urlscan.io logo urlscan.io
SecurityTrails logo

seller.xola.app Open in urlscan Pro
2600:9000:225e:c600:1f:56ad:7c40:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://seller.xola.app/
Effective URL: https://seller.xola.app/
Submission: On February 29 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 2 countries across 7 domains to perform 28 HTTP transactions. The main IP is 2600:9000:225e:c600:1f:56ad:7c40:93a1, located in United States and belongs to AMAZON-02, US. The main domain is seller.xola.app.
TLS certificate: Issued by Amazon RSA 2048 M03 on October 30th 2023. Valid for: a year.
This is the only time seller.xola.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

8    2600:9000:225e:c600:1f:56ad:7c40:93a1 (United States)

ASN16509 (AMAZON-02, US)
seller.xola.app
1    2a04:4e42::644 (United States)

ASN54113 (FASTLY, US)
fast.wistia.com
2    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
9    99.86.4.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-9.fra6.r.cloudfront.net
js.stripe.com
1    108.138.26.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-26-102.fra56.r.cloudfront.net
files.xola.com
1    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
3    54.187.159.182 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-159-182.stripe.com
r.stripe.com
2    2600:9000:2724:fe00:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
m.stripe.network
1    34.212.84.166 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-212-84-166.us-west-2.compute.amazonaws.com
m.stripe.com
Apex Domain
Subdomains		 Transfer
13 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1169
r.stripe.com — Cisco Umbrella Rank: 2779
m.stripe.com — Cisco Umbrella Rank: 1138
485 KB
8 xola.app
seller.xola.app
2 MB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1250
16 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28
2 KB
1 gstatic.com
fonts.gstatic.com
46 KB
1 xola.com
files.xola.com
880 KB
1 wistia.com
fast.wistia.com — Cisco Umbrella Rank: 4454
131 KB
28 7
Domain Requested by
9 js.stripe.com seller.xola.app
js.stripe.com
8 seller.xola.app seller.xola.app
3 r.stripe.com js.stripe.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 fonts.googleapis.com seller.xola.app
1 m.stripe.com m.stripe.network
1 fonts.gstatic.com fonts.googleapis.com
1 files.xola.com seller.xola.app
1 fast.wistia.com seller.xola.app
28 9

This site contains links to these domains. Also see Links.

Domain
xola.com
www.xola.com
Subject Issuer Validity Valid
*.xola.app
Amazon RSA 2048 M03		 2023-10-30 -
2024-11-27		 a year crt.sh
fast.wistia.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-07-02 -
2024-08-02		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-07 -
2024-05-09		 3 months crt.sh
*.xola.com
Amazon RSA 2048 M02		 2023-07-28 -
2024-08-25		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2024-02-26 -
2024-05-23		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-02-26 -
2024-05-23		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://seller.xola.app/
Frame ID: D4298B221B1CEBB9B5EC43F9E6CFA11F
Requests: 16 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-8001dabcbd026e2c7e410a9c17fd3afd.html
Frame ID: 012F3DB05767447E3CAD4E64FFAC7EF2
Requests: 8 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 5BCFE7208FD207B5C8DA03B5478413D7
Requests: 2 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 39FF67E9B771823156363B96EDD51AA8
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Xola Seller

Page URL History Show full URLs

  1. http://seller.xola.app/ HTTP 307
    https://seller.xola.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Page Statistics

28
Requests

100 %
HTTPS

56 %
IPv6

7
Domains

9
Subdomains

10
IPs

2
Countries

3780 kB
Transfer

12364 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://seller.xola.app/ HTTP 307
    https://seller.xola.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
seller.xola.app/
Redirect Chain
  • http://seller.xola.app/
  • https://seller.xola.app/
1 KB
830 B 		Document
General
Check archive.org
Download Go to
Full URL
https://seller.xola.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:c600:1f:56ad:7c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
95c9211f2ffd05aab534f87f6bd13586013e7dad34e4e09d93acbe2614f8f78a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0, s-maxage=2
content-encoding
gzip
content-type
text/html
date
Thu, 29 Feb 2024 14:02:34 GMT
etag
W/"070519937e6e25522c9c48ec703e22cd"
last-modified
Thu, 29 Feb 2024 13:07:46 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
x-amz-cf-id
FxFj6lk1H0DGwkYQnXqoy4DHmhEUailz0zPg2igKjCjESuTlOTtPMw==
x-amz-cf-pop
FRA60-P4
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://seller.xola.app/
Non-Authoritative-Reason
HSTS
index.a0ca136c.js
seller.xola.app/assets/ 		2 MB
583 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://seller.xola.app/assets/index.a0ca136c.js
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:c600:1f:56ad:7c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
037547ffec5505af40e76ae41e4706d59fccefef673b3570c17c7c73d7a114a9

Request headers

Referer
https://seller.xola.app/
Origin
https://seller.xola.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 14:02:35 GMT
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
last-modified
Thu, 29 Feb 2024 13:07:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
etag
W/"1a12efafad6e932e72ae0e9f6b046b83"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
0tqLA1j_oqkcgmxanduAovRXZQnzjpEUOhNvFzCwxbPmQaBK8zpH-g==
@xola.887216cf.js
seller.xola.app/assets/ 		505 KB
161 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://seller.xola.app/assets/@xola.887216cf.js
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:c600:1f:56ad:7c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bf1cb251f7dde8a4f8e84b593cc3dfd1b03fd42ec1e46d8da63cc7d6cacab453

Request headers

Referer
https://seller.xola.app/
Origin
https://seller.xola.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 14:02:35 GMT
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
last-modified
Thu, 29 Feb 2024 13:07:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
etag
W/"3516b3bb70a1f0ec7db7060c9cc05171"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
9mClp5zmi62YeY_vBTNEvHvyXl_AEVJRU45dSXwgsfaVL-RgnUh1Pg==
stripe.d7645bb9.js
seller.xola.app/assets/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://seller.xola.app/assets/stripe.d7645bb9.js
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:c600:1f:56ad:7c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9dde291d7f35b2141c41861223da19b98763125f5eb7a255ba8a556dbdfec96b

Request headers

Referer
https://seller.xola.app/
Origin
https://seller.xola.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 14:02:35 GMT
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
last-modified
Thu, 29 Feb 2024 13:07:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
etag
W/"874afb3e454b70e5ee2e542a0e1ae557"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
RrPa81vTMu_rE2C4QsaZdf7ZlDSQlfAzpWMrbyMuSHCIRQt_eqtD7w==
ag-grid.564fe26e.js
seller.xola.app/assets/ 		2 MB
497 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://seller.xola.app/assets/ag-grid.564fe26e.js
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:c600:1f:56ad:7c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a81aece6c021498d756d1b1c606a1fd84efb16c71fdb249fef526796fb2ab4f8

Request headers

Referer
https://seller.xola.app/
Origin
https://seller.xola.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 14:02:35 GMT
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
last-modified
Thu, 29 Feb 2024 13:07:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
etag
W/"ff031a250c59e5395d5b0689bd4bfd8d"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
SFUJZ5bKn61mDO1fN0EdLR5wF0zz8mvmdw8AXQRSNacfgARvEgtXfw==
test.849c0d9a.js
seller.xola.app/assets/ 		368 B
757 B 		Script
General
Check archive.org
Download Go to
Full URL
https://seller.xola.app/assets/test.849c0d9a.js
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:c600:1f:56ad:7c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fcf03a9f42eae7d6c7235bfda34e34dcd387fcfd8a2e241cb62701e9a3ff45c5

Request headers

Referer
https://seller.xola.app/
Origin
https://seller.xola.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 14:02:35 GMT
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
last-modified
Thu, 29 Feb 2024 13:07:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
etag
"e68d87588988497db1e922ddbb47aeb7"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
content-length
368
x-amz-cf-id
7gvzAfIYx96q59gDjXv75knSE4fP6GtN6ZzCecOGc56oLcq5TJBAjg==
vendor.8eb0c937.js
seller.xola.app/assets/ 		3 MB
914 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://seller.xola.app/assets/vendor.8eb0c937.js
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:c600:1f:56ad:7c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
84be0c209076be6a77a7bbecb2cb703a4adc616cebf40075579b09db00f35731

Request headers

Referer
https://seller.xola.app/
Origin
https://seller.xola.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 14:02:35 GMT
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
last-modified
Thu, 29 Feb 2024 13:07:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
etag
W/"3a390eb8922a13cf287d8dd2baa15e31"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
NP37TzpAnTKpWoZQzd79Ri9CcJHyUvYrUR9n1fnz4AR3xH3Cb6kmYQ==
style.d6461858.css
seller.xola.app/assets/ 		352 KB
59 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://seller.xola.app/assets/style.d6461858.css
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:c600:1f:56ad:7c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
804c87b657396ee379b9ee5f11638cfa4b5216755c4b2eaeec6d2594842b78a4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://seller.xola.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 14:02:35 GMT
content-encoding
gzip
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
last-modified
Thu, 29 Feb 2024 13:07:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
etag
W/"d42913ab6d35fedd70f5f100e884d7f7"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
fDtna_LlOF8I8uaGrgVcmkfgojxWJwjaNtv9bweSBVO99Vp9G0Wcwg==
E-v1.js
fast.wistia.com/assets/external/ 		778 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.com/assets/external/E-v1.js
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2d949be13d7a08a499647507fa0974b6daf96348852e5cbeab6fb24924658b99
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://seller.xola.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 14:02:34 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=0
age
1844
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
134046
x-served-by
cache-iad-kiad7000088-IAD, cache-fra-etou8220074-FRA
x-browser-version
122
last-modified
Wed, 28 Feb 2024 20:30:45 GMT
server
AmazonS3
x-timer
S1709215354.026139,VS0,VE0
etag
"ce29cae65c45df12286dbccab71243a3"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
x-browser
chrome
asset-version
0a44e45c43c97b08da5f741fb0b138c8e81330c6
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
32, 186
css2
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@300;400;600;700&display=swap
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/assets/style.d6461858.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aa503ed4b75f03eebbb4626b542f503e7b9246f1addb0dedd48e53735cb6a4c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://seller.xola.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 29 Feb 2024 14:02:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 29 Feb 2024 12:24:12 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 29 Feb 2024 14:02:34 GMT
css2
fonts.googleapis.com/ 		6 KB
755 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto+Mono:wght@300;400;700&display=swap
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/assets/style.d6461858.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
300f7b79ee0ee2162fb88ec9a05f9a3cdee9b86a7a8fa40b08fac751b8ea79d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://seller.xola.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 29 Feb 2024 14:02:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 29 Feb 2024 14:02:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 29 Feb 2024 14:02:34 GMT
v3
js.stripe.com/ 		602 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/assets/stripe.d7645bb9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
ae9019e4783314f5f0542f3c591c735d4d1fe118e2fc8ec0959343dc29ab7c1d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://seller.xola.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 14:02:30 GMT
content-encoding
br
via
1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
5
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
last-modified
Wed, 28 Feb 2024 23:44:58 GMT
server
Cloudfront
etag
W/"19625bc79094165cca3aef1f9f41d22c"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
PgJbBjMHFcCowtS-0egU_k8_hzR-94n-HUbWtsWZUXHienJFGvVbBA==
v1
js.stripe.com/terminal/ 		235 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/terminal/v1
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/assets/stripe.d7645bb9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
22ae61d91500020eef5835f45b607b0f40ff22705d4cc292e1f1fd3023a0b2c6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://seller.xola.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 14:00:16 GMT
content-encoding
br
via
1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
189
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
last-modified
Fri, 23 Feb 2024 01:40:39 GMT
server
Cloudfront
etag
W/"d3b15ea7875bef363beb7477fd51ec00"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=300
timing-allow-origin
*
x-amz-cf-id
t9qWxrlAZ-nkqISUSn9ILkhLM37seEbEl0D0WITJh4YBud5TeGRHkA==
x2-34fc260271ca80160c61777846784611.jpeg
files.xola.com/x2/images/login/ 		878 KB
880 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://files.xola.com/x2/images/login/x2-34fc260271ca80160c61777846784611.jpeg
Requested by
Host: seller.xola.app
URL: https://seller.xola.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.26.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-26-102.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0f9b8afebe9ef61da914aca39bfec651b53ce0d62839dd7b83987263007953e5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://seller.xola.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 11:31:49 GMT
via
1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
last-modified
Sun, 27 Feb 2022 08:51:27 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P7
age
9046
x-amz-server-side-encryption
AES256
etag
"18a0231b728e66831f3e706203785855"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
899450
x-amz-cf-id
_S2mlhvvL4yzyarsIhTIrvTqcgHiX7GqrQyFE-TPbl9sQ9nmrxMqNg==
truncated
/ 		208 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0eaabd08752cbfa387dfb28f1f2201f0f4f4a7b34688522063b8b857d3b76380

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Type
image/svg+xml
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://seller.xola.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 27 Feb 2024 08:51:09 GMT
x-content-type-options
nosniff
age
191485
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46704
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:49:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 26 Feb 2025 08:51:09 GMT
controller-8001dabcbd026e2c7e410a9c17fd3afd.html
js.stripe.com/v3/ Frame 012F 		325 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-8001dabcbd026e2c7e410a9c17fd3afd.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
f7972aa868964f82b53b7bcc0a2d03ef5302ba22e421ed67d2e46ad62ae2bf85
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://seller.xola.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
8
cache-control
max-age=60, stale-while-revalidate=900
content-length
325
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 29 Feb 2024 14:02:26 GMT
etag
"8001dabcbd026e2c7e410a9c17fd3afd"
last-modified
Wed, 28 Feb 2024 22:56:35 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
x-amz-cf-id
9hUtXsoMbWqjVPfDmmHuSpWX4TzKmiratmhDVFgtCtWwUu0gUboRuQ==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
shared-a5db6665267ded2696cc6fbd9ac04185.js
js.stripe.com/v3/fingerprinted/js/ Frame 012F 		537 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/shared-a5db6665267ded2696cc6fbd9ac04185.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-8001dabcbd026e2c7e410a9c17fd3afd.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
0bddbb6212ac5e2584ed979b6290bea04f4ed7938a3986c4adf011a75189d826
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/controller-8001dabcbd026e2c7e410a9c17fd3afd.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 14:02:06 GMT
content-encoding
br
via
1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
30
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
last-modified
Wed, 28 Feb 2024 22:56:48 GMT
server
Cloudfront
etag
W/"aff48a505107cec853ce90748666d493"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
x-amz-cf-id
pE_WIrrrik7UkV8Z1m_wUpPYJhUnO69yZ2aY7NRqtkly4y8sC6IEMA==
controller-be09d5803edf23e7355a8a81d8f7b029.js
js.stripe.com/v3/fingerprinted/js/ Frame 012F 		693 KB
163 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/controller-be09d5803edf23e7355a8a81d8f7b029.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-8001dabcbd026e2c7e410a9c17fd3afd.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
062121a6a6b36dba977349660046480e778cc5285af4d86b69fb189c5840c7b9
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/controller-8001dabcbd026e2c7e410a9c17fd3afd.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 13:12:11 GMT
content-encoding
br
via
1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
3028
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
last-modified
Wed, 28 Feb 2024 22:56:46 GMT
server
Cloudfront
etag
W/"77b8dacc8b90a502205a34c354365e22"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
x-amz-cf-id
oIQIzYqVfjSGyiAd6TkmIG8TFvLUMhoTJKjhnh_-nPRPOMJaMk-g4w==
.deploy_status_henson.json
js.stripe.com/v3/ Frame 012F 		474 B
915 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/.deploy_status_henson.json
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a5db6665267ded2696cc6fbd9ac04185.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
542f1854d15dcea1e623ea4ef1a99240fc04907c52554272b6db2e4661230d31
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Accept
application/json
Referer
https://js.stripe.com/v3/controller-8001dabcbd026e2c7e410a9c17fd3afd.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 29 Feb 2024 14:01:44 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
age
50
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
content-length
474
last-modified
Wed, 28 Feb 2024 23:48:26 GMT
server
Cloudfront
etag
"82b1ea412f47a478bc42592b1625f399"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
x-amz-cf-id
8KxLS7I22gybF9Y3LmM9bnfHTU9Wyo_GcB-ltBTYooatTq9Gwiqefg==
.deploy_status_henson.json
js.stripe.com/v3/ Frame 012F 		474 B
916 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/.deploy_status_henson.json
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a5db6665267ded2696cc6fbd9ac04185.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
542f1854d15dcea1e623ea4ef1a99240fc04907c52554272b6db2e4661230d31
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Accept
application/json
Referer
https://js.stripe.com/v3/controller-8001dabcbd026e2c7e410a9c17fd3afd.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 29 Feb 2024 14:01:44 GMT
via
1.1 507b5edb20d0e1a0b73c8687f53defa8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
age
50
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
content-length
474
last-modified
Wed, 28 Feb 2024 23:48:26 GMT
server
Cloudfront
etag
"82b1ea412f47a478bc42592b1625f399"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
x-amz-cf-id
NhhYKgdPcIetPElJ8ebHRTBZdiy8vX_NJZfLbk1R_kcn9AVzqVZ6FA==
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 5BCF 		200 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://seller.xola.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2823
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 29 Feb 2024 13:15:32 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 23 Feb 2024 21:02:42 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
x-amz-cf-id
hjod6eTSZY8uIsVtxSn_4b976U2rKCWIGHUSmnCYv_yCY-CByla4hw==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
js.stripe.com/v3/fingerprinted/js/ Frame 5BCF 		526 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-9.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 13:15:36 GMT
via
1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
age
2822
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
content-length
526
last-modified
Tue, 20 Feb 2024 21:32:39 GMT
server
Cloudfront
etag
"d96c709017743c0759cf3853d1806ba5"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
o7eo7XpaD0zpEOJCNInN2XhjLhy6s9yEIEytm8dZwpEGXODksNqV7A==
b
r.stripe.com/ Frame 012F 		0
275 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/b
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a5db6665267ded2696cc6fbd9ac04185.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color
green
date
Thu, 29 Feb 2024 14:02:35 GMT
x-stripe-server-envoy-start-time-us
1709215355390619
server
nginx
content-type
text/plain
access-control-allow-origin
https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms
8
x-stripe-client-envoy-start-time-us
1709215355390209
access-control-allow-credentials
true
content-length
0
inner.html
m.stripe.network/ Frame 39FF 		930 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2724:fe00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
125
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 29 Feb 2024 14:01:55 GMT
etag
"06bfcd88af438673a8bf9b845a11aa6e"
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 1270eda8f49e8826b43258fcc9ef44d2.cloudfront.net (CloudFront)
x-amz-cf-id
vqM1fyOmBk3aQkp6n9OWuoVLVQZoF_HfMN32dX0XXoC1aLrAOygcgw==
x-amz-cf-pop
FRA56-P12
x-cache
Hit from cloudfront
x-content-type-options
nosniff
out-4.5.43.js
m.stripe.network/ Frame 39FF 		87 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.43.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2724:fe00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Thu, 29 Feb 2024 13:57:39 GMT
content-encoding
br
via
1.1 1270eda8f49e8826b43258fcc9ef44d2.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
age
297
x-content-type-options
nosniff
etag
W/"69cb7809b5011312e716f29b3d19dce6"
x-amz-cf-pop
FRA56-P12
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
x-amz-cf-id
VKoGQDQkud-s40BZPEtxGAGaKZJHdvKrvjPgrqgaGJbYTRsrUuhGvw==
6
m.stripe.com/ Frame 39FF 		156 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.212.84.166 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-212-84-166.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
101f2e0db7a64916ec3438a2489f64f16d32365184e39f8dc07089a4ab968941
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
blue
date
Thu, 29 Feb 2024 14:02:35 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1709215355549510
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
2
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1709215355549181
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
b
r.stripe.com/ Frame 012F 		0
274 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/b
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a5db6665267ded2696cc6fbd9ac04185.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color
green
date
Thu, 29 Feb 2024 14:02:36 GMT
x-stripe-server-envoy-start-time-us
1709215355998864
server
nginx
content-type
text/plain
access-control-allow-origin
https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms
7
x-stripe-client-envoy-start-time-us
1709215355998518
access-control-allow-credentials
true
content-length
0
b
r.stripe.com/ Frame 012F 		0
275 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/b
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-a5db6665267ded2696cc6fbd9ac04185.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-stripe-bg-intended-route-color
green
date
Thu, 29 Feb 2024 14:02:36 GMT
x-stripe-server-envoy-start-time-us
1709215355999328
server
nginx
content-type
text/plain
access-control-allow-origin
https://js.stripe.com
x-stripe-server-envoy-upstream-service-time-ms
11
x-stripe-client-envoy-start-time-us
1709215355998982
access-control-allow-credentials
true
content-length
0

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| __webpack_modules__ object| __webpack_module_cache__ function| __webpack_require__ object| __webpack_exports__ object| Wistia string| _wistiaElemId object| _wq object| wistiaEmbeds object| FullCalendarVDom function| hotkeys object| ejs object| regeneratorRuntime function| Pusher function| simulateStripe function| enableDebug object| __SENTRY__ object| webpackChunkStripeJSouter function| noop function| Stripe object| StripeTerminal

3 Cookies

Domain/Path Name / Value
m.stripe.com/ Name: m
Value: 28691de2-a636-4497-9490-7e52bc73be13fcc0db
.seller.xola.app/ Name: __stripe_mid
Value: 64a0d644-e39c-4b24-b836-cdc2b2f706d45bc48d
.seller.xola.app/ Name: __stripe_sid
Value: b6b24257-269e-4f31-bfd7-879829c88840e9ef44

1 Console Messages

Source Level URL
Text
other warning URL: https://seller.xola.app/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fast.wistia.com
files.xola.com
fonts.googleapis.com
fonts.gstatic.com
js.stripe.com
m.stripe.com
m.stripe.network
r.stripe.com
seller.xola.app
108.138.26.102
2600:9000:225e:c600:1f:56ad:7c40:93a1
2600:9000:2724:fe00:19:7d10:bd80:93a1
2a00:1450:4001:80e::2003
2a00:1450:4001:829::200a
2a04:4e42::644
34.212.84.166
54.187.159.182
99.86.4.9
037547ffec5505af40e76ae41e4706d59fccefef673b3570c17c7c73d7a114a9
062121a6a6b36dba977349660046480e778cc5285af4d86b69fb189c5840c7b9
0bddbb6212ac5e2584ed979b6290bea04f4ed7938a3986c4adf011a75189d826
0eaabd08752cbfa387dfb28f1f2201f0f4f4a7b34688522063b8b857d3b76380
0f9b8afebe9ef61da914aca39bfec651b53ce0d62839dd7b83987263007953e5
101f2e0db7a64916ec3438a2489f64f16d32365184e39f8dc07089a4ab968941
22ae61d91500020eef5835f45b607b0f40ff22705d4cc292e1f1fd3023a0b2c6
2d949be13d7a08a499647507fa0974b6daf96348852e5cbeab6fb24924658b99
300f7b79ee0ee2162fb88ec9a05f9a3cdee9b86a7a8fa40b08fac751b8ea79d6
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
542f1854d15dcea1e623ea4ef1a99240fc04907c52554272b6db2e4661230d31
804c87b657396ee379b9ee5f11638cfa4b5216755c4b2eaeec6d2594842b78a4
84be0c209076be6a77a7bbecb2cb703a4adc616cebf40075579b09db00f35731
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
95c9211f2ffd05aab534f87f6bd13586013e7dad34e4e09d93acbe2614f8f78a
9dde291d7f35b2141c41861223da19b98763125f5eb7a255ba8a556dbdfec96b
a81aece6c021498d756d1b1c606a1fd84efb16c71fdb249fef526796fb2ab4f8
aa503ed4b75f03eebbb4626b542f503e7b9246f1addb0dedd48e53735cb6a4c8
ae9019e4783314f5f0542f3c591c735d4d1fe118e2fc8ec0959343dc29ab7c1d
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
bf1cb251f7dde8a4f8e84b593cc3dfd1b03fd42ec1e46d8da63cc7d6cacab453
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7972aa868964f82b53b7bcc0a2d03ef5302ba22e421ed67d2e46ad62ae2bf85
fcf03a9f42eae7d6c7235bfda34e34dcd387fcfd8a2e241cb62701e9a3ff45c5