![](/screenshots/4e22f322-3086-4e0c-932a-0cd0b11db9c5.png)
web.step.app
Open in
urlscan Pro
2606:4700:20::681a:107
Public Scan
Submission: On January 28 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on December 17th 2023. Valid for: 3 months.
This is the only time web.step.app was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 2606:4700:20:... 2606:4700:20::681a:107 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2a00:1450:400... 2a00:1450:4001:810::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:806::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700:20:... 2606:4700:20::ac43:45c4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2001:4860:480... 2001:4860:4802:32::36 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:82f::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400c:c00::9c | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:82b::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 13.32.27.21 13.32.27.21 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 99.84.88.63 99.84.88.63 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 52.73.162.54 52.73.162.54 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 15.197.143.135 15.197.143.135 | 16509 (AMAZON-02) (AMAZON-02) | |
27 | 12 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
firebase.googleapis.com |
ASN15169 (GOOGLE, US)
region1.google-analytics.com | |
region1.analytics.google.com |
ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-21.fra56.r.cloudfront.net
widget.intercom.io |
ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-63.muc50.r.cloudfront.net
js.intercomcdn.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-162-54.compute-1.amazonaws.com
api-iam.intercom.io |
ASN16509 (AMAZON-02, US)
PTR: a69d63ecdf0f33068.awsglobalaccelerator.com
downloads.intercomcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
step.app
1 redirects
web.step.app cdn-preupdate.step.app |
1 MB |
4 |
googleapis.com
firebase.googleapis.com — Cisco Umbrella Rank: 3647 firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 557 |
1 KB |
3 |
intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 2157 downloads.intercomcdn.com — Cisco Umbrella Rank: 12241 |
399 KB |
3 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37 |
248 KB |
2 |
intercom.io
widget.intercom.io — Cisco Umbrella Rank: 1661 api-iam.intercom.io — Cisco Umbrella Rank: 2016 |
6 KB |
2 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2029 |
306 B |
1 |
google.de
www.google.de — Cisco Umbrella Rank: 6518 |
408 B |
1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 79 |
252 B |
1 |
google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2616 |
54 B |
27 | 9 |
Domain | Requested by | |
---|---|---|
10 | web.step.app |
1 redirects
web.step.app
|
3 | www.googletagmanager.com |
web.step.app
www.googletagmanager.com |
2 | js.intercomcdn.com |
widget.intercom.io
|
2 | firebaseinstallations.googleapis.com |
web.step.app
|
2 | region1.google-analytics.com |
www.googletagmanager.com
|
2 | firebase.googleapis.com |
web.step.app
|
1 | downloads.intercomcdn.com | |
1 | api-iam.intercom.io |
js.intercomcdn.com
|
1 | widget.intercom.io |
web.step.app
|
1 | www.google.de |
web.step.app
|
1 | stats.g.doubleclick.net |
www.googletagmanager.com
|
1 | region1.analytics.google.com |
www.googletagmanager.com
|
1 | cdn-preupdate.step.app |
web.step.app
|
27 | 13 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
step.app GTS CA 1P5 |
2023-12-17 - 2024-03-16 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
www.google.de GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
*.intercom.com Amazon RSA 2048 M03 |
2024-01-15 - 2025-02-11 |
a year | crt.sh |
*.intercomcdn.com Amazon RSA 2048 M02 |
2023-12-01 - 2024-12-29 |
a year | crt.sh |
intercom-attachments-9.com Amazon RSA 2048 M03 |
2024-01-18 - 2025-02-15 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://web.step.app/
Frame ID: 9E844C5FB3010DC13047B5A85C53428D
Requests: 20 HTTP requests in this frame
Frame:
https://web.step.app/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js
Frame ID: 598AFAB7807B17052F0F3A3616669BB7
Requests: 2 HTTP requests in this frame
Frame:
https://js.intercomcdn.com/frame-modern.60152aab.js
Frame ID: 8BE3A2C7BB172A107A0BF7A26F5BBB8A
Requests: 3 HTTP requests in this frame
Screenshot
![](/screenshots/4e22f322-3086-4e0c-932a-0cd0b11db9c5.png)
Page Title
Step App | WebDetected technologies
Detected patterns
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: User Agreement
Search URL Search Domain Scan URL
Title: User Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://web.step.app/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
web.step.app/ |
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-c9afe529.js
web.step.app/assets/ |
1 MB 438 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-ae585b0b.js
web.step.app/assets/ |
19 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-9b097a67.css
web.step.app/assets/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
277 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
web.step.app/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/ Frame 598A Redirect Chain
|
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SignIn-6820b114.js
web.step.app/assets/ |
744 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SignIn-8f0ff971.css
web.step.app/assets/ |
255 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ |
355 B 428 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statics.json
cdn-preupdate.step.app/statics/latest/ |
22 MB 957 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 252 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
84cca8ff3e199bca
web.step.app/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 598A |
0 515 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SFMono-Bold-87372509.woff2
web.step.app/assets/ |
44 KB 45 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ |
622 B 677 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
222 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
222 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.analytics.google.com/g/ |
0 54 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/g/ |
0 252 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
abikvo75
widget.intercom.io/widget/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frame-modern.60152aab.js
js.intercomcdn.com/ Frame 8BE3 |
878 KB 250 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-modern.c93438f4.js
js.intercomcdn.com/ Frame 8BE3 |
458 KB 141 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
ping
api-iam.intercom.io/messenger/web/ Frame 8BE3 |
4 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1bf1cb0ca87a05407f159a07264fa0b5.png
downloads.intercomcdn.com/i/o/466034/f0c0b45e3422e1a261987507/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 54 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| gtag object| dataLayer object| intercomSettings function| Intercom function| IMask function| Buffer object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal function| __intercomAssignLocation function| __intercomReloadLocation7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.step.app/ | Name: _ga Value: GA1.1.1988782110.1706480819 |
|
.step.app/ | Name: _ga_3766Q8BJM3 Value: GS1.1.1706480819.1.0.1706480819.0.0.0 |
|
.step.app/ | Name: cf_clearance Value: 3hHdVEGFmZnJK3_P_nULf5TWxveO.ymX8unPJTc5f88-1706480819-1-ARb1Pk3HQ+DmLSTINqgrxUkJGREBpGNshm33CA12xn2E0gtEW1L9WPdMOX5r/pa8YoR5ChSgPnoPrRpE2ykBIp0= |
|
.step.app/ | Name: _ga_M830R3N37B Value: GS1.1.1706480820.1.0.1706480820.60.0.0 |
|
.step.app/ | Name: intercom-id-abikvo75 Value: 397035a6-3396-4595-9c8b-b581dbf60ea0 |
|
.step.app/ | Name: intercom-session-abikvo75 Value: |
|
.step.app/ | Name: intercom-device-id-abikvo75 Value: b6374fe5-93bf-42cb-9e52-89fb8ca73082 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api-iam.intercom.io
cdn-preupdate.step.app
downloads.intercomcdn.com
firebase.googleapis.com
firebaseinstallations.googleapis.com
js.intercomcdn.com
region1.analytics.google.com
region1.google-analytics.com
stats.g.doubleclick.net
web.step.app
widget.intercom.io
www.google.de
www.googletagmanager.com
13.32.27.21
15.197.143.135
2001:4860:4802:32::36
2606:4700:20::681a:107
2606:4700:20::ac43:45c4
2a00:1450:4001:806::200a
2a00:1450:4001:810::2008
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::200a
2a00:1450:400c:c00::9c
52.73.162.54
99.84.88.63
05b2966cf1cf99b375e585d0a08124a2d7fb68e7e84e5459e60ad3d841d9ebd9
0814e002ad0ee277700afa57a301fc5d07f2c4c770fe09a814610d9221d8e739
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
2dbd2763b4a4737449edde1b2101a203519474ca89bde86bd64712f29fc6b197
4d01ce701f99f9bf0befeb065d927d983e0450a8ca5f77d16b1ff4cf29c17deb
6068238a358deb328d112d6904304916b20cbffa5901994b4a2413a8344b00cb
7bc3d8790dd96d6ddd96469f44a181b79daf78402bfdac1a1784e4668cb8d63d
8735f0e62ca354528d13eee6450727b8a0c8120e476ef534d1ecccd2afdb7471
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
953bb1b46dbd19e477b3d3c9f54b8e521330eecdd93c9385d0f0c6ce1ceb3c3f
95cfdeff5e87410261b41c4fd0aef29eb6ab061a4d2da9a3ccdb5f81113b42e9
9b097a67faef1025bf62951c36e586916f2ed519cadb4c1cd0f47c3653e67e57
9c0406e9a552bece8e09615337f53d1b67106a0c9a34178cbbe5f1551d38913d
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
cff2fcbec823f107c777c3947d7824f455ac506d2739da26842db0fec717a08f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea2acd41e8d7c9eae2153073e4701d1d55468e572f6b8540ccbe50c2b2edfd9c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ff8692628db96d1f808e249c18e6b03ec959f055b2a1cf271664a5b63448af02