password.eu.c2.synology.com Open in urlscan Pro
159.100.4.201  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response password.eu.c2.synology.com/	825 B 1 KB	81ms 26ms	Document text/html	159.100.4.201 DE-FIRSTCOLO www....
General Check archive.org Show headers Download Go to Full URL https://password.eu.c2.synology.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 159.100.4.201 , Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE), Reverse DNS Software nginx / Resource Hash 90e34ff8ca84cc051c43001a9dbc79bc46714370d49978f55141441884d10f66 Security Headers Name Value Content-Security-Policy block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-eval' https://js.stripe.com; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://api.eu.c2.synology.com https://pay.c2.synology.com https://encryption-key.eu.c2.synology.com https://js.stripe.com; frame-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://js.stripe.com https://c2.synology.com Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1 Request headers :method GET :authority password.eu.c2.synology.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers cache-control no-cache content-encoding gzip content-security-policy block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-eval' https://js.stripe.com; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://api.eu.c2.synology.com https://pay.c2.synology.com https://encryption-key.eu.c2.synology.com https://js.stripe.com; frame-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://js.stripe.com https://c2.synology.com content-type text/html date Thu, 19 Aug 2021 04:55:30 GMT etag W/"6119b1e8-339" last-modified Mon, 16 Aug 2021 00:31:36 GMT server nginx strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff x-frame-options DENY x-xss-protection 1
GET H2	200	main.ab59fd7b.css password.eu.c2.synology.com/assets/css/	772 KB 220 KB	27ms 26ms	Stylesheet text/css	159.100.4.201 DE-FIRSTCOLO www....
General Check archive.org Show headers Download Go to Full URL https://password.eu.c2.synology.com/assets/css/main.ab59fd7b.css Requested by Host: password.eu.c2.synology.com URL: https://password.eu.c2.synology.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 159.100.4.201 , Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE), Reverse DNS Software nginx / Resource Hash b8d439544d4d7a840dc504961ae7d6aa3c4c3d2d178fad850623304cc64839da Security Headers Name Value Content-Security-Policy block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-eval' https://js.stripe.com; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://api.eu.c2.synology.com https://pay.c2.synology.com https://encryption-key.eu.c2.synology.com https://js.stripe.com; frame-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://js.stripe.com https://c2.synology.com Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1 Request headers :path /assets/css/main.ab59fd7b.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority password.eu.c2.synology.com referer https://password.eu.c2.synology.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://password.eu.c2.synology.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-security-policy block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-eval' https://js.stripe.com; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://api.eu.c2.synology.com https://pay.c2.synology.com https://encryption-key.eu.c2.synology.com https://js.stripe.com; frame-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://js.stripe.com https://c2.synology.com content-encoding gzip x-content-type-options nosniff last-modified Mon, 16 Aug 2021 00:31:36 GMT server nginx etag W/"6119b1e8-c114c" x-frame-options DENY content-type text/css cache-control max-age=31536000 date Thu, 19 Aug 2021 04:55:30 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-xss-protection 1 expires Fri, 19 Aug 2022 04:55:30 GMT
GET H2	200	main.ab59fd7b.js Show response password.eu.c2.synology.com/assets/js/	4 MB 1 MB	49ms 48ms	Script application/javascript	159.100.4.201 DE-FIRSTCOLO www....
General Check archive.org Show headers Download Go to Full URL https://password.eu.c2.synology.com/assets/js/main.ab59fd7b.js Requested by Host: password.eu.c2.synology.com URL: https://password.eu.c2.synology.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 159.100.4.201 , Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE), Reverse DNS Software nginx / Resource Hash b25719cb1ff51d89d6e0ad9f989037b696d5ffa513c339d112b15a4eb270550d Security Headers Name Value Content-Security-Policy block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-eval' https://js.stripe.com; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://api.eu.c2.synology.com https://pay.c2.synology.com https://encryption-key.eu.c2.synology.com https://js.stripe.com; frame-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://js.stripe.com https://c2.synology.com Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1 Request headers :path /assets/js/main.ab59fd7b.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority password.eu.c2.synology.com referer https://password.eu.c2.synology.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://password.eu.c2.synology.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-security-policy block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-eval' https://js.stripe.com; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://api.eu.c2.synology.com https://pay.c2.synology.com https://encryption-key.eu.c2.synology.com https://js.stripe.com; frame-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://js.stripe.com https://c2.synology.com content-encoding gzip x-content-type-options nosniff last-modified Mon, 16 Aug 2021 00:31:36 GMT server nginx etag W/"6119b1e8-391550" x-frame-options DENY content-type application/javascript cache-control max-age=31536000 date Thu, 19 Aug 2021 04:55:30 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-xss-protection 1 expires Fri, 19 Aug 2022 04:55:30 GMT
GET H2	200	v3 Show response js.stripe.com/	235 KB 64 KB	116ms 38ms	Script application/javascript	13.224.96.104 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3 Requested by Host: password.eu.c2.synology.com URL: https://password.eu.c2.synology.com/assets/js/main.ab59fd7b.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.96.104 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-96-104.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash f312fce9edec54cb42bdb599f7327fb1df535d1f4e8e520587072e98bc8b549f Security Headers Name Value Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Referer https://password.eu.c2.synology.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 19 Aug 2021 04:51:11 GMT content-encoding gzip vary Accept-Encoding age 260 via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-amz-request-id 9EZ67BWTDAD0W0EY x-amz-id-2 262sRcPAJWY3V+WzJfA2yP2ZY3jJztAkccz1crlBAUFOa66J1vYlGkyY9qX+QM1QT+vzb/ge6aM= last-modified Wed, 18 Aug 2021 19:58:05 GMT server AmazonS3 etag W/"e0d0d819f3e1987a1cd619390a5ca1a4" strict-transport-security max-age=31556926; includeSubDomains; preload content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=300 content-security-policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; x-amz-cf-pop ZRH50-C1 timing-allow-origin * x-amz-cf-id N2sSZJLvyCEMp9J8YG4ARkhHZPontCd9NUlpdYTXOnOb0LaA1qR4uw==
GET H2	200	/ Show response auth.c2.synology.com/ Frame 7B9D	783 B 1 KB	124ms 51ms	Document text/html	13.224.196.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://auth.c2.synology.com/ Requested by Host: password.eu.c2.synology.com URL: https://password.eu.c2.synology.com/assets/js/main.ab59fd7b.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.196.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-196-13.fra2.r.cloudfront.net Software nginx/1.10.3 / Resource Hash e5018fb90213c294c117e46c4b5c0859c1636177ae5538628352efd464e621d3 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' c2.synology.com *.c2.synology.com *.synologyc2.com; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority auth.c2.synology.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://password.eu.c2.synology.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://password.eu.c2.synology.com/ Response headers content-type text/html content-length 783 accept-ranges bytes cache-control public, max-age=604800 content-security-policy frame-ancestors 'self' c2.synology.com *.c2.synology.com *.synologyc2.com; date Thu, 19 Aug 2021 04:55:30 GMT etag "60bee383-30f" last-modified Tue, 08 Jun 2021 03:26:59 GMT server nginx/1.10.3 strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff x-xss-protection 1; mode=block x-cache Miss from cloudfront via 1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 x-amz-cf-id UlkNunfAEFfpqBxANUizLZ14PSav4Wi0E7MDGL3Gb2L9ViPS6vwqSA==
GET H2	200	m-outer-5564a2ae650989ada0dc7f7250ae34e9.html Show response js.stripe.com/v3/ Frame 01D4	215 B 951 B	31ms 31ms	Document text/html	13.224.96.104 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-5564a2ae650989ada0dc7f7250ae34e9.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.96.104 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-96-104.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 2f90c4b8fb3b8afbf228232c4afb00f5a1d0efab1c7f7ebf313d730d3cd050f3 Security Headers Name Value Content-Security-Policy default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers :method GET :authority js.stripe.com :scheme https :path /v3/m-outer-5564a2ae650989ada0dc7f7250ae34e9.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://password.eu.c2.synology.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://password.eu.c2.synology.com/ Response headers content-type text/html; charset=utf-8 content-length 215 x-amz-id-2 81rXAvpmmTm7S0Ll+YglK3B4aIroGEVB7eQ+HwMtSoNPxDlcigs0aWpJzBzzL6vfNciSw7xFry4= x-amz-request-id TCK67PAPFZHREZ3W last-modified Tue, 29 Jun 2021 17:25:38 GMT accept-ranges bytes server AmazonS3 strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * access-control-allow-origin * content-security-policy default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; date Thu, 19 Aug 2021 04:52:38 GMT cache-control public, max-age=300 etag "5564a2ae650989ada0dc7f7250ae34e9" x-cache Hit from cloudfront via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 x-amz-cf-id sQ2K0Zdzr6Ur7WJdS4JTI7oaGFfQDGX2EI3TYUD-eoZTKVZ331iysA== age 172
GET H2	200	m-outer-60c368c1e1eddba7bd149e4b4f5408df.js Show response js.stripe.com/v3/fingerprinted/js/ Frame 01D4	1 KB 1 KB	35ms 35ms	Script application/javascript	13.224.96.104 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/m-outer-60c368c1e1eddba7bd149e4b4f5408df.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/m-outer-5564a2ae650989ada0dc7f7250ae34e9.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.96.104 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-96-104.zrh50.r.cloudfront.net Software AmazonS3 / Resource Hash 691b9a514dcd9541c4d3fa26dc23c391eaf00535415d84f9cda5f910fe721840 Security Headers Name Value Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Referer https://js.stripe.com/v3/m-outer-5564a2ae650989ada0dc7f7250ae34e9.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip etag W/"78581b5abad6c4e7b59c0f8ee45a8134" age 99 via 1.1 f0f5607a03d2ae4c43b553dc2cef0c9e.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-amz-request-id SCDSMC6H8WNJWH4G x-amz-id-2 C9VCwvBo3/ihPutASjLwxR1OgDEnJWH0LJjjEH6c2rfyQNQrqA3rn9WArrutg+8G7gEcyXoLQmg= last-modified Tue, 29 Jun 2021 17:25:39 GMT server AmazonS3 date Thu, 19 Aug 2021 04:53:51 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=300 content-security-policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; x-amz-cf-pop ZRH50-C1 timing-allow-origin * x-amz-cf-id iekV3VycBBpGtZxpUepUSQK3WaMJTGqq0R6l9THi1MDMyTKLMlQAhA==
GET H2	200	inner.html Show response m.stripe.network/ Frame C41C	932 B 1 KB	39ms 11ms	Document text/html	2600:9000:2190:3800:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/inner.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-60c368c1e1eddba7bd149e4b4f5408df.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2190:3800:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash c4a8402fde1e397bcabe7467c0de035e7851eeb1bad9af5d1b67487e7d7f2a4a Security Headers Name Value Content-Security-Policy default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self'; Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers :method GET :authority m.stripe.network :scheme https :path /inner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://js.stripe.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://js.stripe.com/ Response headers content-type text/html; charset=utf-8 server nginx last-modified Thu, 12 Aug 2021 00:00:27 GMT strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * content-security-policy default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self'; content-encoding gzip date Thu, 19 Aug 2021 04:53:23 GMT cache-control public, max-age=300 etag W/"6114649b-3a4" vary Accept-Encoding x-cache Hit from cloudfront via 1.1 1437ff2cfbc1ea8c7a36e6b0ce6e935a.cloudfront.net (CloudFront) x-amz-cf-pop ZRH50-C1 x-amz-cf-id 4DF8GWdzO-XAyNvepbxJB8gAj2bb-yQ1neehHQ5aG6Hk9zFFSSu9mA== age 127
GET H2	200	out-4.5.40.js Show response m.stripe.network/ Frame C41C	85 KB 19 KB	13ms 13ms	Script application/x-javascript	2600:9000:2190:3800:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/out-4.5.40.js Requested by Host: m.stripe.network URL: https://m.stripe.network/inner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2190:3800:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 6a6915872afa798395a56c7aa50d086cb325ff7214ad78ada3c7a96350bbad39 Security Headers Name Value Content-Security-Policy default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self'; Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Referer https://m.stripe.network/inner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip etag W/"6114649b-154bc" age 224 x-cache Hit from cloudfront last-modified Thu, 12 Aug 2021 00:00:27 GMT server nginx date Thu, 19 Aug 2021 04:51:47 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 via 1.1 1437ff2cfbc1ea8c7a36e6b0ce6e935a.cloudfront.net (CloudFront) cache-control public, max-age=300 content-security-policy default-src 'self'; connect-src 'self' https://m.stripe.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; font-src data: https:; media-src 'none'; object-src 'self'; x-amz-cf-pop ZRH50-C1 timing-allow-origin * x-amz-cf-id g_MNMF55GV_1xDewQyi6qgNcnWYEBYS5fQyQfqfSzYKvJe2Wc3O_qA==
GET H2	200	app.6af8ca07.css auth.c2.synology.com/css/ Frame 7B9D	168 B 676 B	36ms 36ms	Stylesheet text/css	13.224.196.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://auth.c2.synology.com/css/app.6af8ca07.css Requested by Host: auth.c2.synology.com URL: https://auth.c2.synology.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.196.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-196-13.fra2.r.cloudfront.net Software nginx/1.10.3 / Resource Hash 8c305eeb3037b3f9ebbdfe2bce1bb62cf501ffae8b0de905d305b508ff7e12ef Security Headers Name Value Content-Security-Policy frame-ancestors 'self' c2.synology.com *.c2.synology.com *.synologyc2.com; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://auth.c2.synology.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' c2.synology.com *.c2.synology.com *.synologyc2.com; via 1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront) x-content-type-options nosniff x-amz-cf-pop FRA2-C1 x-cache Miss from cloudfront content-length 168 x-xss-protection 1; mode=block last-modified Tue, 08 Jun 2021 03:26:59 GMT server nginx/1.10.3 date Thu, 19 Aug 2021 04:55:31 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-type text/css cache-control public, max-age=604800 etag "60bee383-a8" accept-ranges bytes x-amz-cf-id H_NuX0dA7nByrIftKhQlOnbzAfZtxqUAC9WSVjhAqMXgFBUp2y6AoQ==
GET H2	200	app.dd9d04e1.js Show response auth.c2.synology.com/js/ Frame 7B9D	6 KB 3 KB	143ms 142ms	Script application/javascript	13.224.196.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://auth.c2.synology.com/js/app.dd9d04e1.js Requested by Host: auth.c2.synology.com URL: https://auth.c2.synology.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.196.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-196-13.fra2.r.cloudfront.net Software nginx/1.10.3 / Resource Hash f657923b5b226350c7f6b5896e44444d03b6b8a11de7826e72a1873a9f60e7a0 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' c2.synology.com *.c2.synology.com *.synologyc2.com; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://auth.c2.synology.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' c2.synology.com *.c2.synology.com *.synologyc2.com; content-encoding gzip x-content-type-options nosniff x-amz-cf-pop FRA2-C1 x-cache Miss from cloudfront vary Accept-Encoding x-xss-protection 1; mode=block last-modified Tue, 08 Jun 2021 03:26:59 GMT server nginx/1.10.3 date Thu, 19 Aug 2021 04:55:31 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript via 1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront) cache-control public, max-age=604800 etag W/"60bee383-160d" x-amz-cf-id kJrTGR8JepRCAeifiiTQRryooUZGJc518mmvsMrpbk_PltLyvExuSA==
GET H2	200	chunk-vendors.ea74894a.js Show response auth.c2.synology.com/js/ Frame 7B9D	142 KB 50 KB	136ms 136ms	Script application/javascript	13.224.196.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://auth.c2.synology.com/js/chunk-vendors.ea74894a.js Requested by Host: auth.c2.synology.com URL: https://auth.c2.synology.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.196.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-196-13.fra2.r.cloudfront.net Software nginx/1.10.3 / Resource Hash 99c3fe4a81a9ca651cb04992cb9fa61b77c3502353510a38afd7b6d7422fd8d8 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' c2.synology.com *.c2.synology.com *.synologyc2.com; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://auth.c2.synology.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' c2.synology.com *.c2.synology.com *.synologyc2.com; content-encoding gzip x-content-type-options nosniff x-amz-cf-pop FRA2-C1 x-cache Miss from cloudfront vary Accept-Encoding x-xss-protection 1; mode=block last-modified Tue, 08 Jun 2021 03:26:59 GMT server nginx/1.10.3 date Thu, 19 Aug 2021 04:55:31 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript via 1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront) cache-control public, max-age=604800 etag W/"60bee383-23748" x-amz-cf-id v91E7yYSxz2sjdSYXq5K8Yu40pg7MVF15xDJG8ZZ0unGGfpzmq7p6Q==
GET H2	200	config.js Show response auth.c2.synology.com/ Frame 7B9D	235 B 752 B	38ms 38ms	Script application/javascript	13.224.196.13 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://auth.c2.synology.com/config.js Requested by Host: auth.c2.synology.com URL: https://auth.c2.synology.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.196.13 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-196-13.fra2.r.cloudfront.net Software nginx/1.10.3 / Resource Hash 9a2de8ff655362ca0cdc6f72ed6665813f820c30ed2e4dc3eaa74ec0cb49e24c Security Headers Name Value Content-Security-Policy frame-ancestors 'self' c2.synology.com *.c2.synology.com *.synologyc2.com; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://auth.c2.synology.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-security-policy frame-ancestors 'self' c2.synology.com *.c2.synology.com *.synologyc2.com; via 1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront) x-content-type-options nosniff x-amz-cf-pop FRA2-C1 x-cache Miss from cloudfront content-length 235 x-xss-protection 1; mode=block last-modified Thu, 01 Jul 2021 01:05:47 GMT server nginx/1.10.3 date Thu, 19 Aug 2021 04:55:31 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript cache-control public, max-age=604800 etag "60dd14eb-eb" accept-ranges bytes x-amz-cf-id z3AbKLkfQxaBtszzHGZHeXsA4U3rK47wbPnNCM5JiQNt6ZyNo6o6Sw==
POST H2	200	6 Show response m.stripe.com/ Frame C41C	156 B 517 B	555ms 186ms	XHR text/plain	52.42.36.95 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.com/6 Requested by Host: m.stripe.network URL: https://m.stripe.network/out-4.5.40.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.42.36.95 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-42-36-95.us-west-2.compute.amazonaws.com Software nginx / Resource Hash fcd6cda26c0626d20d1c3ee1bccdfa7529a949a968edda123865f665b2d38c1b Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Thu, 19 Aug 2021 04:55:31 GMT content-encoding gzip x-content-type-options nosniff server nginx vary Accept-Encoding content-type text/plain;charset=utf-8 access-control-allow-origin https://m.stripe.network access-control-allow-credentials true strict-transport-security max-age=31556926; includeSubDomains; preload access-control-allow-headers Content-Type

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| webpackJsonp object| regeneratorRuntime function| setImmediate function| clearImmediate object| __webpackStripeJSv3Jsonp function| Stripe

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.password.eu.c2.synology.com/	1970-01-19 20:35:50	Name: __stripe_sid Value: 2d3a3c7f-3445-4814-96a1-403181ed200e764b0f
			.password.eu.c2.synology.com/	1970-01-20 05:21:24	Name: __stripe_mid Value: cd1a0da3-8ce8-45b9-baac-10c85e788779916d19

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	Message: [object Event]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-eval' https://js.stripe.com; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://api.eu.c2.synology.com https://pay.c2.synology.com https://encryption-key.eu.c2.synology.com https://js.stripe.com; frame-src 'self' https://auth.c2.synology.com https://auth.eu.c2.synology.com https://js.stripe.com https://c2.synology.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.c2.synology.com
js.stripe.com
m.stripe.com
m.stripe.network
password.eu.c2.synology.com
13.224.196.13
13.224.96.104
159.100.4.201
2600:9000:2190:3800:19:7d10:bd80:93a1
52.42.36.95
2f90c4b8fb3b8afbf228232c4afb00f5a1d0efab1c7f7ebf313d730d3cd050f3
691b9a514dcd9541c4d3fa26dc23c391eaf00535415d84f9cda5f910fe721840
6a6915872afa798395a56c7aa50d086cb325ff7214ad78ada3c7a96350bbad39
8c305eeb3037b3f9ebbdfe2bce1bb62cf501ffae8b0de905d305b508ff7e12ef
90e34ff8ca84cc051c43001a9dbc79bc46714370d49978f55141441884d10f66
99c3fe4a81a9ca651cb04992cb9fa61b77c3502353510a38afd7b6d7422fd8d8
9a2de8ff655362ca0cdc6f72ed6665813f820c30ed2e4dc3eaa74ec0cb49e24c
b25719cb1ff51d89d6e0ad9f989037b696d5ffa513c339d112b15a4eb270550d
b8d439544d4d7a840dc504961ae7d6aa3c4c3d2d178fad850623304cc64839da
c4a8402fde1e397bcabe7467c0de035e7851eeb1bad9af5d1b67487e7d7f2a4a
e5018fb90213c294c117e46c4b5c0859c1636177ae5538628352efd464e621d3
f312fce9edec54cb42bdb599f7327fb1df535d1f4e8e520587072e98bc8b549f
f657923b5b226350c7f6b5896e44444d03b6b8a11de7826e72a1873a9f60e7a0
fcd6cda26c0626d20d1c3ee1bccdfa7529a949a968edda123865f665b2d38c1b