api-developer.tradesafe.dev Open in urlscan Pro
13.32.121.10  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response api-developer.tradesafe.dev/	20 KB 21 KB	924ms 904ms	Document text/html	13.32.121.10 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api-developer.tradesafe.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.10 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-10.fra60.r.cloudfront.net Software / Resource Hash f5d3e400ee3c271aa921b6b007d7f6797d11f77fce467cad4ca1f981b21c040c Security Headers Name Value Content-Security-Policy font-src 'self'; img-src data: cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; block-all-mixed-content; upgrade-insecure-requests; report-to csp-endpoint; report-uri &sentry_environment=integration&sentry_release= Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers :method GET :authority api-developer.tradesafe.dev :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers content-type text/html; charset=UTF-8 content-length 20371 date Thu, 07 Oct 2021 04:38:49 GMT x-amzn-requestid 8ea0e7fa-5607-4fb0-b404-f2ac01f4f876 referrer-policy no-referrer x-permitted-cross-domain-policies none x-xss-protection 1; mode=block expect-ct max-age=2147483648 strict-transport-security max-age=31536000 x-frame-options sameorigin content-security-policy font-src 'self'; img-src data: cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; block-all-mixed-content; upgrade-insecure-requests; report-to csp-endpoint; report-uri &sentry_environment=integration&sentry_release= x-download-options noopen x-amz-apigw-id G0f6DGMsCfMFc4A= cache-control no-cache, private report-to {"group":"csp-endpoint","max_age":"10886400","endpoints":[{"url":"&sentry_environment=integration&sentry_release="}]},{"group":"hpkp-endpoint","max_age":"10886400","endpoints":[{"url":"&sentry_environment=integration&sentry_release="}]} x-content-type-options nosniff x-amzn-trace-id Root=1-615e79d9-21460e8f01ae20355ee43b10;Sampled=1 permissions-policy accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(), display-capture=(self), document-domain=*, encrypted-media=(self), execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=*, usb=(self), web-share=(self), xr-spatial-tracking=(self) x-amzn-remapped-date Thu, 07 Oct 2021 04:38:49 GMT via 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront), 1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 FRA60-P1 vary Origin x-cache Miss from cloudfront x-amz-cf-id 4N-epZWRcOcIbb09x54ZsNfu5XutbzOb4ycYI0aFvWZ74KO7Qcnwow==
GET H2	200	index.css cdn.jsdelivr.net/npm/graphql-playground-react/build/static/css/	713 B 927 B	27ms 11ms	Stylesheet text/css	104.16.87.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/graphql-playground-react/build/static/css/index.css Requested by Host: api-developer.tradesafe.dev URL: https://api-developer.tradesafe.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 74a9cd2c4170292545a64a634567bea3f8d00ccea7fc9b2f4342779790e4ddf7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 07 Oct 2021 04:38:50 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT age 34218 x-jsd-version 1.7.26 x-cache HIT cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-served-by cache-fra19140-FRA timing-allow-origin * x-jsd-version-type version server cloudflare etag W/"2c9-btcY1wFYTu/1HPBg3v28DxmklVA" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 cf-ray 69a47132c9c34a9d-FRA
GET H2	200	middleware.js Show response cdn.jsdelivr.net/npm/graphql-playground-react/build/static/js/	2 MB 640 KB	45ms 29ms	Script application/javascript	104.16.87.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/graphql-playground-react/build/static/js/middleware.js Requested by Host: api-developer.tradesafe.dev URL: https://api-developer.tradesafe.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 486f58032e1ecb04dc2dc9308a3ed5e284821b784e755d66fb67b55ee3712209 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 07 Oct 2021 04:38:50 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT age 8657 x-jsd-version 1.7.26 x-cache HIT cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 x-served-by cache-fra19130-FRA timing-allow-origin * x-jsd-version-type version server cloudflare etag W/"2402e3-tN97SOItKyEg9CZN+lMa2wF73OU" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 cf-ray 69a47132d9c54a9d-FRA
POST H2	200	graphql Show response api-developer.tradesafe.dev/	164 KB 166 KB	1723ms 1723ms	Fetch application/json	13.32.121.10 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api-developer.tradesafe.dev/graphql Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/graphql-playground-react/build/static/js/middleware.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.10 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-10.fra60.r.cloudfront.net Software / Resource Hash e9b3ce1b41c88832b3985efaca458af23d9e2ea6b295e20bb7ea90c7e6158a30 Security Headers Name Value Content-Security-Policy font-src 'self'; img-src data: cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; block-all-mixed-content; upgrade-insecure-requests; report-to csp-endpoint; report-uri &sentry_environment=integration&sentry_release= Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers sec-fetch-mode cors origin https://api-developer.tradesafe.dev accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 authorization Bearer {TOKEN} sec-fetch-dest empty content-length 1468 :path /graphql pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 content-type application/json accept */* cache-control no-cache :authority api-developer.tradesafe.dev :scheme https sec-fetch-site same-origin :method POST accept */* Referer Authorization Bearer {TOKEN} Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 content-type application/json Response headers date Thu, 07 Oct 2021 04:38:52 GMT via 1.1 70d755f7200c02162c7545e4ce74649b.cloudfront.net (CloudFront), 1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront) vary Origin x-permitted-cross-domain-policies none x-amz-cf-pop FRA60-P4 FRA60-P1 x-amzn-requestid 4ecf20a6-d4d5-44b0-9018-636a2a5cc5be x-cache Miss from cloudfront strict-transport-security max-age=31536000 x-amz-apigw-id G0f6WFFGifMF_Cw= content-length 168360 x-xss-protection 1; mode=block content-security-policy font-src 'self'; img-src data: cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; block-all-mixed-content; upgrade-insecure-requests; report-to csp-endpoint; report-uri &sentry_environment=integration&sentry_release= referrer-policy no-referrer x-frame-options sameorigin x-amzn-trace-id Root=1-615e79db-6264691d216ddf271bae3c50;Sampled=0 expect-ct max-age=2147483648 x-ratelimit-remaining 2999 report-to {"group":"csp-endpoint","max_age":"10886400","endpoints":[{"url":"&sentry_environment=integration&sentry_release="}]},{"group":"hpkp-endpoint","max_age":"10886400","endpoints":[{"url":"&sentry_environment=integration&sentry_release="}]} x-download-options noopen access-control-allow-origin https://api-developer.tradesafe.dev access-control-expose-headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma cache-control no-cache, private access-control-allow-credentials true permissions-policy accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(), display-capture=(self), document-domain=*, encrypted-media=(self), execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=*, usb=(self), web-share=(self), xr-spatial-tracking=(self) x-ratelimit-limit 3000 content-type application/json x-amzn-remapped-date Thu, 07 Oct 2021 04:38:52 GMT x-content-type-options nosniff x-amz-cf-id mxnJdUGALRrxl9eU-zreAYPyMUNvCRwWS5wm6d64U17vYyM6wDvQHQ==

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster function| _ object| schemaFetcher object| scCGSHMRCache object| s function| session object| GraphQLPlayground object| m object| p string| version object| d object| editor object| g

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'display-capture'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	font-src 'self'; img-src data: cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; block-all-mixed-content; upgrade-insecure-requests; report-to csp-endpoint; report-uri &sentry_environment=integration&sentry_release=
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-developer.tradesafe.dev
cdn.jsdelivr.net
104.16.87.20
13.32.121.10
486f58032e1ecb04dc2dc9308a3ed5e284821b784e755d66fb67b55ee3712209
74a9cd2c4170292545a64a634567bea3f8d00ccea7fc9b2f4342779790e4ddf7
e9b3ce1b41c88832b3985efaca458af23d9e2ea6b295e20bb7ea90c7e6158a30
f5d3e400ee3c271aa921b6b007d7f6797d11f77fce467cad4ca1f981b21c040c