web.step.app
Open in
urlscan Pro
2606:4700:20::681a:107
Public Scan
Effective URL: https://web.step.app/
Submission: On December 10 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on October 19th 2023. Valid for: 3 months.
This is the only time web.step.app was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 11 | 2606:4700:20:... 2606:4700:20::681a:107 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2a00:1450:400... 2a00:1450:4001:802::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:801::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700:20:... 2606:4700:20::ac43:45c4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2001:4860:480... 2001:4860:4802:32::36 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:831::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400c:c00::9b | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 13.32.27.21 13.32.27.21 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 18.66.147.5 18.66.147.5 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 34.206.254.231 34.206.254.231 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 3.33.152.127 3.33.152.127 | 16509 (AMAZON-02) (AMAZON-02) | |
27 | 12 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
firebase.googleapis.com |
ASN15169 (GOOGLE, US)
region1.google-analytics.com | |
region1.analytics.google.com |
ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-21.fra56.r.cloudfront.net
widget.intercom.io |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-5.fra60.r.cloudfront.net
js.intercomcdn.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-254-231.compute-1.amazonaws.com
api-iam.intercom.io |
ASN16509 (AMAZON-02, US)
PTR: a69d63ecdf0f33068.awsglobalaccelerator.com
downloads.intercomcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
step.app
2 redirects
app.step.app web.step.app cdn-preupdate.step.app |
1 MB |
4 |
googleapis.com
firebase.googleapis.com — Cisco Umbrella Rank: 3835 firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 525 |
1 KB |
3 |
intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 2136 downloads.intercomcdn.com — Cisco Umbrella Rank: 12111 |
282 KB |
3 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36 |
247 KB |
2 |
intercom.io
widget.intercom.io — Cisco Umbrella Rank: 1721 api-iam.intercom.io — Cisco Umbrella Rank: 2121 |
6 KB |
2 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2189 |
306 B |
1 |
google.de
www.google.de — Cisco Umbrella Rank: 6765 |
408 B |
1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 75 |
252 B |
1 |
google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2693 |
45 B |
27 | 9 |
Domain | Requested by | |
---|---|---|
10 | web.step.app |
1 redirects
web.step.app
|
3 | www.googletagmanager.com |
web.step.app
www.googletagmanager.com |
2 | js.intercomcdn.com |
widget.intercom.io
|
2 | firebaseinstallations.googleapis.com |
web.step.app
|
2 | region1.google-analytics.com |
www.googletagmanager.com
|
2 | firebase.googleapis.com |
web.step.app
|
1 | downloads.intercomcdn.com | |
1 | api-iam.intercom.io |
js.intercomcdn.com
|
1 | widget.intercom.io |
web.step.app
|
1 | www.google.de |
web.step.app
|
1 | stats.g.doubleclick.net |
www.googletagmanager.com
|
1 | region1.analytics.google.com |
www.googletagmanager.com
|
1 | cdn-preupdate.step.app |
web.step.app
|
1 | app.step.app | 1 redirects |
27 | 14 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
step.app GTS CA 1P5 |
2023-10-19 - 2024-01-17 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
www.google.de GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
*.intercom.com Amazon RSA 2048 M02 |
2023-02-14 - 2024-03-14 |
a year | crt.sh |
*.intercomcdn.com Amazon RSA 2048 M02 |
2023-12-01 - 2024-12-29 |
a year | crt.sh |
intercom-attachments-10.com Amazon RSA 2048 M01 |
2023-07-09 - 2024-08-06 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://web.step.app/
Frame ID: 0925F9F1162EA724BFEB7045143E396A
Requests: 20 HTTP requests in this frame
Frame:
https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Frame ID: 44A3DC35D14BCD54DE24A55EA29E05AA
Requests: 2 HTTP requests in this frame
Frame:
https://js.intercomcdn.com/frame-modern.a78ca244.js
Frame ID: 30E29937A4D0248828AC199759A018B5
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
Step App | WebPage URL History Show full URLs
-
http://app.step.app/
HTTP 307
https://app.step.app/ HTTP 301
https://web.step.app/ Page URL
Detected technologies
Google Analytics (Analytics) ExpandDetected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: User Agreement
Search URL Search Domain Scan URL
Title: User Privacy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://app.step.app/
HTTP 307
https://app.step.app/ HTTP 301
https://web.step.app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
web.step.app/ Redirect Chain
|
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-c9afe529.js
web.step.app/assets/ |
1 MB 438 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-ae585b0b.js
web.step.app/assets/ |
19 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-9b097a67.css
web.step.app/assets/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
274 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/ Frame 44A3 Redirect Chain
|
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SignIn-6820b114.js
web.step.app/assets/ |
744 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SignIn-8f0ff971.css
web.step.app/assets/ |
255 B 993 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ |
355 B 428 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statics.json
cdn-preupdate.step.app/statics/latest/ |
22 MB 950 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 252 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SFMono-Bold-87372509.woff2
web.step.app/assets/ |
44 KB 45 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
8334664998c35d5b
web.step.app/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 44A3 |
0 456 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ |
625 B 680 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
219 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
219 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.analytics.google.com/g/ |
0 45 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/g/ |
0 252 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
abikvo75
widget.intercom.io/widget/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frame-modern.a78ca244.js
js.intercomcdn.com/ Frame 30E2 |
515 KB 143 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-modern.689650c5.js
js.intercomcdn.com/ Frame 30E2 |
426 KB 131 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
ping
api-iam.intercom.io/messenger/web/ Frame 30E2 |
5 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1bf1cb0ca87a05407f159a07264fa0b5.png
downloads.intercomcdn.com/i/o/466034/f0c0b45e3422e1a261987507/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 54 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| documentPictureInPicture function| gtag object| dataLayer object| intercomSettings function| Intercom function| IMask function| Buffer object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal function| __intercomAssignLocation function| __intercomReloadLocation7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.step.app/ | Name: _ga Value: GA1.1.672929011.1702199897 |
|
.step.app/ | Name: _ga_3766Q8BJM3 Value: GS1.1.1702199897.1.0.1702199897.0.0.0 |
|
.step.app/ | Name: _ga_M830R3N37B Value: GS1.1.1702199897.1.0.1702199897.60.0.0 |
|
.step.app/ | Name: cf_clearance Value: GdnkEYKoWoNPEciZ1q1.t.rM6dnTWho4R679UwN1uaE-1702199897-0-1-dbddf7a5.829611f0.8cdca845-0.2.1702199897 |
|
.step.app/ | Name: intercom-id-abikvo75 Value: ad8dd1ff-e222-46a1-b885-d6555f93a0d7 |
|
.step.app/ | Name: intercom-session-abikvo75 Value: |
|
.step.app/ | Name: intercom-device-id-abikvo75 Value: 6877e850-dee3-44a4-9175-9b26b0c8e128 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api-iam.intercom.io
app.step.app
cdn-preupdate.step.app
downloads.intercomcdn.com
firebase.googleapis.com
firebaseinstallations.googleapis.com
js.intercomcdn.com
region1.analytics.google.com
region1.google-analytics.com
stats.g.doubleclick.net
web.step.app
widget.intercom.io
www.google.de
www.googletagmanager.com
13.32.27.21
18.66.147.5
2001:4860:4802:32::36
2606:4700:20::681a:107
2606:4700:20::ac43:45c4
2a00:1450:4001:801::200a
2a00:1450:4001:802::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c00::9b
3.33.152.127
34.206.254.231
0814e002ad0ee277700afa57a301fc5d07f2c4c770fe09a814610d9221d8e739
16c03a37419b2b928ae38f88176fe722da256aa25b2c9067178fc6d21b5c74ed
1a08695bb64493e755edf138c5d8052888ca6da13b8b0502e330c52e050725e1
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
2dbd2763b4a4737449edde1b2101a203519474ca89bde86bd64712f29fc6b197
2e75beea09a99530b8d05d70d0f050284d2b72c3c2a093e17e36ce3d5a9e0f22
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
8d758f678dce33131a65a4fb260b45d725f51ed2988299904dc7cf35ff86afeb
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
91c926de6dd6ad06f68223f0d214482ac0d17ff9354f4d575c6ce324c9d42e8c
9b097a67faef1025bf62951c36e586916f2ed519cadb4c1cd0f47c3653e67e57
9c0406e9a552bece8e09615337f53d1b67106a0c9a34178cbbe5f1551d38913d
9c540b32f6f71bf9134db3981b0a88d99df59887add1228b898dd66f12b629df
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
a98b0d22fb50853a6fbb1a665e510a9595d2dae5f86a5774f8f0c2f701955532
aa368d4c3f782b67d1b3499146c4e5ce8024e61bf9b5ca8f7ed8a2248c740c71
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec3ec72260d336c25645dfa0d30e9d184d5c2e21a65329fa81f3ba4a47fee475
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f88e78455df94e941af8b5563ee28cdf227590f8c970f722c7900be00e7f00e3