urlscan.io logo urlscan.io
SecurityTrails logo

web.step.app Open in urlscan Pro
2400:52e0:1e00::1080:1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://app.step.app/?r=2AZTBHRV
Effective URL: https://web.step.app/
Submission: On May 23 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 8 domains to perform 21 HTTP transactions. The main IP is 2400:52e0:1e00::1080:1, located in Germany and belongs to BUNNYCDN, SI. The main domain is web.step.app.
TLS certificate: Issued by R3 on May 21st 2023. Valid for: 3 months.
This is the only time web.step.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    2606:4700:3035::6815:38d8 (United States)

ASN13335 (CLOUDFLARENET, US)
app.step.app
7    2400:52e0:1e00::1080:1 (Germany)

ASN200325 (BUNNYCDN, SI)
web.step.app
1    13.224.189.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-18.fra2.r.cloudfront.net
widget.intercom.io
2    2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebase.googleapis.com
1    2a03:90c0:41:2801::62 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)
cdn-preupdate.step.app
2    18.66.147.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-43.fra60.r.cloudfront.net
js.intercomcdn.com
2    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com
1    2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    44.211.195.229 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-211-195-229.compute-1.amazonaws.com
api-iam.intercom.io
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.fi
1    15.197.143.135 (United States)

ASN16509 (AMAZON-02, US)
PTR: a69d63ecdf0f33068.awsglobalaccelerator.com
downloads.intercomcdn.com
Apex Domain
Subdomains		 Transfer
9 step.app
app.step.app
web.step.app
cdn-preupdate.step.app
455 KB
4 googleapis.com
firebase.googleapis.com — Cisco Umbrella Rank: 5719
firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 589
1 KB
3 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 2460
downloads.intercomcdn.com — Cisco Umbrella Rank: 12129
212 KB
2 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 1933
api-iam.intercom.io — Cisco Umbrella Rank: 2135
6 KB
1 google.fi
www.google.fi — Cisco Umbrella Rank: 33970
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 76
252 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3686
252 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
73 KB
21 8
Domain Requested by
7 web.step.app web.step.app
2 firebaseinstallations.googleapis.com web.step.app
2 js.intercomcdn.com widget.intercom.io
2 firebase.googleapis.com web.step.app
1 downloads.intercomcdn.com
1 www.google.fi
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 api-iam.intercom.io js.intercomcdn.com
1 www.googletagmanager.com web.step.app
1 cdn-preupdate.step.app web.step.app
1 widget.intercom.io web.step.app
1 app.step.app 1 redirects
21 13

This site contains links to these domains. Also see Links.

Domain
step.app
Subject Issuer Validity Valid
web.step.app
R3		 2023-05-21 -
2023-08-19		 3 months crt.sh
*.intercom.com
Amazon RSA 2048 M02		 2023-02-14 -
2024-03-14		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
*.step.app
SSL.com RSA SSL subCA		 2022-07-15 -
2023-07-15		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M01		 2023-02-21 -
2024-01-29		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
*.google.fi
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://web.step.app/
Frame ID: 79F0CEC0C66F650B092A7823500D1834
Requests: 16 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.b5d27302.js
Frame ID: C964A4BE6F89AA7907A7EA5345FB77A9
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Step App | Web

Page URL History Show full URLs

  1. https://app.step.app/?r=2AZTBHRV HTTP 301
    https://web.step.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

21
Requests

100 %
HTTPS

69 %
IPv6

8
Domains

13
Subdomains

12
IPs

3
Countries

747 kB
Transfer

20982 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://app.step.app/?r=2AZTBHRV HTTP 301
    https://web.step.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
web.step.app/
Redirect Chain
  • https://app.step.app/?r=2AZTBHRV
  • https://web.step.app/
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
7cab08900da4c935e19a9912c6c6a74eec1bc56adaec032d8899cc9c9a94fd6d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
cache-control
max-age=60, stale-while-revalidate=3600
cdn-cache
REVALIDATED
cdn-cachedat
03/13/2023 10:03:07
cdn-edgestorageid
1078
cdn-proxyver
1.03
cdn-pullzone
972527
cdn-requestcountrycode
FI
cdn-requestid
fa2be9b82ee8277f4c4a873b2ed961b4
cdn-requestpullcode
200
cdn-requestpullsuccess
True
cdn-status
200
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Tue, 23 May 2023 11:49:33 GMT
etag
W/"bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy"
referrer-policy
strict-origin-when-cross-origin
server
BunnyCDN-DE1-1080
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-cache-status
HIT
x-content-type-options
nosniff
x-ipfs-path
/ipfs/bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy/
x-ipfs-roots
bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy
x-request-id
cabc225be8c356e9c910ecccfb30ef77
x-xss-protection
0

Redirect headers

cache-control
max-age=3600
cf-ray
7cbd137fda88991e-ARN
date
Tue, 23 May 2023 11:49:32 GMT
expires
Tue, 23 May 2023 12:49:32 GMT
location
https://web.step.app
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HSNG0NbdrPlpoa%2Fm9NjEHINl9Tq0LuI7KF2mTtFVVH2zXbDtWkoXsaMt7x6q537G1k20Xf2I4A4imfStQF1XagdAb1i%2Bs0zQSlDUQK3SUo%2FzakEbMG7NrfmyZeMCODdl1HZyZ3JAE8ynSTo%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
index-2b4d9da8.js
web.step.app/assets/ 		1 MB
391 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-2b4d9da8.js
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
668810f60202905b100b1d9d5e0b8f557ef02550a1995a6a02d6149a4222b6ba
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://web.step.app/
Origin
https://web.step.app
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:49:33 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cdn-edgestorageid
1077
content-security-policy
upgrade-insecure-requests
x-cache-status
MISS
cdn-cachedat
03/13/2023 10:12:59
cdn-pullzone
972527
x-xss-protection
0
x-request-id
56e289fed96d887e7093b7bbba3148b3
referrer-policy
strict-origin-when-cross-origin
server
BunnyCDN-DE1-1080
cdn-proxyver
1.03
x-ipfs-roots
bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy,QmUcHQ2rMu4enBeQrT3CAuCF3ZuXuSvWuptmsCEzNRoCoU,QmdjYirGBW2yT4ZLjdetAgfGSmjAoEE9UkRCPpRheAZnYb
etag
W/"QmdjYirGBW2yT4ZLjdetAgfGSmjAoEE9UkRCPpRheAZnYb"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=60, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy/assets/index-2b4d9da8.js
cdn-requestpullcode
200
cdn-requestid
ab58ad6549b2391591bfccafd1cb05be
cdn-requestcountrycode
FI
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
cdn-status
200
cdn-requestpullsuccess
True
index-ae585b0b.js
web.step.app/assets/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-ae585b0b.js
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://web.step.app/
Origin
https://web.step.app
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:49:33 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cdn-edgestorageid
1078
content-security-policy
upgrade-insecure-requests
x-cache-status
MISS
cdn-cachedat
03/13/2023 10:03:07
cdn-pullzone
972527
x-xss-protection
0
x-request-id
288b5822a7f338ba6ba6155124a5c6af
referrer-policy
strict-origin-when-cross-origin
server
BunnyCDN-DE1-1080
cdn-proxyver
1.03
x-ipfs-roots
bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy,QmUcHQ2rMu4enBeQrT3CAuCF3ZuXuSvWuptmsCEzNRoCoU,QmWgomjk9TL6qcADTs9iqUYa7KK4x8ZhFPCKVPUvRNYvhX
etag
W/"QmWgomjk9TL6qcADTs9iqUYa7KK4x8ZhFPCKVPUvRNYvhX"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=60, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy/assets/index-ae585b0b.js
cdn-requestpullcode
200
cdn-requestid
122760cb406dea5016307a84ba38716b
cdn-requestcountrycode
FI
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
cdn-status
200
cdn-requestpullsuccess
True
index-7b30a92b.css
web.step.app/assets/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-7b30a92b.css
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
7b30a92b63277c1582908b152f61c1fd70d687f6af0c8d222ee5e9a9aa7e6074
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:49:33 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cdn-edgestorageid
1078
content-security-policy
upgrade-insecure-requests
x-cache-status
MISS
cdn-cachedat
03/13/2023 10:12:59
cdn-pullzone
972527
x-xss-protection
0
x-request-id
0ed2112de53187e397ff9b6eae828d66
referrer-policy
strict-origin-when-cross-origin
server
BunnyCDN-DE1-1080
cdn-proxyver
1.03
x-ipfs-roots
bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy,QmUcHQ2rMu4enBeQrT3CAuCF3ZuXuSvWuptmsCEzNRoCoU,QmdwjKZGPygW8dCSJBjfcJy1XR5yzmfz5xoxFyVu9rwQdE
etag
W/"QmdwjKZGPygW8dCSJBjfcJy1XR5yzmfz5xoxFyVu9rwQdE"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=60, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy/assets/index-7b30a92b.css
cdn-requestpullcode
200
cdn-requestid
2d07f00f211e9b6b3bbd165038b39d64
cdn-requestcountrycode
FI
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
abikvo75
widget.intercom.io/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/abikvo75
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-18.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7f92eb4ff2e3438bff457c4b3ce08b7e65743187f68c1896c0d0fc8aa44ff75

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:26:30 GMT
content-encoding
gzip
via
1.1 96ab38d99b79d57e5c7e9b8a07c0fad2.cloudfront.net (CloudFront)
x-amz-version-id
r3a47I9VkYsupL2rFG_w.Qm0acWbaKmR
x-amz-cf-pop
FRA2-C1
age
1384
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
2678
last-modified
Tue, 23 May 2023 11:26:27 GMT
server
AmazonS3
etag
"c6bc689d319b6a2c214710bf92ed70bf"
vary
Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=900, s-maxage=900, public
accept-ranges
bytes
x-amz-cf-id
DfqTF7NCgLCy-hbAj_zkcBsigVIH9ZEJuYTsfDvvI-AGBpRneyiJxg==
SignIn-afed78f5.js
web.step.app/assets/ 		744 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SignIn-afed78f5.js
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-2b4d9da8.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
b497f5a5e1dedecefaeb6f7ef0a3c53ebb333e12fdc8971128e8a2b7e42be32a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://web.step.app
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:49:33 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cdn-edgestorageid
865
content-security-policy
upgrade-insecure-requests
x-cache-status
MISS
cdn-cachedat
03/13/2023 10:12:59
cdn-pullzone
972527
x-xss-protection
0
x-request-id
060d99409913743f99f771d899c67863
referrer-policy
strict-origin-when-cross-origin
server
BunnyCDN-DE1-1080
cdn-proxyver
1.03
x-ipfs-roots
bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy,QmUcHQ2rMu4enBeQrT3CAuCF3ZuXuSvWuptmsCEzNRoCoU,QmZuYkMmxLuHUEF5XEX6YqFDT653dmpqbVvqD6zdLfFcGT
etag
W/"QmZuYkMmxLuHUEF5XEX6YqFDT653dmpqbVvqD6zdLfFcGT"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=60, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy/assets/SignIn-afed78f5.js
cdn-requestpullcode
200
cdn-requestid
2c01096c363daf7b418a531e202b893d
cdn-requestcountrycode
FI
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
cdn-status
200
cdn-requestpullsuccess
True
SignIn-8f0ff971.css
web.step.app/assets/ 		255 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SignIn-8f0ff971.css
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-2b4d9da8.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:49:33 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cdn-edgestorageid
1076
content-security-policy
upgrade-insecure-requests
x-cache-status
MISS
cdn-cachedat
03/13/2023 10:03:08
cdn-pullzone
972527
x-xss-protection
0
x-request-id
10e250973e55c8dc60a15b5e18cf1f92
referrer-policy
strict-origin-when-cross-origin
server
BunnyCDN-DE1-1080
cdn-proxyver
1.03
x-ipfs-roots
bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy,QmUcHQ2rMu4enBeQrT3CAuCF3ZuXuSvWuptmsCEzNRoCoU,QmZKu1StPwUJ15tQWV822NXxcvGUBLgBkjx3RcLsURJyM6
etag
W/"QmZKu1StPwUJ15tQWV822NXxcvGUBLgBkjx3RcLsURJyM6"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=60, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy/assets/SignIn-8f0ff971.css
cdn-requestpullcode
200
cdn-requestid
3ab8beefe2fc0845244b740af597f626
cdn-requestcountrycode
FI
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/webConfig
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-api-key
Access-Control-Request-Method
GET
Origin
https://web.step.app
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers
x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://web.step.app
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Tue, 23 May 2023 11:49:34 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
SFMono-Bold-87372509.woff2
web.step.app/assets/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SFMono-Bold-87372509.woff2
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-7b30a92b.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://web.step.app/assets/index-7b30a92b.css
Origin
https://web.step.app
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:49:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1048
x-cache-status
MISS
cdn-cachedat
03/13/2023 10:03:08
cdn-pullzone
972527
content-length
44888
x-xss-protection
0
x-request-id
e5198e767fc44fe06a7da88ab6edd639
referrer-policy
strict-origin-when-cross-origin
server
BunnyCDN-DE1-1080
cdn-proxyver
1.03
x-ipfs-roots
bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy,QmUcHQ2rMu4enBeQrT3CAuCF3ZuXuSvWuptmsCEzNRoCoU,QmRUJyHLiehuBNz86sjjhMESnYRHmPwfCLGUTVr1oLXYHe
etag
"QmRUJyHLiehuBNz86sjjhMESnYRHmPwfCLGUTVr1oLXYHe"
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
REVALIDATED
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=60, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeifwjv4ict7etfmp4udfjdb3rkcx5kp2gyddqab6eh5ys3lyeuy7uy/assets/SFMono-Bold-87372509.woff2
cdn-requestpullcode
200
cdn-requestid
29dcb0d0a6a1a016c855e5f85ae77faf
accept-ranges
bytes
cdn-requestcountrycode
FI
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ 		355 B
428 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/webConfig
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-2b4d9da8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
https://web.step.app/
x-goog-api-key
AIzaSyD8XRCLUrS4ypRFN6Oubg0nfxNrECVmbWQ
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:49:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://web.step.app
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
238
x-xss-protection
0
statics.json
cdn-preupdate.step.app/statics/latest/ 		18 MB
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn-preupdate.step.app/statics/latest/statics.json
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-2b4d9da8.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:90c0:41:2801::62 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
application/json, text/plain, */*
Referer
https://web.step.app/
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc29
date
Tue, 23 May 2023 11:49:34 GMT
last-modified
Tue, 16 May 2023 10:26:10 GMT
server
nginx
etag
"64635a42-15b170f"
x-cached-since
2023-05-19T12:23:05+00:00
content-type
application/json
access-control-allow-origin
*
cache
HIT
x-nginx
nginx-be
accept-ranges
bytes
content-length
22746895
frame-modern.b5d27302.js
js.intercomcdn.com/ Frame C964 		478 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.b5d27302.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/abikvo75
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-43.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
24cffa7e67061d59b92c94942f944a471bfd093c08e82559ee3543837507ac8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:26:30 GMT
content-encoding
gzip
via
1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
x-amz-version-id
EPJ_eRVK3ModMi5VBH3GlEBG883iQDrr
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P4
age
1385
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
136493
last-modified
Tue, 23 May 2023 11:24:52 GMT
server
AmazonS3
etag
"6e9e20069db2fcf1936d4bd056720fed"
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
Rg5U0e8PYF0uLnDOsBcGWAx5HKNN4YB1Q2bVTOsr1-79g8mgUlV9Qw==
vendor-modern.77b49a51.js
js.intercomcdn.com/ Frame C964 		236 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.77b49a51.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/abikvo75
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-43.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
02a135826c3a2875bd1891a34d7adb0b5cce82dd759e5267cb6aaac5a4155cd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id
SDh22DHTleKckK6Wo2NX4mMDl1QbYetT
content-encoding
gzip
via
1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
date
Tue, 23 May 2023 10:59:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P4
age
3019
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
74263
last-modified
Fri, 19 May 2023 14:43:18 GMT
server
AmazonS3
etag
"49d6de9f46815845643b7afe88d2ca3f"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
TOO8ga9ka0uaRqZls8HlAXZ6NV-6piFuqzzy5Jp_9uKRayP3kM0hkg==
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/installations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-firebase-client,x-goog-api-key
Access-Control-Request-Method
POST
Origin
https://web.step.app
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-firebase-client,x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://web.step.app
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Tue, 23 May 2023 11:49:35 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ 		623 B
677 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/installations
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-2b4d9da8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a3912469f79f62274fd413e19680d03ed313d5e46315b333977ca417e7935685
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
https://web.step.app/
x-goog-api-key
AIzaSyD8XRCLUrS4ypRFN6Oubg0nfxNrECVmbWQ
accept-language
fi-FI,fi;q=0.9
x-firebase-client
eyJ2ZXJzaW9uIjoyLCJoZWFydGJlYXRzIjpbeyJhZ2VudCI6ImZpcmUtY29yZS8wLjkuMCBmaXJlLWNvcmUtZXNtMjAxNy8wLjkuMCBmaXJlLWpzLyBmaXJlLWlpZC8wLjYuMCBmaXJlLWlpZC1lc20yMDE3LzAuNi4wIGZpcmUtYW5hbHl0aWNzLzAuOS4wIGZpcmUtYW5hbHl0aWNzLWVzbTIwMTcvMC45LjAgZmlyZS1qcy1hbGwtYXBwLzkuMTUuMCIsImRhdGVzIjpbIjIwMjMtMDUtMjMiXX1dfQ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
content-type
application/json

Response headers

date
Tue, 23 May 2023 11:49:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://web.step.app
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
487
x-xss-protection
0
js
www.googletagmanager.com/gtag/ 		205 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-M830R3N37B
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-2b4d9da8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f3f6d4f605db1115c025c4bd57355b1a9993e3cb2d486a75f9b54544080c320f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:49:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
74459
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 23 May 2023 11:49:34 GMT
ping
api-iam.intercom.io/messenger/web/ Frame C964 		5 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.b5d27302.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.211.195.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-211-195-229.compute-1.amazonaws.com
Software
nginx /
Resource Hash
941ef3b3ef4296b3b1d85342043306fcd40600656fb47bb6ddcb0e0edd3d5a28
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 23 May 2023 11:49:36 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-0963ed01a2690bfb1
status
200 OK
x-xss-protection
1; mode=block
x-request-id
000262eqi4v3gd5etfpg
x-runtime
0.253788
server
nginx
etag
W/"941ef3b3ef4296b3b1d85342043306fc"
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://web.step.app
x-intercom-version
90630669d5be41b3351ac2be208e1ee56d4d0e92
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
collect
region1.analytics.google.com/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-M830R3N37B&gtm=45je35h0&_p=765229612&_gaz=1&_fid=fXSKRGJDfsNbb2nzTBMWvW&cid=114352861.1684842576&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1684842575&sct=1&seg=0&dl=https%3A%2F%2Fweb.step.app%2F&dt=Step%20App%20%7C%20Web&en=page_view&_fv=1&_nsi=1&_ss=2&_ee=1&ep.origin=firebase
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-M830R3N37B
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 May 2023 11:49:35 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-M830R3N37B&cid=114352861.1684842576&gtm=45je35h0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-M830R3N37B
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 May 2023 11:49:36 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.fi/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.fi/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-M830R3N37B&cid=114352861.1684842576&gtm=45je35h0&aip=1&z=269583734
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 May 2023 11:49:36 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
4389b9cc188db486c23cf0ac1d841d0b.png
downloads.intercomcdn.com/i/o/374631/d0df72937f89747f40b3cc52/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://downloads.intercomcdn.com/i/o/374631/d0df72937f89747f40b3cc52/4389b9cc188db486c23cf0ac1d841d0b.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.197.143.135 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a69d63ecdf0f33068.awsglobalaccelerator.com
Software
nginx /
Resource Hash
5a43ca9ec31f60e29464b8db20b076f473e6ef6908026fc446ad54d150dfe7f7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src fonts.intercomcdn.com; img-src downloads.intercomcdn.com/images/logo-gray-16x16-at-2x.png; media-src 'self'; style-src downloads.intercomcdn.com/410.css fonts.intercomcdn.com/proxima-nova/proxima-nova-all.css
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 11:49:36 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-0963ed01a2690bfb1
content-security-policy
default-src 'none'; font-src fonts.intercomcdn.com; img-src downloads.intercomcdn.com/images/logo-gray-16x16-at-2x.png; media-src 'self'; style-src downloads.intercomcdn.com/410.css fonts.intercomcdn.com/proxima-nova/proxima-nova-all.css
status
200 OK
content-transfer-encoding
binary
content-disposition
inline; filename="4389b9cc188db486c23cf0ac1d841d0b.png"; filename*=UTF-8''4389b9cc188db486c23cf0ac1d841d0b.png
x-xss-protection
1; mode=block
x-request-id
0000jlaqrhdd5b6nnf30
x-runtime
0.055043
last-modified
Tue, 20 Dec 2022 13:22:33 GMT
server
nginx
vary
Accept-Encoding
x-frame-options
deny
content-type
image/png
x-intercom-version
90630669d5be41b3351ac2be208e1ee56d4d0e92
cache-control
max-age=86400, private

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| intercomSettings function| Intercom function| IMask function| Buffer object| dataLayer function| gtag function| __intercomAssignLocation function| __intercomReloadLocation object| google_tag_manager object| google_tag_data object| gaGlobal

5 Cookies

Domain/Path Name / Value
.step.app/ Name: _ga_M830R3N37B
Value: GS1.1.1684842575.1.0.1684842575.60.0.0
.step.app/ Name: _ga
Value: GA1.1.114352861.1684842576
.step.app/ Name: intercom-id-abikvo75
Value: 232c6ffc-a603-476f-bf3f-ee8760104df7
.step.app/ Name: intercom-session-abikvo75
Value:
.step.app/ Name: intercom-device-id-abikvo75
Value: 8034b377-124b-4a4e-a8d0-c81d9ca3afb2

1 Console Messages

Source Level URL
Text
network error URL: https://cdn-preupdate.step.app/statics/latest/statics.json
Message:
Failed to load resource: net::ERR_CONNECTION_RESET

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
app.step.app
cdn-preupdate.step.app
downloads.intercomcdn.com
firebase.googleapis.com
firebaseinstallations.googleapis.com
js.intercomcdn.com
region1.analytics.google.com
stats.g.doubleclick.net
web.step.app
widget.intercom.io
www.google.fi
www.googletagmanager.com
13.224.189.18
15.197.143.135
18.66.147.43
2001:4860:4802:34::36
2400:52e0:1e00::1080:1
2606:4700:3035::6815:38d8
2a00:1450:4001:806::200a
2a00:1450:4001:80e::2003
2a00:1450:4001:813::200a
2a00:1450:4001:829::2008
2a00:1450:400c:c00::9b
2a03:90c0:41:2801::62
44.211.195.229
02a135826c3a2875bd1891a34d7adb0b5cce82dd759e5267cb6aaac5a4155cd4
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
24cffa7e67061d59b92c94942f944a471bfd093c08e82559ee3543837507ac8a
5a43ca9ec31f60e29464b8db20b076f473e6ef6908026fc446ad54d150dfe7f7
668810f60202905b100b1d9d5e0b8f557ef02550a1995a6a02d6149a4222b6ba
7b30a92b63277c1582908b152f61c1fd70d687f6af0c8d222ee5e9a9aa7e6074
7cab08900da4c935e19a9912c6c6a74eec1bc56adaec032d8899cc9c9a94fd6d
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
941ef3b3ef4296b3b1d85342043306fcd40600656fb47bb6ddcb0e0edd3d5a28
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
a3912469f79f62274fd413e19680d03ed313d5e46315b333977ca417e7935685
b497f5a5e1dedecefaeb6f7ef0a3c53ebb333e12fdc8971128e8a2b7e42be32a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3f6d4f605db1115c025c4bd57355b1a9993e3cb2d486a75f9b54544080c320f
f7f92eb4ff2e3438bff457c4b3ce08b7e65743187f68c1896c0d0fc8aa44ff75