ngdp-payment-widget-poc-development.ohsdigital.io Open in urlscan Pro
54.174.214.2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ngdp-payment-widget-poc-development.ohsdigital.io/
Submission: On January 30 via automatic, source certstream-suspicious (January 30th 2024, 4:11:24 pm UTC) — Scanned from DE

Summary HTTP 28 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 28 HTTP transactions. The main IP is 54.174.214.2, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is ngdp-payment-widget-poc-development.ohsdigital.io.
TLS certificate: Issued by R3 on January 30th 2024. Valid for: 3 months.

This is the only time ngdp-payment-widget-poc-development.ohsdigital.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	54.174.214.2 54.174.214.2	14618 (AMAZON-AES) (AMAZON-AES)
2	52.217.106.204 52.217.106.204	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
5	151.101.64.176 151.101.64.176	54113 (FASTLY) (FASTLY)
3	52.0.172.220 52.0.172.220	14618 (AMAZON-AES) (AMAZON-AES)
3	54.187.119.242 54.187.119.242	16509 (AMAZON-02) (AMAZON-02)
1	34.208.13.71 34.208.13.71	16509 (AMAZON-02) (AMAZON-02)
28	8

12 54.174.214.2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-174-214-2.compute-1.amazonaws.com

ngdp-payment-widget-poc-development.ohsdigital.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.217.106.204 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

payment-hub-widget-dev.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.64.176 (United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.0.172.220 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-172-220.compute-1.amazonaws.com

uat-ohs-payment-hub.oncoursehome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.208.13.71 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-208-13-71.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	ohsdigital.io ngdp-payment-widget-poc-development.ohsdigital.io	185 KB
7	stripe.com js.stripe.com — Cisco Umbrella Rank: 1227 q.stripe.com — Cisco Umbrella Rank: 7010 m.stripe.com — Cisco Umbrella Rank: 1188	167 KB
3	oncoursehome.com uat-ohs-payment-hub.oncoursehome.com	585 B
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1315	16 KB
2	amazonaws.com payment-hub-widget-dev.s3.amazonaws.com	438 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	1 KB
28	6

	Domain	Requested by
12	ngdp-payment-widget-poc-development.ohsdigital.io	ngdp-payment-widget-poc-development.ohsdigital.io
3	q.stripe.com	ngdp-payment-widget-poc-development.ohsdigital.io
3	uat-ohs-payment-hub.oncoursehome.com	payment-hub-widget-dev.s3.amazonaws.com
3	js.stripe.com	payment-hub-widget-dev.s3.amazonaws.com js.stripe.com
2	m.stripe.network	js.stripe.com m.stripe.network
2	payment-hub-widget-dev.s3.amazonaws.com	ngdp-payment-widget-poc-development.ohsdigital.io
1	m.stripe.com	m.stripe.network
1	fonts.googleapis.com	client
28	8

This site contains no links.

Subject Issuer	Validity	Valid
ngdp-payment-widget-poc-development.ohsdigital.io R3	`2024-01-30` - `2024-04-29`	3 months	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-10-10` - `2024-07-03`	9 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-01-02` - `2024-04-04`	3 months	crt.sh
*.oncoursehome.com Go Daddy Secure Certificate Authority - G2	`2023-05-25` - `2024-06-23`	a year	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-12-20` - `2024-03-21`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-22` - `2024-03-21`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://ngdp-payment-widget-poc-development.ohsdigital.io/
Frame ID: 72727AEB4EA1C552A61012168F6C06BB
Requests: 18 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 82084EA4CF10F27A55E0DEEC54258A05
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: E93FBCBFD35E1A103566CC8B47ED964A
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

NGDP Stripe POC

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Page Statistics

28
Requests

96 %
HTTPS

14 %
IPv6

6
Domains

8
Subdomains

8
IPs

2
Countries

808 kB
Transfer

1732 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ngdp-payment-widget-poc-development.ohsdigital.io/ 10 KB
4 KB 419ms
131ms Document
text/html 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

/ Next.js

Resource Hash

1cecedba226e60dd3ebf1e31e0171d72bb651edc90015be255e8e44683572f0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: s-maxage=31536000, stale-while-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 30 Jan 2024 16:11:19 GMT
etag: "bfple41evq7ix"
strict-transport-security: max-age=15724800; includeSubDomains
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url, Accept-Encoding
x-nextjs-cache: HIT
x-powered-by: Next.js

GET
H2 200 3534416bbfdcc9be-s.p.woff2
ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/media/ 24 KB
24 KB 130ms
130ms Font
font/woff2 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/media/3534416bbfdcc9be-s.p.woff2

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

Resource Hash

ec77738d9e8ae43b942aad4d6f555ddac5cc5476bb982d7efdcabccf20ca7c6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
Origin: https://ngdp-payment-widget-poc-development.ohsdigital.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 16:11:19 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 30 Jan 2024 15:56:17 GMT
etag: W/"5ed4-18d5b15e21e"
content-type: font/woff2
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
content-length: 24276

GET
H2 200 3b58d28d020ac0c4.css
ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/css/ 98 KB
15 KB 129ms
129ms Stylesheet
text/css 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/css/3b58d28d020ac0c4.css

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

Resource Hash

e97ac9ef07fb45db937faab5eafe97051d221b042f7a6bf02d0431d28cbe7575

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
Origin: https://ngdp-payment-widget-poc-development.ohsdigital.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 16:11:19 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 30 Jan 2024 15:56:17 GMT
etag: W/"188e2-18d5b15e21e"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes

GET
H2 200 webpack-2b03a0748c75a497.js Show response
ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/ 3 KB
2 KB 358ms
357ms Script
application/javascript 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/webpack-2b03a0748c75a497.js

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

Resource Hash

1aa32769099af73f53780248f9fb723275435b0c23cc61cf36a2c04dfaeedcfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
Origin: https://ngdp-payment-widget-poc-development.ohsdigital.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 16:11:19 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 30 Jan 2024 15:56:17 GMT
etag: W/"d88-18d5b15e21e"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes

GET
H2 200 fd9d1056-7c7a2a6d64a5e23e.js Show response
ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/ 168 KB
53 KB 363ms
361ms Script
application/javascript 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/fd9d1056-7c7a2a6d64a5e23e.js

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

Resource Hash

5f0f5ae2b4ee1c48ab9be4af79fa77d891930bdc375b74a7f77909edc05d0d43

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
Origin: https://ngdp-payment-widget-poc-development.ohsdigital.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 16:11:19 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 30 Jan 2024 15:56:17 GMT
etag: W/"29f7e-18d5b15e21e"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes

GET
H2 200 938-14883ecfff404ead.js Show response
ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/ 102 KB
26 KB 362ms
361ms Script
application/javascript 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/938-14883ecfff404ead.js

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

Resource Hash

6f9e2a2f2011cd201ede6582cdd1993d7fdd6c355f3d9246a55ec62bb04d62ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
Origin: https://ngdp-payment-widget-poc-development.ohsdigital.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 16:11:19 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 30 Jan 2024 15:56:17 GMT
etag: W/"1980f-18d5b15e21a"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes

GET
H2 200 main-app-857f45503ab14ec1.js Show response
ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/ 463 B
722 B 360ms
359ms Script
application/javascript 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/main-app-857f45503ab14ec1.js

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

Resource Hash

c79126e1e10a63aa04af7dfe0d78e33bd39e937bb6c55e169db273d8cd3762d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
Origin: https://ngdp-payment-widget-poc-development.ohsdigital.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 16:11:19 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 30 Jan 2024 15:56:17 GMT
etag: W/"1cf-18d5b15e21e"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
content-length: 463

GET
H2 200 8e1d74a4-5a46b553315cb5d1.js Show response
ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/ 478 B
737 B 359ms
358ms Script
application/javascript 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/8e1d74a4-5a46b553315cb5d1.js

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

Resource Hash

f30d614b658f585cd970e8e0b5415c2fab29464e436007e61160f1913915565f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 16:11:19 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 30 Jan 2024 15:56:17 GMT
etag: W/"1de-18d5b15e21a"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
content-length: 478

GET
H2 200 82240af4-1b1fbd8dda020111.js Show response
ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/ 5 KB
1 KB 359ms
358ms Script
application/javascript 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/82240af4-1b1fbd8dda020111.js

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

Resource Hash

47ecf90a26afa6beee9952c5b39374b8c9044aaaf69c67748b62fa3cd76ec72e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 16:11:19 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 30 Jan 2024 15:56:17 GMT
etag: W/"14b9-18d5b15e21a"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes

GET
H2 200 8bbc9ccd-beac080f3d654d24.js Show response
ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/ 597 B
856 B 362ms
362ms Script
application/javascript 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/8bbc9ccd-beac080f3d654d24.js

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

Resource Hash

b08765ccaa8a8754ee84b3b6c0750111f820f1614db463bff6172371a643e957

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 16:11:19 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 30 Jan 2024 15:56:17 GMT
etag: W/"255-18d5b15e21a"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
content-length: 597

GET
H2 200 151-996f0446719bc704.js Show response
ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/ 195 KB
54 KB 545ms
545ms Script
application/javascript 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/151-996f0446719bc704.js

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

Resource Hash

a04495a3a55758df22b3ba43ecbde9a5c2c16cdd208a265019f1ab831c2421a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 16:11:19 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 30 Jan 2024 15:56:17 GMT
etag: W/"30ab7-18d5b15e21a"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes

GET
H2 200 page-77418985104d3cb6.js Show response
ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/app/ 8 KB
3 KB 522ms
522ms Script
application/javascript 54.174.214.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/app/page-77418985104d3cb6.js

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.174.214.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-214-2.compute-1.amazonaws.com

Software

Resource Hash

569c8d4a7c147fdf7c8e96beddc603fc54e1520f253ce2c4cfd1bce3ec3d7468

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 16:11:19 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 30 Jan 2024 15:56:17 GMT
etag: W/"21b5-18d5b15e21a"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes

GET
H/1.1 200
OK payment-hub-widget-v15.js Show response
payment-hub-widget-dev.s3.amazonaws.com/ 219 KB
219 KB 417ms
161ms Script
application/javascript 52.217.106.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://payment-hub-widget-dev.s3.amazonaws.com/payment-hub-widget-v15.js
Requested by: Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/app/page-77418985104d3cb6.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.106.204 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 924c7b45dfcbd897280c3e87592895494a87eedabfcad6127cce006ac0f09a8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Tue, 30 Jan 2024 16:11:21 GMT
Last-Modified: Wed, 17 Jan 2024 15:48:44 GMT
Server: AmazonS3
x-amz-request-id: 99ZTSWM388BQW6YG
ETag: "306865f84f6d4134e35db7aca8f4391c"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 224032
x-amz-id-2: SAuNYx+U6ePQX5bn9qJlvFyWivCAbP6lxNw0BK2pWRNJjjSZ+C6Jp0Xffj9OjJjppTQoFO+O5kg=

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
1 KB 269ms
66ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 30 Jan 2024 16:11:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 30 Jan 2024 14:18:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Jan 2024 16:11:21 GMT

GET
H2 200 v3 Show response
js.stripe.com/ 587 KB
163 KB 94ms
28ms Script
text/javascript 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: payment-hub-widget-dev.s3.amazonaws.com
URL: https://payment-hub-widget-dev.s3.amazonaws.com/payment-hub-widget-v15.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

4984498a86b38efed4dad9ee261067e2fe701e0e736162d7a39c38533387bff8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 30 Jan 2024 16:11:20 GMT
via: 1.1 varnish
age: 53
x-cache: HIT
content-length: 166845
x-request-id: 41aaaa4f-cb3a-402f-87c7-7f12e9cae837
x-served-by: cache-fra-eddf8230034-FRA
last-modified: Mon, 29 Jan 2024 21:43:28 GMT
server: Fastly
etag: "8cf1be8e46d969fc6486a347bb4f7aed"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 36

GET
H/1.1 200
OK payment-hub-widget-v15.js Show response
payment-hub-widget-dev.s3.amazonaws.com/ 219 KB
219 KB 132ms
132ms Script
application/javascript 52.217.106.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://payment-hub-widget-dev.s3.amazonaws.com/payment-hub-widget-v15.js
Requested by: Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/_next/static/chunks/app/page-77418985104d3cb6.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.106.204 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 924c7b45dfcbd897280c3e87592895494a87eedabfcad6127cce006ac0f09a8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Tue, 30 Jan 2024 16:11:21 GMT
Last-Modified: Wed, 17 Jan 2024 15:48:44 GMT
Server: AmazonS3
x-amz-request-id: 99ZXFDV7FZMB4MYN
ETag: "306865f84f6d4134e35db7aca8f4391c"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 224032
x-amz-id-2: OA0sMbrW7GXWu5TWLt/mF3o2DgLr3jrDhCTyUwZh4vboFA/MTjsaff9vCxW3FinVuId5BHWDCaM=

POST
H2 200 generate-token Show response
uat-ohs-payment-hub.oncoursehome.com/ 245 B
585 B 1566ms
1566ms XHR
application/json 52.0.172.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://uat-ohs-payment-hub.oncoursehome.com/generate-token

Requested by

Host: payment-hub-widget-dev.s3.amazonaws.com
URL: https://payment-hub-widget-dev.s3.amazonaws.com/payment-hub-widget-v15.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.0.172.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-172-220.compute-1.amazonaws.com

Software

Resource Hash

c68647bc2f1c030871a9ae89e2d4a1ee353ce2ec03e25c6d8a5d5a1c50354e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Pragma: no-cache
X-Source-Website: ngdp-payment-widget-poc-development.ohsdigital.io
accept-language: de-DE,de;q=0.9
X-Merchant: AWR
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
X-Source: Website
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Response headers

pragma: no-cache
date: Tue, 30 Jan 2024 16:11:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-amzn-requestid: f31aa3d2-987e-4802-b7b3-b404611e4e74
x-amzn-trace-id: Root=1-65b91fa9-34c81f864f20dded6cf52997;Sampled=0;lineage=32a37c84:0
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
x-amz-apigw-id: SXHigFXWIAMEceA=
content-length: 245
expires: Thu, 01 Jan 1970 00:00:00 GMT

OPTIONS
H2 200 generate-token
uat-ohs-payment-hub.oncoursehome.com/ Frame 0
0 462ms
124ms Preflight
application/json 52.0.172.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://uat-ohs-payment-hub.oncoursehome.com/generate-token
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.0.172.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-172-220.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: cache-control,content-type,expires,pragma,x-merchant,x-source,x-source-website
Access-Control-Request-Method: POST
Origin: https://ngdp-payment-widget-poc-development.ohsdigital.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers: Authorization,Content-Type,X-Source,X-Source-Website,X-Merchant,Cache-Control,Pragma,Expires,Strict-Transport-Security
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Tue, 30 Jan 2024 16:11:21 GMT
x-amz-apigw-id: SXHifEcYIAMEKQA=
x-amzn-requestid: dcc0d757-77f1-4d92-9e9f-f964535f772f

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response
js.stripe.com/v3/ Frame 8208 200 B
841 B 28ms
27ms Document
text/html 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ngdp-payment-widget-poc-development.ohsdigital.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 4787966
cache-control: max-age=31536000
content-encoding: br
content-length: 154
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 30 Jan 2024 16:11:21 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Fri, 11 Nov 2022 20:25:37 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 422397
x-content-type-options: nosniff
x-request-id: f9a7b002-95c4-472e-8843-78e5c85d329f
x-served-by: cache-fra-eddf8230034-FRA

GET
H2 200 m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 8208 526 B
451 B 29ms
29ms Script
text/javascript 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 30 Jan 2024 16:11:21 GMT
via: 1.1 varnish
age: 4708987
x-cache: HIT
content-length: 315
x-request-id: 5bcf785d-d974-4c50-953f-046ba03e0bf8
x-served-by: cache-fra-eddf8230034-FRA
last-modified: Fri, 11 Nov 2022 20:25:36 GMT
server: Fastly
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 403511

POST
H2 200 csp-report
q.stripe.com/ Frame 8208 0
716 B 582ms
193ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 30 Jan 2024 16:11:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706631081505702
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 0
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1706631081505110
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 8208 0
716 B 583ms
194ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 30 Jan 2024 16:11:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706631081505483
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 1
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1706631081505100
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 inner.html Show response
m.stripe.network/ Frame E93F 930 B
1 KB 28ms
28ms Document
text/html 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 178
cache-control: max-age=300, public
content-encoding: br
content-length: 540
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 30 Jan 2024 16:11:21 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 198
x-content-type-options: nosniff
x-request-id: 2eacc96c-d3b0-45b6-b5de-cd0efb6f3033
x-served-by: cache-fra-eddf8230034-FRA
x-timer: S1706631081.154826,VS0,VE0

POST
H2 200 csp-report
q.stripe.com/ Frame E93F 0
491 B 431ms
193ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: ngdp-payment-widget-poc-development.ohsdigital.io
URL: https://ngdp-payment-widget-poc-development.ohsdigital.io/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 30 Jan 2024 16:11:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706631081505628
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
x-stripe-server-envoy-upstream-service-time-ms: 0
x-stripe-client-envoy-start-time-us: 1706631081505154
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
expires: 0

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame E93F 87 KB
15 KB 28ms
28ms Script
text/javascript 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Tue, 30 Jan 2024 16:11:21 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 60
x-cache: HIT
content-length: 15509
x-request-id: eb0e7d13-748f-4093-b222-3c6f8c2bd3c6
x-served-by: cache-fra-eddf8230034-FRA
server: Fastly
x-timer: S1706631081.186459,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 76

POST
H2 200 6 Show response
m.stripe.com/ Frame E93F 156 B
668 B 591ms
197ms XHR
application/json 34.208.13.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.13.71 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-13-71.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

5e471c1ca7861a48049e42920c8c5d59337eeda7b8861ef5cdd8f2e87524ba1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Tue, 30 Jan 2024 16:11:21 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1706631081725467
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 2
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1706631081724720
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

OPTIONS
H2 200 customer
uat-ohs-payment-hub.oncoursehome.com/micro-app-proxy/ Frame 0
0 122ms
122ms Preflight
application/json 52.0.172.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://uat-ohs-payment-hub.oncoursehome.com/micro-app-proxy/customer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.0.172.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-172-220.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,cache-control,content-type,expires,pragma,x-merchant,x-source,x-source-website
Access-Control-Request-Method: POST
Origin: https://ngdp-payment-widget-poc-development.ohsdigital.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers: Authorization,Content-Type,X-Source,X-Source-Website,X-Merchant,Cache-Control,Pragma,Expires,Strict-Transport-Security
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Tue, 30 Jan 2024 16:11:22 GMT
x-amz-apigw-id: SXHivHECIAMEXMQ=
x-amzn-requestid: fa0d37c3-90b4-4316-a506-215ebe49947a

POST customer
uat-ohs-payment-hub.oncoursehome.com/micro-app-proxy/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: uat-ohs-payment-hub.oncoursehome.com
URL: https://uat-ohs-payment-hub.oncoursehome.com/micro-app-proxy/customer

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
m.stripe.com/	1970-01-21 03:39:51	Name: m Value: e55be3b0-ad26-43fc-bccc-d5f0cbc760fdba77fc
.ngdp-payment-widget-poc-development.ohsdigital.io/	1970-01-21 02:49:27	Name: __stripe_mid Value: 7bd72efd-b8eb-4e9a-bcf1-374845cf841897d43a
.ngdp-payment-widget-poc-development.ohsdigital.io/	1970-01-20 18:03:52	Name: __stripe_sid Value: ea3d2a20-4526-41ae-88e0-e7709125e528acf6b7

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
js.stripe.com
m.stripe.com
m.stripe.network
ngdp-payment-widget-poc-development.ohsdigital.io
payment-hub-widget-dev.s3.amazonaws.com
q.stripe.com
uat-ohs-payment-hub.oncoursehome.com
uat-ohs-payment-hub.oncoursehome.com
151.101.64.176
2a00:1450:4001:806::200a
34.208.13.71
52.0.172.220
52.217.106.204
54.174.214.2
54.187.119.242
1aa32769099af73f53780248f9fb723275435b0c23cc61cf36a2c04dfaeedcfc
1cecedba226e60dd3ebf1e31e0171d72bb651edc90015be255e8e44683572f0a
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
47ecf90a26afa6beee9952c5b39374b8c9044aaaf69c67748b62fa3cd76ec72e
4984498a86b38efed4dad9ee261067e2fe701e0e736162d7a39c38533387bff8
569c8d4a7c147fdf7c8e96beddc603fc54e1520f253ce2c4cfd1bce3ec3d7468
5e471c1ca7861a48049e42920c8c5d59337eeda7b8861ef5cdd8f2e87524ba1c
5f0f5ae2b4ee1c48ab9be4af79fa77d891930bdc375b74a7f77909edc05d0d43
6f9e2a2f2011cd201ede6582cdd1993d7fdd6c355f3d9246a55ec62bb04d62ce
924c7b45dfcbd897280c3e87592895494a87eedabfcad6127cce006ac0f09a8c
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
a04495a3a55758df22b3ba43ecbde9a5c2c16cdd208a265019f1ab831c2421a6
b08765ccaa8a8754ee84b3b6c0750111f820f1614db463bff6172371a643e957
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
c68647bc2f1c030871a9ae89e2d4a1ee353ce2ec03e25c6d8a5d5a1c50354e27
c79126e1e10a63aa04af7dfe0d78e33bd39e937bb6c55e169db273d8cd3762d7
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e97ac9ef07fb45db937faab5eafe97051d221b042f7a6bf02d0431d28cbe7575
ec77738d9e8ae43b942aad4d6f555ddac5cc5476bb982d7efdcabccf20ca7c6e
f30d614b658f585cd970e8e0b5415c2fab29464e436007e61160f1913915565f

ngdp-payment-widget-poc-development.ohsdigital.io Open in urlscan Pro 54.174.214.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

28 Requests

96 %HTTPS

14 %IPv6

6 Domains

8 Subdomains

8 IPs

2 Countries

808 kBTransfer

1732 kBSize

3 Cookies

0 Outgoing links

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

3 Cookies

1 Console Messages

ngdp-payment-widget-poc-development.ohsdigital.io Open in urlscan Pro
54.174.214.2 Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

96 %
HTTPS

14 %
IPv6

6
Domains

8
Subdomains

8
IPs

2
Countries

808 kB
Transfer

1732 kB
Size

3
Cookies

28 HTTP transactions
0 data transactions