coinbase-pilot.parcha.ai Open in urlscan Pro
76.76.21.9 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://coinbase-pilot.parcha.ai/
Submission Tags: @phishunt_io
Submission: On June 07 via api (June 7th 2024, 7:56:40 pm UTC) from DE — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 18 HTTP transactions. The main IP is 76.76.21.9, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is coinbase-pilot.parcha.ai.
TLS certificate: Issued by R10 on June 7th 2024. Valid for: 3 months.

This is the only time coinbase-pilot.parcha.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	76.76.21.9 76.76.21.9	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1adf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.26.223 104.18.26.223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.18.27.223 104.18.27.223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
18	7

6 76.76.21.9 (Walnut, United States)

ASN16509 (AMAZON-02, US)

coinbase-pilot.parcha.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1adf (United States)

ASN13335 (CLOUDFLARENET, US)

api.descope.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.26.223 (None, )

ASN13335 (CLOUDFLARENET, US)

api.descope.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.27.223 (None, )

ASN13335 (CLOUDFLARENET, US)

static.descope.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	descope.com api.descope.com static.descope.com — Cisco Umbrella Rank: 528355	47 KB
6	parcha.ai coinbase-pilot.parcha.ai	797 KB
3	gstatic.com fonts.gstatic.com	47 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 70	2 KB
0	rsms.me Failed rsms.me Failed
18	5

	Domain	Requested by
6	coinbase-pilot.parcha.ai	coinbase-pilot.parcha.ai
4	static.descope.com	coinbase-pilot.parcha.ai
3	fonts.gstatic.com	fonts.googleapis.com
2	api.descope.com	coinbase-pilot.parcha.ai
2	fonts.googleapis.com	coinbase-pilot.parcha.ai
0	rsms.me Failed	coinbase-pilot.parcha.ai
18	6

This site contains no links.

Subject Issuer	Validity	Valid
coinbase-pilot.parcha.ai R10	`2024-06-07` - `2024-09-05`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
api.descope.com E1	`2024-05-18` - `2024-08-16`	3 months	crt.sh
static.descope.com E1	`2024-05-26` - `2024-08-24`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://coinbase-pilot.parcha.ai/
Frame ID: A03B2298654BD4536F6F1C6E13B8BF31
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Parcha

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

18
Requests

94 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

893 kB
Transfer

3017 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
coinbase-pilot.parcha.ai/ 1 KB
1 KB 410ms
265ms Document
text/html 76.76.21.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://coinbase-pilot.parcha.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.9 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

c74a3fc82656220a886ff8ee6640de1ecc5acc538d6d77d5d756f70fa0f7ac0d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval'; connect-src 'self' .descope.com .parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
age: 0
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-security-policy: default-src 'self' 'unsafe-eval'; connect-src 'self' *.descope.com *.parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
content-type: text/html; charset=utf-8
date: Fri, 07 Jun 2024 19:56:35 GMT
etag: W/"c73c36b5a1efb3b53914ad791bf3976d"
referrer-policy: no-referrer
server: Vercel
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-frame-options: DENY
x-vercel-cache: HIT
x-vercel-id: fra1::pjrl9-1717790195585-c0cd24c9bfa1

GET
H2 200 css
fonts.googleapis.com/ 600 B
796 B 86ms
31ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Material+Icons+Round

Requested by

Host: coinbase-pilot.parcha.ai
URL: https://coinbase-pilot.parcha.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ed286dde4ef5eb7ae7bffbfbae0670a903e48817a82faf2877a083bae23fab08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Fri, 07 Jun 2024 19:56:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 07 Jun 2024 19:56:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 07 Jun 2024 19:56:36 GMT

GET
H2 200 index-3a5383e4.js Show response
coinbase-pilot.parcha.ai/assets/ 3 MB
754 KB 303ms
303ms Script
application/javascript 76.76.21.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://coinbase-pilot.parcha.ai/assets/index-3a5383e4.js

Requested by

Host: coinbase-pilot.parcha.ai
URL: https://coinbase-pilot.parcha.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.9 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

07180c8801375683537db136593c393c5bd067328f802737118a60a661a2444b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval'; connect-src 'self' .descope.com .parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://coinbase-pilot.parcha.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' 'unsafe-eval'; connect-src 'self' *.descope.com *.parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 07 Jun 2024 19:56:36 GMT
strict-transport-security: max-age=63072000
age: 0
content-disposition: inline; filename="index-3a5383e4.js"
referrer-policy: no-referrer
server: Vercel
x-vercel-id: fra1::m5zm9-1717790196010-f63f81e98645
etag: W/"c2e012e64166de034b92aaadf3d50ecc"
x-vercel-cache: HIT
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET
H2 200 index-1399be85.css
coinbase-pilot.parcha.ai/assets/ 113 KB
22 KB 173ms
173ms Stylesheet
text/css 76.76.21.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://coinbase-pilot.parcha.ai/assets/index-1399be85.css

Requested by

Host: coinbase-pilot.parcha.ai
URL: https://coinbase-pilot.parcha.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.9 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1399be85b79c7ef5ad38650d80350a922932889f3a7719d2b134d409be8634a6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval'; connect-src 'self' .descope.com .parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' 'unsafe-eval'; connect-src 'self' *.descope.com *.parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 07 Jun 2024 19:56:36 GMT
strict-transport-security: max-age=63072000
age: 0
content-disposition: inline; filename="index-1399be85.css"
referrer-policy: no-referrer
server: Vercel
x-vercel-id: fra1::bgcng-1717790196009-c123f95af537
etag: W/"e5794ba4d46fd75d4c0fb19de2cc1a06"
x-vercel-cache: HIT
x-frame-options: DENY
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET inter.css
rsms.me/inter/ 0
0

OPTIONS
H2 204 refresh
api.descope.com/v1/auth/ 0
0 286ms
212ms Preflight 2606:4700::6812:1adf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.descope.com/v1/auth/refresh

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1adf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-descope-sdk-name,x-descope-sdk-version
Access-Control-Request-Method: POST
Origin: https://coinbase-pilot.parcha.ai
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Accept,Authorization,current-project,x-csrf-token,x-current-project,x-current-company,x-descope-sdk-name,x-descope-sdk-version,x-descope-sdk-sha,x-descope-sdk-go-version,x-descope-sdk-python-version,x-descope-sdk-node-version,x-descope-sdk-java-version,x-descope-widget-id,x-descope-widget-type,x-descope-widget-version,x-request-id,x-feature-flags,cf-ipcountry,cf-ja3-hash,cf-bot-score,cf-threat-score,cf-verified-bot,cf-ray,cf-ipcity,cf-iplatitude,cf-iplongitude,cf-connecting-ip,x-hub-signature-256,sec-fetch-dest
access-control-allow-methods: GET,POST,PUT,DELETE
access-control-allow-origin: https://coinbase-pilot.parcha.ai
access-control-expose-headers: x-csrf-token,Content-Disposition
access-control-max-age: 604800
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 890334d8fdf85d9a-FRA
date: Fri, 07 Jun 2024 19:56:36 GMT
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

POST
H3 400 refresh Show response
api.descope.com/v1/auth/ 175 B
795 B 386ms
356ms Fetch
application/json 104.18.26.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.descope.com/v1/auth/refresh

Requested by

Host: coinbase-pilot.parcha.ai
URL: https://coinbase-pilot.parcha.ai/assets/index-3a5383e4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.26.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bb0f959772f220f482525f66af7b51e3b7da0bb0a22f1b0431e28801332060d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer P2QyhVzKVFe4lLCxndJUbLuyLhLt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer
x-descope-sdk-version: 1.0.10
x-descope-sdk-name: react
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 19:56:37 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
content-length: 175
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
expect-ct: max-age=86400, enforce
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://coinbase-pilot.parcha.ai
access-control-expose-headers: x-csrf-token,Content-Disposition
access-control-allow-credentials: true
cf-ray: 890334da7a0e381a-FRA

GET
H2 200 favicon.ico
coinbase-pilot.parcha.ai/images/ 4 KB
1 KB 422ms
422ms Other
image/vnd.microsoft.icon 76.76.21.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://coinbase-pilot.parcha.ai/images/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.9 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

92bc26b46aaa066be38b45c3eeb131ca5b376263b9e7b816499058d5f20545b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval'; connect-src 'self' .descope.com .parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' 'unsafe-eval'; connect-src 'self' *.descope.com *.parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 07 Jun 2024 19:56:36 GMT
strict-transport-security: max-age=63072000
age: 0
content-disposition: inline; filename="favicon.ico"
referrer-policy: no-referrer
server: Vercel
x-vercel-id: fra1::m547z-1717790196560-3cfafb0f09e4
etag: W/"aff44c9bf29e2043908672ff79deab24"
x-vercel-cache: HIT
x-frame-options: DENY
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET
H2 200 index-5b696ccb.js Show response
coinbase-pilot.parcha.ai/assets/ 53 KB
19 KB 170ms
169ms Script
application/javascript 76.76.21.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://coinbase-pilot.parcha.ai/assets/index-5b696ccb.js

Requested by

Host: coinbase-pilot.parcha.ai
URL: https://coinbase-pilot.parcha.ai/assets/index-3a5383e4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.9 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

298ad2d4257351e990ce4c0c68ecfb31bc8a170380bb27e81fdf613a3049376c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval'; connect-src 'self' .descope.com .parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://coinbase-pilot.parcha.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' 'unsafe-eval'; connect-src 'self' *.descope.com *.parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 07 Jun 2024 19:56:37 GMT
strict-transport-security: max-age=63072000
age: 0
content-disposition: inline; filename="index-5b696ccb.js"
referrer-policy: no-referrer
server: Vercel
x-vercel-id: fra1::f9927-1717790197252-f38864672b66
etag: W/"f2805bfa4ad2e9c6bfd7b03b485e12a8"
x-vercel-cache: HIT
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET
H2 200 favicon.ico
coinbase-pilot.parcha.ai/images/ 4 KB
76 B 27ms
26ms Other
image/vnd.microsoft.icon 76.76.21.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://coinbase-pilot.parcha.ai/images/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.9 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

92bc26b46aaa066be38b45c3eeb131ca5b376263b9e7b816499058d5f20545b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval'; connect-src 'self' .descope.com .parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 19:56:37 GMT
content-encoding: br
referrer-policy: no-referrer
content-security-policy: default-src 'self' 'unsafe-eval'; connect-src 'self' *.descope.com *.parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
server: Vercel
x-vercel-id: fra1::srtpb-1717790197244-1a5da8ee4cfa
age: 0
x-content-type-options: nosniff
x-vercel-cache: BYPASS
etag: W/"aff44c9bf29e2043908672ff79deab24"
x-frame-options: DENY
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="favicon.ico"

GET
H3 200 theme.css Show response
static.descope.com/pages/P2QyhVzKVFe4lLCxndJUbLuyLhLt/v2-alpha/ 10 KB
3 KB 138ms
60ms Fetch
text/css 104.18.27.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.descope.com/pages/P2QyhVzKVFe4lLCxndJUbLuyLhLt/v2-alpha/theme.css

Requested by

Host: coinbase-pilot.parcha.ai
URL: https://coinbase-pilot.parcha.ai/assets/index-5b696ccb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.27.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0232d04b42bfb274807903f872662cc9728045173f0af6d3358a017b8b37e583

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 19:56:37 GMT
x-amz-version-id: QM3tzcdRxqW3oAK3JF7gsOVwvux_39ns
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=15552000; preload
x-amz-request-id: P8YTH4NP97ZNQ0MC
age: 2799
cf-polished: origSize=10227
alt-svc: h3=":443"; ma=86400
x-amz-id-2: WJyibgTSrmSoutUeqfd1H6WxP72SUaqjtT0ZaxgmsKD3F8BgPOwT6hlJPWNN/qUSTnR0l6o6+jw=
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cf-bgj: minify
last-modified: Thu, 02 May 2024 21:41:03 GMT
server: cloudflare
etag: W/"0151fe49dc37839e993c12029662ec3a"
expect-ct: max-age=86400, enforce
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: *
cache-control: max-age=1, must-revalidate, private
access-control-max-age: 0
cf-ray: 890334de5ecf5d8a-FRA
x-geo: DE

GET
H3 200 config.json Show response
static.descope.com/pages/P2QyhVzKVFe4lLCxndJUbLuyLhLt/v2-alpha/ 2 KB
1 KB 133ms
57ms Fetch
application/json 104.18.27.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.descope.com/pages/P2QyhVzKVFe4lLCxndJUbLuyLhLt/v2-alpha/config.json

Requested by

Host: coinbase-pilot.parcha.ai
URL: https://coinbase-pilot.parcha.ai/assets/index-5b696ccb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.27.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a34481de535095615ed86f526b9f171ca828e02811e0b84455d49311e2a8f03

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 19:56:37 GMT
x-amz-version-id: QgFXT8igvillt56REAJFnSI.zPFgxA.A
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=15552000; preload
x-amz-request-id: P8YMXBG9WJMYTZ72
age: 2799
alt-svc: h3=":443"; ma=86400
x-amz-id-2: YZotz5m9uLT7w2figsTqDSRIUwwC+4uYd07rf9Zky2OJ9H0Rro3c9gms6zWrB3zWa/N0eVl+xQI=
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 02 May 2024 21:41:03 GMT
server: cloudflare
etag: W/"228df46f902455d1d17e249f52677b1e"
expect-ct: max-age=86400, enforce
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: *
cache-control: max-age=1, must-revalidate, private
access-control-max-age: 0
cf-ray: 890334de5ecb5d8a-FRA
x-geo: DE

GET
H2 200 css
fonts.googleapis.com/ 13 KB
989 B 31ms
30ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,200,300,400,500,600,700,800,900

Requested by

Host: coinbase-pilot.parcha.ai
URL: https://coinbase-pilot.parcha.ai/assets/index-5b696ccb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4680f0242ae53304a6bf932234579ecf1100b3473bd822857943a3e5a2e01f8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Fri, 07 Jun 2024 19:56:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 07 Jun 2024 19:41:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 07 Jun 2024 19:56:37 GMT

GET
H3 200 SC2RDDv0K7JEosA9dynJLzt0kJp9f.html Show response
static.descope.com/pages/P2QyhVzKVFe4lLCxndJUbLuyLhLt/v2-alpha/ 32 KB
33 KB 50ms
50ms Fetch
binary/octet-stream 104.18.27.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.descope.com/pages/P2QyhVzKVFe4lLCxndJUbLuyLhLt/v2-alpha/SC2RDDv0K7JEosA9dynJLzt0kJp9f.html

Requested by

Host: coinbase-pilot.parcha.ai
URL: https://coinbase-pilot.parcha.ai/assets/index-5b696ccb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.27.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

017ce5d558fc12b6119b7bacdcb8e33760ccc7f969839532444d78ef27bc0f1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 19:56:37 GMT
x-amz-version-id: P1Q6jygLNiFyxFL64ZHdt7v7GBInUhK2
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; preload
x-amz-request-id: P8YWS103BZ9HZJKK
age: 2799
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=SS6U0ioixVZEqirgJtOXcAlePiB7bLV5tvfmxmyxvxA-1717790197-1.0.1.1-kkkKG6GnMy_27vXPFZ0TMzRZ8ImKW7szym_FIc8GIjXkZaH9D3sHfjF5O2HKcjyyZWZxEZOek0pZPC.odP31ML.LWobtuIniXapoiehoykAOzr331wd70cKvvZ7bQRcC3hgCLYJdmfqX42fBA9ZE3FkACq0q_BSj9MMhr6Opmq4; report-to cf-csp-endpoint
alt-svc: h3=":443"; ma=86400
content-length: 32611
x-amz-id-2: fbBpwZjRjVVKnCVjPrVOVieIuCj6J4Bz+bFSlfUppNUURSg0SAR1ExTP95a/GKbC1xnAU/9SETK31JjL7mm+vslHARDgpDZoMtH6UcoGQs4=
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 14 Jun 2023 21:19:26 GMT
server: cloudflare
etag: "17fdf120618918897c4cc046926d90c2"
expect-ct: max-age=86400, enforce
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=SS6U0ioixVZEqirgJtOXcAlePiB7bLV5tvfmxmyxvxA-1717790197-1.0.1.1-kkkKG6GnMy_27vXPFZ0TMzRZ8ImKW7szym_FIc8GIjXkZaH9D3sHfjF5O2HKcjyyZWZxEZOek0pZPC.odP31ML.LWobtuIniXapoiehoykAOzr331wd70cKvvZ7bQRcC3hgCLYJdmfqX42fBA9ZE3FkACq0q_BSj9MMhr6Opmq4"}],"group":"cf-csp-endpoint","max_age":86400}
content-type: binary/octet-stream
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET
access-control-expose-headers: *
cache-control: max-age=1, must-revalidate, private
access-control-allow-origin: *
access-control-max-age: 0
accept-ranges: bytes
cf-ray: 890334debf6f5d8a-FRA
x-geo: DE

GET
H3 200 logo.png
static.descope.com/pages/P2QyhVzKVFe4lLCxndJUbLuyLhLt/v2-alpha/light/ 8 KB
9 KB 113ms
87ms Image
image/png 104.18.27.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.descope.com/pages/P2QyhVzKVFe4lLCxndJUbLuyLhLt/v2-alpha/light/logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.27.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8afaf7817f5aaf0ce8803b878133df2ddf3b7dd6a750c77b6ed62ad8244cbb79

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://coinbase-pilot.parcha.ai/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 19:56:37 GMT
x-amz-version-id: MHFdkLMF4aCOjWNY_eaxYQFdneyKO6P1
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; preload
x-amz-request-id: CPZY3TY9ZM9NXMDS
age: 2798
alt-svc: h3=":443"; ma=86400
content-length: 8236
x-amz-id-2: iDhC4sdJhM2jUwOnW/Q3ViSSKjd2/SuPapLcM8qYDKJNnsa+3sr1M78pi1ibWQTrD00j0nYcvqg=
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 02 May 2024 21:41:03 GMT
server: cloudflare
etag: "8ba5bc52dafa720e07819ab22974f75e"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: *
cache-control: max-age=1, must-revalidate, private
access-control-max-age: 0
accept-ranges: bytes
cf-ray: 890334df590c9bb3-FRA
x-geo: DE

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 97ms
45ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://coinbase-pilot.parcha.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 05:44:28 GMT
x-content-type-options: nosniff
age: 51129
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Jun 2025 05:44:28 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 74ms
22ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://coinbase-pilot.parcha.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 17:07:38 GMT
x-content-type-options: nosniff
age: 10139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Jun 2025 17:07:38 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 81ms
29ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://coinbase-pilot.parcha.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 04 Jun 2024 14:11:12 GMT
x-content-type-options: nosniff
age: 279925
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Jun 2025 14:11:12 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: rsms.me
URL: https://rsms.me/inter/inter.css

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.descope.com/	1970-01-20 21:09:51	Name: __cf_bm Value: 85hTZ5WjfuJI5Hp.nUfpSfiPXOAOX9Hk7yckFTM1pws-1717790197-1.0.1.1-z.48jWuQXHf_KqNUkX8zSuXEegCEW8jZWvcxj93kB7MUTq8ZTSI_Lt86vqqWS_E1oOGV9PBbcfS3w1bXWoUKfQ
			.descope.com/	1969-12-31 23:59:59	Name: _cfuvid Value: hLNMWmC_uR.Qw57.kv_06yC_SfiDAvKF3vsd.X3AEBw-1717790197207-0.0.1.1-604800000

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://coinbase-pilot.parcha.ai/(Line 9) Message: Refused to load the stylesheet 'https://rsms.me/inter/inter.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
other	warning	URL: https://coinbase-pilot.parcha.ai/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://coinbase-pilot.parcha.ai/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://api.descope.com/v1/auth/refresh Message: Failed to load resource: the server responded with a status of 400 ()
other	warning	URL: https://coinbase-pilot.parcha.ai/signin Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://coinbase-pilot.parcha.ai/signin Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval'; connect-src 'self' .descope.com .parcha.ai https://storage.googleapis.com; img-src 'self' https://lh3.googleusercontent.com https://static.descope.com https://parcha-ai-public-assets.s3.amazonaws.com https://parcha-ai-backtest-data.s3.amazonaws.com https://maps.googleapis.com https://files.withpersona.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://rsms.me; script-src 'self' https://maps.googleapis.com 'unsafe-eval'; script-src-elem 'self' https://maps.googleapis.com https://unpkg.com 'unsafe-eval'; frame-src 'self' https://www.google.com;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.descope.com
coinbase-pilot.parcha.ai
fonts.googleapis.com
fonts.gstatic.com
rsms.me
static.descope.com
rsms.me
104.18.26.223
104.18.27.223
2606:4700::6812:1adf
2a00:1450:4001:803::200a
2a00:1450:4001:80b::2003
76.76.21.9
017ce5d558fc12b6119b7bacdcb8e33760ccc7f969839532444d78ef27bc0f1d
0232d04b42bfb274807903f872662cc9728045173f0af6d3358a017b8b37e583
07180c8801375683537db136593c393c5bd067328f802737118a60a661a2444b
1399be85b79c7ef5ad38650d80350a922932889f3a7719d2b134d409be8634a6
298ad2d4257351e990ce4c0c68ecfb31bc8a170380bb27e81fdf613a3049376c
4680f0242ae53304a6bf932234579ecf1100b3473bd822857943a3e5a2e01f8d
5bb0f959772f220f482525f66af7b51e3b7da0bb0a22f1b0431e28801332060d
7a34481de535095615ed86f526b9f171ca828e02811e0b84455d49311e2a8f03
8afaf7817f5aaf0ce8803b878133df2ddf3b7dd6a750c77b6ed62ad8244cbb79
92bc26b46aaa066be38b45c3eeb131ca5b376263b9e7b816499058d5f20545b3
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
c74a3fc82656220a886ff8ee6640de1ecc5acc538d6d77d5d756f70fa0f7ac0d
ed286dde4ef5eb7ae7bffbfbae0670a903e48817a82faf2877a083bae23fab08
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

coinbase-pilot.parcha.ai Open in urlscan Pro 76.76.21.9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

94 %HTTPS

50 %IPv6

5 Domains

6 Subdomains

7 IPs

3 Countries

893 kBTransfer

3017 kBSize

2 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

6 Console Messages

Security Headers

Indicators

coinbase-pilot.parcha.ai Open in urlscan Pro
76.76.21.9 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

94 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

893 kB
Transfer

3017 kB
Size

2
Cookies

18 HTTP transactions
0 data transactions