-83db6a182a033f1fae

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src https://m.stripe.network 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='".