www.staging.services.tiffinhub.ca Open in urlscan Pro
13.35.93.112 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://staging.services.tiffinhub.ca/
Effective URL:
https://www.staging.services.tiffinhub.ca/
Submission: On March 14 via automatic, source certstream-suspicious (March 14th 2023, 12:16:22 am UTC) — Scanned from CA

Summary HTTP 16 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 16 HTTP transactions. The main IP is 13.35.93.112, located in United States and belongs to AMAZON-02, US. The main domain is www.staging.services.tiffinhub.ca.
TLS certificate: Issued by Amazon RSA 2048 M02 on March 13th 2023. Valid for: a year.

This is the only time www.staging.services.tiffinhub.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 5	13.35.93.112 13.35.93.112	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	151.101.0.176 151.101.0.176	54113 (FASTLY) (FASTLY)
3	54.186.23.98 54.186.23.98	16509 (AMAZON-02) (AMAZON-02)
1	54.186.100.168 54.186.100.168	16509 (AMAZON-02) (AMAZON-02)
16	5

5 13.35.93.112 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-112.jfk50.r.cloudfront.net

staging.services.tiffinhub.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.staging.services.tiffinhub.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.0.176 (United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.186.23.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-186-23-98.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.186.100.168 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-186-100-168.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	stripe.com js.stripe.com — Cisco Umbrella Rank: 955 q.stripe.com — Cisco Umbrella Rank: 6067 m.stripe.com — Cisco Umbrella Rank: 966	122 KB
5	tiffinhub.ca 1 redirects staging.services.tiffinhub.ca www.staging.services.tiffinhub.ca	126 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	272 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1034	17 KB
16	4

	Domain	Requested by
4	www.staging.services.tiffinhub.ca	www.staging.services.tiffinhub.ca
3	q.stripe.com	www.staging.services.tiffinhub.ca
3	js.stripe.com	www.staging.services.tiffinhub.ca js.stripe.com
3	cdnjs.cloudflare.com	www.staging.services.tiffinhub.ca cdnjs.cloudflare.com
2	m.stripe.network	js.stripe.com m.stripe.network
1	m.stripe.com	m.stripe.network
1	staging.services.tiffinhub.ca	1 redirects
16	7

This site contains links to these domains. Also see Links.

Domain
tiffinhub.ca
www.instagram.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
*.staging.services.tiffinhub.ca Amazon RSA 2048 M02	`2023-03-13` - `2024-04-10`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2023-02-06` - `2023-05-13`	3 months	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-14` - `2023-06-13`	4 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-08` - `2023-04-08`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.staging.services.tiffinhub.ca/
Frame ID: 037BE4B9FFA677956CE96E8E11958583
Requests: 8 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Frame ID: B9CC6292998261FE0B5F1FB5167530B0
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 837AD57CF4F3776D2B7C722D3A9782FD
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Tiffinhub

Page URL History Show full URLs

https://staging.services.tiffinhub.ca/ HTTP 302
https://www.staging.services.tiffinhub.ca/ Page URL

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

16
Requests

100 %
HTTPS

20 %
IPv6

4
Domains

7
Subdomains

5
IPs

1
Countries

536 kB
Transfer

1212 kB
Size

3
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://tiffinhub.ca/
Title: Home

Search URL Search Domain Scan URL

URL: https://tiffinhub.ca/contact_us
Title: Contact us

Search URL Search Domain Scan URL

URL: https://tiffinhub.ca/get_started
Title: Get Started

Search URL Search Domain Scan URL

URL: https://tiffinhub.ca/signin
Title: Login

Search URL Search Domain Scan URL

URL: https://tiffinhub.ca/driver_form
Title: Apply for driver

Search URL Search Domain Scan URL

URL: https://tiffinhub.ca/aboutus
Title: About us

Search URL Search Domain Scan URL

URL: https://tiffinhub.ca/menu
Title: Weekly menu

Search URL Search Domain Scan URL

URL: https://www.instagram.com/tiffinhubcanada/

Search URL Search Domain Scan URL

URL: https://twitter.com/Tiffinhub1

Search URL Search Domain Scan URL

URL: https://www.facebook.com/tiffinhubcanada

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://staging.services.tiffinhub.ca/ HTTP 302
https://www.staging.services.tiffinhub.ca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.staging.services.tiffinhub.ca/
Redirect Chain

https://staging.services.tiffinhub.ca/
https://www.staging.services.tiffinhub.ca/

956 B
1 KB

289ms
220ms

Document
text/html

13.35.93.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.staging.services.tiffinhub.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.93.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-93-112.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1c4ce6c5cc5c9b61660ef7c30541dabb5d1a81b0f0945f496c6d430f7e958b04

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: public, max-age=0, s-maxage=2
content-length: 956
content-type: text/html
date: Tue, 14 Mar 2023 00:16:18 GMT
etag: "92f9f9861ec33a39f0a3b77437499f84"
last-modified: Mon, 13 Mar 2023 17:07:04 GMT
server: AmazonS3
via: 1.1 2dd59b0ea355cb92a87e9e385032622a.cloudfront.net (CloudFront)
x-amz-cf-id: wAFhW8nm4Sbn8KFHXaXp2bAmYE__ohJrR2-_y4TBw_V27wKSaMlJbQ==
x-amz-cf-pop: JFK50-P8
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront

Redirect headers

content-length: 0
date: Tue, 14 Mar 2023 00:16:17 GMT
location: https://www.staging.services.tiffinhub.ca/
server: CloudFront
via: 1.1 2dd59b0ea355cb92a87e9e385032622a.cloudfront.net (CloudFront)
x-amz-cf-id: DwpUyxiz0SXK0LCxPsQmzyk3fwniZFiieJjWcs-6-2ECIoxUL1GI4g==
x-amz-cf-pop: JFK50-P8
x-cache: LambdaGeneratedResponse from cloudfront

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/ 99 KB
17 KB 54ms
27ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css

Requested by

Host: www.staging.services.tiffinhub.ca
URL: https://www.staging.services.tiffinhub.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5e8e8eb22e2eaf1ad02370c22c63c04774ab0b83b4329d5945333750814bb2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.staging.services.tiffinhub.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 00:16:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 462778
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17188
last-modified: Mon, 25 Jul 2022 19:31:34 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "62deef96-4324"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qSwS076CgISCVq2odG%2BzhqFqE3O%2B1%2BuV2ofubLEjvFL1oiknbTskT776waGOzE%2B43X8%2BE70kLA2xacSpvhP4Fp4%2Fl0RFM9OkK97iXMy3y8ommQEZvmhso%2FvfzDmKi1C7V7zouqz%2FLqTsJLRrodWM8utJ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7a7853be1ed04bd0-YUL
expires: Sun, 03 Mar 2024 00:16:17 GMT

GET
H2 200 main.47ce0f60.js Show response
www.staging.services.tiffinhub.ca/static/js/ 240 KB
75 KB 215ms
215ms Script
application/javascript 13.35.93.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.staging.services.tiffinhub.ca/static/js/main.47ce0f60.js
Requested by: Host: www.staging.services.tiffinhub.ca
URL: https://www.staging.services.tiffinhub.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.93.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-93-112.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fe167f0a4de7e2d6a6b2648206f31bcf0c641678c62d9163de94802345b95ca0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.staging.services.tiffinhub.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 00:16:18 GMT
content-encoding: gzip
via: 1.1 2dd59b0ea355cb92a87e9e385032622a.cloudfront.net (CloudFront)
last-modified: Mon, 13 Mar 2023 17:07:04 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P8
etag: W/"df0b7e8c863a66e6d101d009ba719087"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: H4INMtt_8BHB915X5E2wbVmL_LYPGPShv1jZDziyCBk7MHm_RgVgBQ==

GET
H2 200 main.e0ad198a.css
www.staging.services.tiffinhub.ca/static/css/ 48 KB
8 KB 139ms
138ms Stylesheet
text/css 13.35.93.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.staging.services.tiffinhub.ca/static/css/main.e0ad198a.css
Requested by: Host: www.staging.services.tiffinhub.ca
URL: https://www.staging.services.tiffinhub.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.93.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-93-112.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ce7ff0a9392e039229844e48c71487268df2d95a03d0581793197ae1db9e0a56

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.staging.services.tiffinhub.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 00:16:18 GMT
content-encoding: gzip
via: 1.1 2dd59b0ea355cb92a87e9e385032622a.cloudfront.net (CloudFront)
last-modified: Mon, 13 Mar 2023 17:07:04 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P8
etag: W/"49552f1bf976f25a4495d212b69d9890"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css
cache-control: public, max-age=0, s-maxage=2
x-amz-cf-id: ldgGP3b6JKG40uwZwzhSHVbOFT6FpKoQ169ydMcWQcowlGPnQnFrtQ==

GET
H2 200 v3 Show response
js.stripe.com/ 441 KB
119 KB 241ms
16ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: www.staging.services.tiffinhub.ca
URL: https://www.staging.services.tiffinhub.ca/static/js/main.47ce0f60.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

72fc0cdcb036811dfc52821b43f4e0133690b0cc2c23922115fe791b0974248b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.staging.services.tiffinhub.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 14 Mar 2023 00:16:18 GMT
via: 1.1 varnish
age: 13
x-cache: HIT
content-length: 121035
x-request-id: 6de22c59-df78-4839-ab50-c705ed873d26
x-served-by: cache-yul12824-YUL
last-modified: Mon, 13 Mar 2023 20:31:49 GMT
server: Fastly
etag: "fd2a5553943f001588b0b022d429d582"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 8

GET
H2 200 tiffinhub-white.png
www.staging.services.tiffinhub.ca/images/ 40 KB
40 KB 123ms
122ms Image
image/png 13.35.93.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.staging.services.tiffinhub.ca/images/tiffinhub-white.png
Requested by: Host: www.staging.services.tiffinhub.ca
URL: https://www.staging.services.tiffinhub.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.93.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-93-112.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1ef3246138df65af0d89fd283c5789dbb6fe2299b5ace8c55a6381426c8a3fa4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.staging.services.tiffinhub.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 00:16:18 GMT
via: 1.1 2dd59b0ea355cb92a87e9e385032622a.cloudfront.net (CloudFront)
last-modified: Mon, 13 Mar 2023 17:07:04 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P8
etag: "a58095964eac680298b71007c7b26d1b"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0, s-maxage=2
accept-ranges: bytes
content-length: 40685
x-amz-cf-id: XybxLXgxiwscGAc7nmLmYiCChfPS95Pqyg00MLvwmrd0LAPU9wEqkw==

GET
H2 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/webfonts/ 151 KB
152 KB 33ms
32ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16ca1f9d43fc2f7580d012519de3d21675e17344e245e4b64f83f5c10c34e051

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css
Origin: https://www.staging.services.tiffinhub.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 00:16:17 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 10130384
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 154840
last-modified: Mon, 25 Jul 2022 19:31:34 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "62deef96-25cd8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tRv1haJ4ifKOfz%2B7w2WgWnH%2FQEYjIwdP%2FKzB9%2FQQaU8pFB5sQEJzN%2FQz6wDvI%2F%2F4S2dEDQwW65kSRFAvhugKELAoq2yyULZ%2F33e1gsPBsfALs%2Fa84gMYf3yGaRFVv8kQzD5NsaFtFwYIM2JfpuHvqO9%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7a7853bfc9ab4bd0-YUL
expires: Sun, 03 Mar 2024 00:16:17 GMT

GET
H2 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/webfonts/ 103 KB
103 KB 44ms
44ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16534237a13a8234a9d42fbc783ed7689499061a8891493e5efea7e8d6952d19

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css
Origin: https://www.staging.services.tiffinhub.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 00:16:17 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2345240
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 105112
last-modified: Mon, 25 Jul 2022 19:31:34 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "62deef96-19a98"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJBIO8HQDXpt3QTaOzw5KWKVq%2FCQ1%2FKgxY0qPs%2BGR9EpwA0kJIXSLoK9lxSr2gW%2FPha7znyigPhfrB9BFZyIN%2BLFPXVNeA%2FAf6XePZepIzw7A8xoobAthYab2sHG2Tmku27nh5KTCOJRnOK7zZ2p2iFz"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7a7853bfc9af4bd0-YUL
expires: Sun, 03 Mar 2024 00:16:17 GMT

GET
H2 200 m-outer-93afeeb17bc37e711759584dbfc50d47.html Show response
js.stripe.com/v3/ Frame B9CC 200 B
787 B 17ms
17ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.staging.services.tiffinhub.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 10383036
cache-control: max-age=31536000
content-encoding: br
content-length: 122
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 14 Mar 2023 00:16:18 GMT
etag: "93afeeb17bc37e711759584dbfc50d47"
last-modified: Sun, 13 Nov 2022 20:03:40 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 438053
x-content-type-options: nosniff
x-request-id: bfc88c4b-651a-4132-8835-171bac846c58
x-served-by: cache-yul12824-YUL

POST
H2 200 csp-report
q.stripe.com/ Frame B9CC 0
601 B 255ms
81ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.staging.services.tiffinhub.ca
URL: https://www.staging.services.tiffinhub.ca/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 14 Mar 2023 00:16:18 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame B9CC 0
600 B 256ms
83ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.staging.services.tiffinhub.ca
URL: https://www.staging.services.tiffinhub.ca/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 14 Mar 2023 00:16:18 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 m-outer-8cb24ab2d649fd36a488d04d8c457933.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame B9CC 631 B
467 B 12ms
11ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 14 Mar 2023 00:16:18 GMT
via: 1.1 varnish
age: 5927140
x-cache: HIT
content-length: 332
x-request-id: 32430862-c2d4-44be-bfd1-a79f4afae787
x-served-by: cache-yul12824-YUL
last-modified: Wed, 21 Dec 2022 18:20:44 GMT
server: Fastly
etag: "f8f6a4584135f737b26927596ce6e0a7"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 361711

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 837A 930 B
1 KB 16ms
14ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 66
cache-control: max-age=300, public
content-encoding: gzip
content-length: 527
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 14 Mar 2023 00:16:18 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 173
x-content-type-options: nosniff
x-request-id: ae5064f5-09cc-440a-8444-09a387af2e1b
x-served-by: cache-yul12824-YUL
x-timer: S1678752978.188934,VS0,VE0

POST
H2 200 csp-report
q.stripe.com/ Frame 837A 0
374 B 215ms
82ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.staging.services.tiffinhub.ca
URL: https://www.staging.services.tiffinhub.ca/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/csp-report

Response headers

x-stripe-bg-intended-route-color: green
pragma: no-cache
date: Tue, 14 Mar 2023 00:16:18 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
server: nginx
cross-origin-opener-policy: same-origin
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
x-robots-tag: none
content-length: 0
expires: 0

GET
H2 200 out-4.5.42.js Show response
m.stripe.network/ Frame 837A 86 KB
16 KB 14ms
14ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.42.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Tue, 14 Mar 2023 00:16:18 GMT
x-content-type-options: nosniff
content-encoding: gzip
via: 1.1 varnish
age: 51
x-cache: HIT
content-length: 16031
x-request-id: 4c017d5e-edc3-4016-9ef9-e9b4cc04bb8d
x-served-by: cache-yul12824-YUL
server: Fastly
x-timer: S1678752978.210798,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 122

POST
H2 200 6 Show response
m.stripe.com/ Frame 837A 156 B
552 B 253ms
84ms XHR
application/json 54.186.100.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.186.100.168 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-186-100-168.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

02e68b6ba0d1277926940e271cb5093c7148c26a0bc8425bf5d1c6788b3671c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 14 Mar 2023 00:16:18 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: nginx
content-type: application/json;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
m.stripe.com/	1970-01-20 19:55:12	Name: m Value: 42115450-96af-4500-8133-2366dab8e4eb852871
.www.staging.services.tiffinhub.ca/	1970-01-20 19:04:48	Name: __stripe_mid Value: 235c6a7f-c578-4765-bd47-5606d47f85098c42af
.www.staging.services.tiffinhub.ca/	1970-01-20 10:19:14	Name: __stripe_sid Value: 208806c2-c04d-4107-b553-671b36a86d09274315

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
staging.services.tiffinhub.ca
www.staging.services.tiffinhub.ca
13.35.93.112
151.101.0.176
2606:4700::6811:180e
54.186.100.168
54.186.23.98
02e68b6ba0d1277926940e271cb5093c7148c26a0bc8425bf5d1c6788b3671c8
16534237a13a8234a9d42fbc783ed7689499061a8891493e5efea7e8d6952d19
16ca1f9d43fc2f7580d012519de3d21675e17344e245e4b64f83f5c10c34e051
1c4ce6c5cc5c9b61660ef7c30541dabb5d1a81b0f0945f496c6d430f7e958b04
1ef3246138df65af0d89fd283c5789dbb6fe2299b5ace8c55a6381426c8a3fa4
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
72fc0cdcb036811dfc52821b43f4e0133690b0cc2c23922115fe791b0974248b
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
c5e8e8eb22e2eaf1ad02370c22c63c04774ab0b83b4329d5945333750814bb2f
ce7ff0a9392e039229844e48c71487268df2d95a03d0581793197ae1db9e0a56
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
fe167f0a4de7e2d6a6b2648206f31bcf0c641678c62d9163de94802345b95ca0

www.staging.services.tiffinhub.ca Open in urlscan Pro 13.35.93.112 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

20 %IPv6

4 Domains

7 Subdomains

5 IPs

1 Countries

536 kBTransfer

1212 kBSize

3 Cookies

10 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

3 Cookies

1 Console Messages

Indicators

www.staging.services.tiffinhub.ca Open in urlscan Pro
13.35.93.112 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

20 %
IPv6

4
Domains

7
Subdomains

5
IPs

1
Countries

536 kB
Transfer

1212 kB
Size

3
Cookies

16 HTTP transactions
0 data transactions