urlscan.io logo urlscan.io
SecurityTrails logo

stripe.com Open in urlscan Pro
54.187.159.182  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://59.email.stripe.com/CL0/https:%2F%2Fstripe.com%2Fsources%2Frefund%3Famount=1330000%26currency=eur%26source_slug=CB0Q...
Effective URL: https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5...
Submission: On April 03 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 54.187.159.182, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is stripe.com. The Cisco Umbrella rank of the primary domain is 936.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 28th 2024. Valid for: 3 months.
This is the only time stripe.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.239.94.43 16509 (AMAZON-02)
2 54.187.159.182 16509 (AMAZON-02)
2 151.101.0.176 54113 (FASTLY)
4 2600:9000:20b... 16509 (AMAZON-02)
1 151.101.192.176 54113 (FASTLY)
9 4
1    18.239.94.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-94-43.ams1.r.cloudfront.net
59.email.stripe.com
2    54.187.159.182 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-159-182.stripe.com
stripe.com
2    151.101.0.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
4    2600:9000:20b4:d000:b:1d09:f200:93a1 (United States)

ASN16509 (AMAZON-02, US)
b.stripecdn.com
1    151.101.192.176 (United States)

ASN54113 (FASTLY, US)
m.stripe.network
Apex Domain
Subdomains		 Transfer
5 stripe.com
59.email.stripe.com — Cisco Umbrella Rank: 224148
stripe.com — Cisco Umbrella Rank: 936
js.stripe.com — Cisco Umbrella Rank: 1297
31 KB
4 stripecdn.com
b.stripecdn.com — Cisco Umbrella Rank: 11899
36 KB
1 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1371
9 3
Domain Requested by
4 b.stripecdn.com stripe.com
2 js.stripe.com stripe.com
js.stripe.com
2 stripe.com
1 m.stripe.network js.stripe.com
1 59.email.stripe.com 1 redirects
9 5

This site contains no links.

Subject Issuer Validity Valid
stripe.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-28 -
2024-05-30		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-07 -
2024-05-09		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
Frame ID: DF01B61288F8F5ACD9D2A080F338D502
Requests: 7 HTTP requests in this frame

Frame: https://js.stripe.com/v2/m/outer.html
Frame ID: 3BCB6FC6A5535A0526B2E9494C8B95F5
Requests: 1 HTTP requests in this frame

Frame: https://m.stripe.network/inner-preview.html
Frame ID: 6E9E1C10586090A592F3EC3E370F9CC3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Refund Information - Stripe

Page URL History Show full URLs

  1. https://59.email.stripe.com/CL0/https:%2F%2Fstripe.com%2Fsources%2Frefund%3Famount=1330000%26currency=eu... HTTP 302
    https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3V... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

20 %
IPv6

3
Domains

5
Subdomains

4
IPs

1
Countries

67 kB
Transfer

183 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://59.email.stripe.com/CL0/https:%2F%2Fstripe.com%2Fsources%2Frefund%3Famount=1330000%26currency=eur%26source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r/1/0101018e9ddfc225-38102adc-2e53-42d2-9d46-c48f3ba7350a-000000/7x0zond05unD9AOH3Gs59LP0E-FDLboibWwaMz3d2yc=346 HTTP 302
    https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request refund
stripe.com/sources/
Redirect Chain
  • https://59.email.stripe.com/CL0/https:%2F%2Fstripe.com%2Fsources%2Frefund%3Famount=1330000%26currency=eur%26source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zde...
  • https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
7 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
35e0830de6e561c3281366eff9274d34978e7136b9f24021f795c07e47a365db
Security Headers
Name Value
Content-Security-Policy report-uri /csp-report?p=sources%2Frefund; block-all-mixed-content; script-src https://checkout.stripe.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://credit.klarnacdn.net/lib/v1/ https://ga.clearbit.com/v1/ga.js https://x.klarnacdn.net/kp/lib/v1/ 'self' 'nonce-T8/zarVes7nc4+6fkZ7DQQ==' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' https://b.stripecdn.com https://files.stripe.com https://www.google-analytics.com https://www.googletagmanager.com 'report-sample'; object-src 'self'; base-uri 'self'; default-src 'none'; style-src 'unsafe-inline' 'self' https://b.stripecdn.com https://files.stripe.com https://cloud.typography.com/711858/764882/css/fonts.css; img-src https://d37ugbyn3rpeym.cloudfront.net 'self' data: https://b.stripecdn.com https://files.stripe.com https://q.stripe.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://10460294.fls.doubleclick.net https://ad.doubleclick.net https://www.googletagmanager.com https://adservice.google.com https://px.ads.linkedin.com https://dc.ads.linkedin.com https://px4.ads.linkedin.com https://snap.licdn.com https://www.facebook.com https://p.adsymptotic.com; media-src https://d37ugbyn3rpeym.cloudfront.net https://stripe.com https://b.stripecdn.com https://files.stripe.com; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners 'self' https://stripe.com https://hooks.stripe.com https://pm-hooks.stripe.com https://errors.stripe.com https://b.stripecdn.com https://files.stripe.com https://www.google-analytics.com https://www.google.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://10460294.fls.doubleclick.net https://www.googletagmanager.com https://adservice.google.com; frame-ancestors 'self' https://stripe.com; font-src 'self' data: https://b.stripecdn.com https://files.stripe.com; form-action 'self' https://stripe.com https://hooks.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com https://files.stripe.com https://www.googletagmanager.com
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
fr-FR,fr;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
content-security-policy
report-uri /csp-report?p=sources%2Frefund; block-all-mixed-content; script-src https://checkout.stripe.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://credit.klarnacdn.net/lib/v1/ https://ga.clearbit.com/v1/ga.js https://x.klarnacdn.net/kp/lib/v1/ 'self' 'nonce-T8/zarVes7nc4+6fkZ7DQQ==' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' https://b.stripecdn.com https://files.stripe.com https://www.google-analytics.com https://www.googletagmanager.com 'report-sample'; object-src 'self'; base-uri 'self'; default-src 'none'; style-src 'unsafe-inline' 'self' https://b.stripecdn.com https://files.stripe.com https://cloud.typography.com/711858/764882/css/fonts.css; img-src https://d37ugbyn3rpeym.cloudfront.net 'self' data: https://b.stripecdn.com https://files.stripe.com https://q.stripe.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://10460294.fls.doubleclick.net https://ad.doubleclick.net https://www.googletagmanager.com https://adservice.google.com https://px.ads.linkedin.com https://dc.ads.linkedin.com https://px4.ads.linkedin.com https://snap.licdn.com https://www.facebook.com https://p.adsymptotic.com; media-src https://d37ugbyn3rpeym.cloudfront.net https://stripe.com https://b.stripecdn.com https://files.stripe.com; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners 'self' https://stripe.com https://hooks.stripe.com https://pm-hooks.stripe.com https://errors.stripe.com https://b.stripecdn.com https://files.stripe.com https://www.google-analytics.com https://www.google.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://10460294.fls.doubleclick.net https://www.googletagmanager.com https://adservice.google.com; frame-ancestors 'self' https://stripe.com; font-src 'self' data: https://b.stripecdn.com https://files.stripe.com; form-action 'self' https://stripe.com https://hooks.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com https://files.stripe.com https://www.googletagmanager.com
content-type
text/html;charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="coop"
date
Wed, 03 Apr 2024 08:59:20 GMT
report-to
{"group":"coop","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coop-report"}],"include_subdomains":true}
reporting-endpoints
coop="https://q.stripe.com/coop-report"
server
nginx
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
181
x-frame-options
SAMEORIGIN
x-stripe-client-envoy-start-time-us
1712134760233172
x-stripe-server-envoy-start-time-us
1712134760233430
x-stripe-server-envoy-upstream-service-time-ms
180

Redirect headers

content-length
0
date
Wed, 03 Apr 2024 08:59:18 GMT
location
https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
via
1.1 c00e79984dfec6a6601fb861a1d8d5e8.cloudfront.net (CloudFront)
x-amz-cf-id
NHRbltXyE0bY7oghX9hn2eZhr__UFVVeBu4fp8IZqCQG1H5HoKDYHQ==
x-amz-cf-pop
AMS1-P3
x-cache
Miss from cloudfront
/
js.stripe.com/v2/ 		62 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v2/
Requested by
Host: stripe.com
URL: https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
91ab93b25227f8a29a716fdc41831b0a8a8729d8cde9f8adb29f4c8392457b9e
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://stripe.com/
accept-language
fr-FR,fr;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Wed, 03 Apr 2024 08:59:20 GMT
via
1.1 varnish
age
21
x-cache
HIT
content-length
21836
x-request-id
2be94082-945b-443a-adc2-735c3d544707
x-served-by
cache-lcy-eglc8600057-LCY
last-modified
Thu, 03 Feb 2022 12:42:55 GMT
server
Fastly
etag
"4e0e5080f8f45588fcc33b82ee08fa3c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=300
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
2
sprockets-css-sources_refund-507f536e32d62d924322.min.css
b.stripecdn.com/site-statics-srv/assets/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://b.stripecdn.com/site-statics-srv/assets/css/sprockets-css-sources_refund-507f536e32d62d924322.min.css
Requested by
Host: stripe.com
URL: https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20b4:d000:b:1d09:f200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
ce5ad7bc03e8c8a1d005778b5ab5258b361116945a2235b4534bc747eca013e7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://stripe.com/
accept-language
fr-FR,fr;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 08:44:48 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
br
age
873
x-amz-cf-pop
AMS58-P4
via
1.1 dc216c6741e47caf45c9d347f1061c8e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
last-modified
Wed, 03 Apr 2024 01:43:23 GMT
server
Cloudfront
etag
W/"1ca1d3ae54067d2041a025eb92f41f4c"
vary
Accept-Encoding,Origin
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
timing-allow-origin
*
x-amz-cf-id
G4lrvVaUrHHtc0R316k_NUydCrM-mJ8tc4F20A5jSIVfL-DFxODhNg==
jquery.min-ce791c0833c4ce255ec0.min.js
b.stripecdn.com/site-statics-srv/assets/js/sprockets-js-external/ 		94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b.stripecdn.com/site-statics-srv/assets/js/sprockets-js-external/jquery.min-ce791c0833c4ce255ec0.min.js
Requested by
Host: stripe.com
URL: https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20b4:d000:b:1d09:f200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
35adf0a4df226250e22c73de47a74dbc1054ea4cd3e6689d34a4ca2e418e6055
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://stripe.com/
accept-language
fr-FR,fr;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 08:42:09 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
br
age
1032
x-amz-cf-pop
AMS58-P4
via
1.1 dc216c6741e47caf45c9d347f1061c8e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
last-modified
Wed, 03 Apr 2024 01:43:23 GMT
server
Cloudfront
etag
W/"c286e468b66ba3517d536ded38481243"
vary
Accept-Encoding,Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=31536000, public
timing-allow-origin
*
x-amz-cf-id
wPnAk_iM7nEKaHkSsPg5ramuOd8uPDOXO9Zbbv2pu0xGhUNdBUNF6Q==
csrf-727704a31c0760cd9d4a.min.js
b.stripecdn.com/site-statics-srv/assets/js/sprockets-js-shared/ 		310 B
798 B 		Script
General
Check archive.org
Download Go to
Full URL
https://b.stripecdn.com/site-statics-srv/assets/js/sprockets-js-shared/csrf-727704a31c0760cd9d4a.min.js
Requested by
Host: stripe.com
URL: https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20b4:d000:b:1d09:f200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
863af42482b8c79c142f2f5bb3809be307c4c5f46f623aa6dd6269f27aa23f8e
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://stripe.com/
accept-language
fr-FR,fr;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 08:44:48 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
via
1.1 dc216c6741e47caf45c9d347f1061c8e.cloudfront.net (CloudFront)
age
873
x-amz-cf-pop
AMS58-P4
x-cache
Hit from cloudfront
content-length
310
last-modified
Wed, 03 Apr 2024 01:43:23 GMT
server
Cloudfront
etag
"d7d769bc2ec8540d5fac62f5d1e44fca"
vary
Accept-Encoding,Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
7iCxGum80Xr7vE_iYFd1olXF0WNGTu-o0rICHv9Fz2vYSv1E5vIDFw==
logo-6e8ee9c3f7fe9fb75a5f8944e696c3ec.png
b.stripecdn.com/site-statics-srv/assets/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.stripecdn.com/site-statics-srv/assets/assets/img/logo-6e8ee9c3f7fe9fb75a5f8944e696c3ec.png
Requested by
Host: stripe.com
URL: https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20b4:d000:b:1d09:f200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
ac1327432a05e93f0d96eafbe8ddc043b9dc8a1e4f99529f2fe8aa9feb8ddf29
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://stripe.com/
accept-language
fr-FR,fr;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 08:44:48 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
via
1.1 dc216c6741e47caf45c9d347f1061c8e.cloudfront.net (CloudFront)
age
873
x-amz-cf-pop
AMS58-P4
x-cache
Hit from cloudfront
content-length
1679
last-modified
Wed, 03 Apr 2024 01:43:21 GMT
server
Cloudfront
etag
"fc354be92c82b779fa3a199736e4c1f4"
vary
Accept-Encoding,Origin
content-type
image/png
cache-control
max-age=31536000, public
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
sM6Gn8vCE2LndXffB0hf_4Y9g9s7TIC7Pwvn6mqSaHve-gKT1B-kmQ==
outer.html
js.stripe.com/v2/m/ Frame 3BCB 		718 B
824 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v2/m/outer.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v2/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
7832e207be33df99c990b38381b506740fe48b3c9df9a8166a18fb43989fd478
Security Headers
Name Value
Content-Security-Policy report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
fr-FR,fr;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
13
cache-control
public, max-age=300
content-encoding
br
content-length
388
content-security-policy
report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
default-src 'self'; connect-src https://api.stripe.com; base-uri 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src 'self'; script-src 'self' 'sha256-SP+OklpqI9DOfk/xOSps45nYg4re2SxZVge06yn8uUQ='; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 03 Apr 2024 08:59:20 GMT
etag
"51b76bd7931c50d2bf6d4c5a93d343f9"
last-modified
Tue, 05 Oct 2021 15:37:46 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
1
x-content-type-options
nosniff
x-request-id
0de9aaf1-b893-4e4b-bcd7-b1f4b345cb72
x-served-by
cache-lcy-eglc8600057-LCY
inner-preview.html
m.stripe.network/ Frame 6E9E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner-preview.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v2/m/outer.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
fr-FR,fr;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
age
227
cache-control
max-age=300, public
content-encoding
br
content-length
540
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 03 Apr 2024 08:59:20 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 varnish
x-cache
HIT
x-cache-hits
11
x-content-type-options
nosniff
x-request-id
77366bd1-4742-4951-91a4-9e482c6481e0
x-served-by
cache-lcy-eglc8600057-LCY
x-timer
S1712134761.860287,VS0,VE0
favicon.ico
stripe.com/ 		15 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://stripe.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
ab46c4c2a2623c478b1c6bf4b4eb457554d4f52080db2f63eb30c32a448fb142
Security Headers
Name Value
Content-Security-Policy report-uri /csp-report?p=%2Ffavicon.ico;block-all-mixed-content;default-src 'none' 'report-sample';base-uri 'none';form-action 'none';style-src 'unsafe-inline';frame-ancestors 'self';connect-src 'self';img-src 'self' https://b.stripecdn.com
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
accept-language
fr-FR,fr;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-stripe-bg-intended-route-color
blue
date
Wed, 03 Apr 2024 08:59:21 GMT
content-security-policy
report-uri /csp-report?p=%2Ffavicon.ico;block-all-mixed-content;default-src 'none' 'report-sample';base-uri 'none';form-action 'none';style-src 'unsafe-inline';frame-ancestors 'self';connect-src 'self';img-src 'self' https://b.stripecdn.com
content-encoding
gzip
x-stripe-server-envoy-start-time-us
1712134761022495
server
nginx
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding
report-to
{"group":"coop","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coop-report"}],"include_subdomains":true}
content-type
image/vnd.microsoft.icon; charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
16
x-stripe-client-envoy-start-time-us
1712134761022277
x-envoy-upstream-service-time
17
reporting-endpoints
coop="https://q.stripe.com/coop-report"
cross-origin-opener-policy-report-only
same-origin; report-to="coop"

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| Stripe function| $ function| jQuery object| form_validations object| form_blacklists function| run_validations

6 Cookies

Domain/Path Name / Value
stripe.com/ Name: __Host-stripe.mkt.csrf
Value: -zjkwxXLSk2gJ9dUNRBQuDy31tfU_hzwavU1Y0ausx43ZgANyO1ES-y2yB-qga6PPVUg-bENbrHGMwKKxDSNSzw-AcAXe4Z_3dE1xOxoA76rA-yZN8FpmgJhDLRGmKKFuBatxW-jcA%3D%3D
.stripe.com/ Name: __stripe_orig_props
Value: %7B%22referrer%22%3A%22%22%2C%22landing%22%3A%22https%3A%2F%2Fstripe.com%2Fsources%2Frefund%3Famount%3D1330000%5Cu0026currency%3Deur%5Cu0026source_slug%3DCB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r%22%7D
stripe.com/ Name: __Host-stripe.site.csrf
Value: utpL6f9CYKUbAio2QkEdOqRBOdfgiexqRUnqk4gAT8uCfqyTTaUdVeHEp5m56kHP-KuHZ4N02OB8HUBum3MABDw-AVtJQdMsck66YlJ59qy9TGfqWoSOjzG44c9lBMSN3DQxHEDxVw%3D%3D
m.stripe.com/ Name: m
Value: 7ad69002-d6c9-4e1c-aaa2-80d1070407fb051a5a
.stripe.com/ Name: __stripe_sid
Value: 4b980e7d-4572-4b06-b99d-5157f89a488ee6446a
.stripe.com/ Name: __stripe_mid
Value: 7f00e736-195b-4076-af26-405220255228534e59

3 Console Messages

Source Level URL
Text
other warning URL: https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://stripe.com/sources/refund?amount=1330000&currency=eur&source_slug=CB0QARoXChVhY2N0XzE3VEFqY0I0NGQ0bHREOGgo5fyusAYyBqVXNS-NSTotBJ5xzxdQrbv4k9zdeU2cLRFSy0n4uT9VH9X_5nO87lfKSJK_uUFz8Vta2p9r
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy report-uri /csp-report?p=sources%2Frefund; block-all-mixed-content; script-src https://checkout.stripe.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://credit.klarnacdn.net/lib/v1/ https://ga.clearbit.com/v1/ga.js https://x.klarnacdn.net/kp/lib/v1/ 'self' 'nonce-T8/zarVes7nc4+6fkZ7DQQ==' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' https://b.stripecdn.com https://files.stripe.com https://www.google-analytics.com https://www.googletagmanager.com 'report-sample'; object-src 'self'; base-uri 'self'; default-src 'none'; style-src 'unsafe-inline' 'self' https://b.stripecdn.com https://files.stripe.com https://cloud.typography.com/711858/764882/css/fonts.css; img-src https://d37ugbyn3rpeym.cloudfront.net 'self' data: https://b.stripecdn.com https://files.stripe.com https://q.stripe.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://10460294.fls.doubleclick.net https://ad.doubleclick.net https://www.googletagmanager.com https://adservice.google.com https://px.ads.linkedin.com https://dc.ads.linkedin.com https://px4.ads.linkedin.com https://snap.licdn.com https://www.facebook.com https://p.adsymptotic.com; media-src https://d37ugbyn3rpeym.cloudfront.net https://stripe.com https://b.stripecdn.com https://files.stripe.com; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners 'self' https://stripe.com https://hooks.stripe.com https://pm-hooks.stripe.com https://errors.stripe.com https://b.stripecdn.com https://files.stripe.com https://www.google-analytics.com https://www.google.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://10460294.fls.doubleclick.net https://www.googletagmanager.com https://adservice.google.com; frame-ancestors 'self' https://stripe.com; font-src 'self' data: https://b.stripecdn.com https://files.stripe.com; form-action 'self' https://stripe.com https://hooks.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com https://files.stripe.com https://www.googletagmanager.com
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN