my.vaven.co Open in urlscan Pro
116.203.93.185 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://my.vaven.co/
Effective URL:
https://my.vaven.co/login
Submission: On September 30 via api (September 30th 2023, 7:49:01 am UTC) from US — Scanned from DE

Summary HTTP 20 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 116.203.93.185, located in Germany and belongs to HETZNER-AS, DE. The main domain is my.vaven.co.
TLS certificate: Issued by R3 on September 5th 2023. Valid for: 3 months.

This is the only time my.vaven.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 13	116.203.93.185 116.203.93.185	24940 (HETZNER-AS) (HETZNER-AS)
3	99.86.4.76 99.86.4.76	16509 (AMAZON-02) (AMAZON-02)
3	54.186.23.98 54.186.23.98	16509 (AMAZON-02) (AMAZON-02)
2	151.101.64.176 151.101.64.176	54113 (FASTLY) (FASTLY)
1	35.155.119.208 35.155.119.208	16509 (AMAZON-02) (AMAZON-02)
20	5

13 116.203.93.185 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.185.93.203.116.clients.your-server.de

my.vaven.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.4.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-76.fra6.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.186.23.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-186-23-98.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.64.176 (United States)

ASN54113 (FASTLY, US)

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.155.119.208 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-155-119-208.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	vaven.co 2 redirects my.vaven.co	2 MB
7	stripe.com js.stripe.com — Cisco Umbrella Rank: 2793 q.stripe.com — Cisco Umbrella Rank: 24792 m.stripe.com — Cisco Umbrella Rank: 2449	138 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 2971	16 KB
20	3

	Domain	Requested by
13	my.vaven.co	2 redirects my.vaven.co
3	q.stripe.com	my.vaven.co
3	js.stripe.com	my.vaven.co js.stripe.com
2	m.stripe.network	js.stripe.com m.stripe.network
1	m.stripe.com	m.stripe.network
20	5

This site contains links to these domains. Also see Links.

Domain
vaven.co

Subject Issuer	Validity	Valid
my.vaven.co R3	`2023-09-05` - `2023-12-04`	3 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2023-07-31` - `2023-11-30`	4 months	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-08-01` - `2023-11-02`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2023-07-31` - `2023-10-26`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://my.vaven.co/login
Frame ID: 42AFD6A85FBEAB75A5AE2EFC00187333
Requests: 12 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Frame ID: D458596C22D1332D59686DA494806E94
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 0CC74BD0C9CA4E040B6893064D2A493E
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Vaven

Page URL History Show full URLs

http://my.vaven.co/ HTTP 301
https://my.vaven.co/ HTTP 302
https://my.vaven.co/login Page URL

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

5
IPs

2
Countries

1852 kB
Transfer

4816 kB
Size

5
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://vaven.co/

Search URL Search Domain Scan URL

URL: https://vaven.co/gdpr
Title: Cookie Preferences

Search URL Search Domain Scan URL

URL: https://vaven.co/privacy-policy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://vaven.co/terms
Title: Terms

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://my.vaven.co/ HTTP 301
https://my.vaven.co/ HTTP 302
https://my.vaven.co/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login Show response
my.vaven.co/
Redirect Chain

http://my.vaven.co/
https://my.vaven.co/
https://my.vaven.co/login

4 KB
2 KB

27ms
26ms

Document
text/html

116.203.93.185
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.vaven.co/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

116.203.93.185 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.185.93.203.116.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

1b366e54f3b78d41a20d3960e5fc43849e33993e7265f2020f800ef9f4b88ca2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, private
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 30 Sep 2023 07:48:56 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Redirect headers

Cache-Control: no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 30 Sep 2023 07:48:56 GMT
Location: https://my.vaven.co/login
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK app.js Show response
my.vaven.co/js/ 3 MB
769 KB 27ms
26ms Script
application/javascript 116.203.93.185
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.vaven.co/js/app.js?id=cd5aa8838975167c0b09

Requested by

Host: my.vaven.co
URL: https://my.vaven.co/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

116.203.93.185 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.185.93.203.116.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

9937475dbd039f3a7db6dc542848cc5a889c863f0405a2af51c1957a2eeae567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.vaven.co/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Sat, 30 Sep 2023 07:48:56 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 31 Jul 2023 18:48:51 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: W/"64c80213-2fde36"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H2 200 / Show response
js.stripe.com/v3/ 535 KB
133 KB 84ms
19ms Script
text/javascript 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: my.vaven.co
URL: https://my.vaven.co/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

25116310dc35e32bc0302ec9fa112a52c1b8020cd115ac4c7a672a939caf9d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.vaven.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Sat, 30 Sep 2023 07:48:32 GMT
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 28
x-cache: Hit from cloudfront
last-modified: Sat, 30 Sep 2023 03:12:16 GMT
server: Cloudfront
etag: W/"357c2c763a69a39ed7636c7b36fd0d92"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: ZHy5IpI_W8bzCpGCaNYWyp6b8gGVtNA2SCObXTKYbvuB9AP_-HxV5Q==

GET
H/1.1 200
OK app.css
my.vaven.co/css/ 239 KB
37 KB 48ms
20ms Stylesheet
text/css 116.203.93.185
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b

Requested by

Host: my.vaven.co
URL: https://my.vaven.co/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

116.203.93.185 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.185.93.203.116.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

ce1f257b6629f78cb0ab2e42b69df8359aa3df8502019d748c0b996e6f7fab2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.vaven.co/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Sat, 30 Sep 2023 07:48:56 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Jul 2023 14:09:22 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: W/"64ad6292-3bb01"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK logo-rounded-white-on-black.svg
my.vaven.co/img/ 3 KB
4 KB 14ms
14ms Image
image/svg+xml 116.203.93.185
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.vaven.co/img/logo-rounded-white-on-black.svg

Requested by

Host: my.vaven.co
URL: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

116.203.93.185 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.185.93.203.116.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

12acda0686a0f6392f5f34175171dfa347efdcc7f87f0080a6d074410ed68651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Sat, 30 Sep 2023 07:48:56 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Jun 2023 14:02:29 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "648b19f5-d5d"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3421
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK arrow-right.svg
my.vaven.co/img/ 1 KB
1 KB 11ms
11ms Image
image/svg+xml 116.203.93.185
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.vaven.co/img/arrow-right.svg

Requested by

Host: my.vaven.co
URL: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

116.203.93.185 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.185.93.203.116.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

b83e3bfd1e82f84a2d2d31795462f073e5ddffa55a5b0980a931d6caddc8eeb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Sat, 30 Sep 2023 07:48:56 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Jun 2023 14:02:29 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "648b19f5-446"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1094
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK login-bg.png
my.vaven.co/img/ 252 KB
252 KB 52ms
21ms Image
image/png 116.203.93.185
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.vaven.co/img/login-bg.png

Requested by

Host: my.vaven.co
URL: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

116.203.93.185 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.185.93.203.116.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

f699a42e634b99d7b3546ee54199a5cd41cfdd2973c4474f8100d8a71a4db9e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Sat, 30 Sep 2023 07:48:56 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Apr 2023 06:57:33 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "643504dd-3f06e"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 258158
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Elza-Semibold.ttf
my.vaven.co/fonts/Elza/ 159 KB
160 KB 22ms
11ms Font
application/octet-stream 116.203.93.185
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://my.vaven.co/fonts/Elza/Elza-Semibold.ttf
Requested by: Host: my.vaven.co
URL: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 116.203.93.185 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.185.93.203.116.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 963d677d0189a4dd09e03835f66b868ce6548726c228d14028eca3adb38b6501

Request headers

Referer: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b
Origin: https://my.vaven.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Sat, 30 Sep 2023 07:48:56 GMT
Last-Modified: Wed, 15 Feb 2023 16:30:58 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63ed08c2-27cd8"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 163032

GET
H/1.1 200
OK Elza-Bold.ttf
my.vaven.co/fonts/Elza/ 162 KB
162 KB 27ms
13ms Font
application/octet-stream 116.203.93.185
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://my.vaven.co/fonts/Elza/Elza-Bold.ttf
Requested by: Host: my.vaven.co
URL: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 116.203.93.185 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.185.93.203.116.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e568af84b7f7bd5b64112724c4f9d9fbf3942c56b1113ce62da20ddfab3ed221

Request headers

Referer: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b
Origin: https://my.vaven.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Sat, 30 Sep 2023 07:48:56 GMT
Last-Modified: Wed, 15 Feb 2023 16:30:58 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63ed08c2-28828"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 165928

GET
H/1.1 200
OK ElzaText-Regular.ttf
my.vaven.co/fonts/Elza/ 153 KB
154 KB 44ms
19ms Font
application/octet-stream 116.203.93.185
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://my.vaven.co/fonts/Elza/ElzaText-Regular.ttf
Requested by: Host: my.vaven.co
URL: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 116.203.93.185 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.185.93.203.116.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: b48a8d714ab03884087628f7f9f9ff6923054180111be002cb249e731fa1771b

Request headers

Referer: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b
Origin: https://my.vaven.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Sat, 30 Sep 2023 07:48:56 GMT
Last-Modified: Wed, 15 Feb 2023 16:30:58 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63ed08c2-265f0"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 157168

GET
H/1.1 200
OK ElzaText-Medium.ttf
my.vaven.co/fonts/Elza/ 154 KB
155 KB 49ms
19ms Font
application/octet-stream 116.203.93.185
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://my.vaven.co/fonts/Elza/ElzaText-Medium.ttf
Requested by: Host: my.vaven.co
URL: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 116.203.93.185 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.185.93.203.116.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 21bbfda500563575cfddb917d79413f433118a5fa26b035e4575373be835a0d0

Request headers

Referer: https://my.vaven.co/css/app.css?id=da9b3dafc7834a59776b
Origin: https://my.vaven.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Sat, 30 Sep 2023 07:48:56 GMT
Last-Modified: Wed, 15 Feb 2023 16:30:58 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63ed08c2-268e0"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 157920

GET
H/1.1 401
Unauthorized product Show response
my.vaven.co/api/ 30 B
1 KB 26ms
26ms XHR
application/json 116.203.93.185
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://my.vaven.co/api/product
Requested by: Host: my.vaven.co
URL: https://my.vaven.co/js/app.js?id=cd5aa8838975167c0b09
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 116.203.93.185 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.185.93.203.116.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 8031180d4d982a471ca97ef5a04e8d013d003c5c19e80d0a5f45401c4463ec27

Request headers

Accept: application/json
Referer: https://my.vaven.co/login
X-XSRF-TOKEN: eyJpdiI6IkRpMzBSNFJXLzUwbGJXaEVXQ1VZWlE9PSIsInZhbHVlIjoiaXM5QjA0MGw3SW1IL1ViV210VFBXalE2NjUzdWhXa1dOUVBKb1U1cWxOTkxaV3lad3FGTDhibmEzdXJlb2FqOHBZWEk2cEQxSUkyUmx3eDdLU014UnZWMXhEbmsvekZDTzI4dkNWTFRwZFArS1BUOFZhVUxzVlpiZmFuZ0crL0giLCJtYWMiOiI4YTkzY2M4MzE4NDExNjJkMTBhZWY2MTRkODI5OTViNjA1MGYzMDcwN2JjMTM2Mzg2Nzc1MGI3ZDVlYzRmYmRiIiwidGFnIjoiIn0=
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 30 Sep 2023 07:48:56 GMT
Cache-Control: no-cache, private
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 m-outer-27c67c0d52761104439bb051c7856ab1.html Show response
js.stripe.com/v3/ Frame D458 200 B
1 KB 11ms
11ms Document
text/html 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://my.vaven.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 3559
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 30 Sep 2023 06:49:37 GMT
etag: "27c67c0d52761104439bb051c7856ab1"
last-modified: Tue, 26 Sep 2023 23:09:17 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-cf-id: tLHqlT3Y9CPKo_Sku6Q9jm_N3itf9cRqjL0UgKBuW7VAecJPfGE0QQ==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 m-outer-6576085ca35ee42f2f484cda6763e4aa.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame D458 631 B
1 KB 12ms
12ms Script
text/javascript 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Sat, 30 Sep 2023 07:36:15 GMT
x-content-type-options: nosniff
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 763
x-cache: Hit from cloudfront
content-length: 631
last-modified: Tue, 26 Sep 2023 23:09:16 GMT
server: Cloudfront
etag: "70cacf09ae81711ac6dcbc5ee59750c4"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: UfLbF0_473DBXApZs4c6iLtpfzyoC1icXwWrNbdErwpGA2SMbCJCGg==

POST
H2 200 csp-report
q.stripe.com/ Frame D458 0
716 B 580ms
177ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: my.vaven.co
URL: https://my.vaven.co/login

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 30 Sep 2023 07:48:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1696060137562489
x-envoy-upstream-service-time: 3
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 1
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1696060137562001
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame D458 0
718 B 576ms
174ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: my.vaven.co
URL: https://my.vaven.co/login

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 30 Sep 2023 07:48:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1696060137562494
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 1
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1696060137562038
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 0CC7 930 B
1 KB 357ms
8ms Document
text/html 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 123
cache-control: max-age=300, public
content-encoding: br
content-length: 540
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 30 Sep 2023 07:48:57 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 83
x-content-type-options: nosniff
x-request-id: c0f65387-2d3d-4e9e-83aa-b38166effffd
x-served-by: cache-fra-eddf8230114-FRA
x-timer: S1696060137.428807,VS0,VE0

POST
H2 200 csp-report
q.stripe.com/ Frame 0CC7 0
490 B 213ms
176ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: my.vaven.co
URL: https://my.vaven.co/login

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 30 Sep 2023 07:48:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1696060137563096
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
x-stripe-server-envoy-upstream-service-time-ms: 1
x-stripe-client-envoy-start-time-us: 1696060137562221
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
expires: 0

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame 0CC7 87 KB
15 KB 15ms
15ms Script
text/javascript 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Sat, 30 Sep 2023 07:48:57 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 86
x-cache: HIT
content-length: 15509
x-request-id: 75f73534-1682-436e-9c19-d41a2877782e
x-served-by: cache-fra-eddf8230114-FRA
server: Fastly
x-timer: S1696060137.443883,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 60

POST
H2 200 6 Show response
m.stripe.com/ Frame 0CC7 156 B
669 B 575ms
182ms XHR
application/json 35.155.119.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.155.119.208 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-155-119-208.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

ab658bc934f74fc50bfe68e7994c981a3d71badb47cba2e8978f07c051d47037

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Sat, 30 Sep 2023 07:48:58 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1696060138010366
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 2
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1696060138010090
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
my.vaven.co/	1970-01-20 17:17:16	Name: XSRF-TOKEN Value: eyJpdiI6ImNHVTdvbjg0aXRtUjhITHZJelJhanc9PSIsInZhbHVlIjoiRkxIWWJLUk02RnEzSnBrT0lEMFdqZEpldlNlWkZxWEtYZ05TaGVhTmZvTDBaQlNTWk5zc2w4LzhNS0Nib1FOajdhZkQ2ZUlveC9Sb1c1NjlmYkgzbDV2clRjNmp0WUlxVm9pbXVhOUVLUkNvS0RZSTBmY3IvRktXMUpBV2p3dlMiLCJtYWMiOiIxYWYzY2JkY2JhNDg2ZWFjNDQ2N2JiMDdiOWY2MmEyMzg3YzJlNWM0NDEyNmQ1OGVkYjkxZmQ2NTQyY2ZhYzQzIiwidGFnIjoiIn0%3D
my.vaven.co/	1970-01-20 17:17:16	Name: vaven_session Value: eyJpdiI6InpIZm1BckR5bERPRjRNcXNqemU0RXc9PSIsInZhbHVlIjoiVkVjV2hwTEs3TGY5WkFFQk5QRDhwemJkQmdJaTZLYzhubkM2eTdtSGpvTlpGaW1rSjNHeHNTcmZsSkkzWXROcjQwZkFJaXM0b2ZQMjlVRVRHazZMcU84UUdCZTI5MXJObTArL2lVR0NCZUhBZlRqL2ZOMk1qa1lFNVIrWEVGdlQiLCJtYWMiOiI4ZTgwOTRmOGQ4MWE5MzIxMTk5ZWE2MDM0YTNlZTAyYzA4ODljNTY2ZDIyZmMxZTMwMzYwZmY0ZWI5OTJlNjI3IiwidGFnIjoiIn0%3D
m.stripe.com/	1970-01-21 00:43:40	Name: m Value: 39c62e72-f079-4d64-8b9a-98d057e37a185d3e79
.my.vaven.co/	1970-01-20 23:53:16	Name: __stripe_mid Value: d20dfb96-3ca0-4bd3-897f-7817a347152e5a4fbe
.my.vaven.co/	1970-01-20 15:07:41	Name: __stripe_sid Value: 70c63631-2731-4089-98f4-9ec551ee4fe49abecb

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://my.vaven.co/api/product Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

js.stripe.com
m.stripe.com
m.stripe.network
my.vaven.co
q.stripe.com
116.203.93.185
151.101.64.176
35.155.119.208
54.186.23.98
99.86.4.76
12acda0686a0f6392f5f34175171dfa347efdcc7f87f0080a6d074410ed68651
1b366e54f3b78d41a20d3960e5fc43849e33993e7265f2020f800ef9f4b88ca2
21bbfda500563575cfddb917d79413f433118a5fa26b035e4575373be835a0d0
25116310dc35e32bc0302ec9fa112a52c1b8020cd115ac4c7a672a939caf9d04
351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9
8031180d4d982a471ca97ef5a04e8d013d003c5c19e80d0a5f45401c4463ec27
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
963d677d0189a4dd09e03835f66b868ce6548726c228d14028eca3adb38b6501
9937475dbd039f3a7db6dc542848cc5a889c863f0405a2af51c1957a2eeae567
ab658bc934f74fc50bfe68e7994c981a3d71badb47cba2e8978f07c051d47037
b48a8d714ab03884087628f7f9f9ff6923054180111be002cb249e731fa1771b
b83e3bfd1e82f84a2d2d31795462f073e5ddffa55a5b0980a931d6caddc8eeb5
ce1f257b6629f78cb0ab2e42b69df8359aa3df8502019d748c0b996e6f7fab2f
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e568af84b7f7bd5b64112724c4f9d9fbf3942c56b1113ce62da20ddfab3ed221
f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947
f699a42e634b99d7b3546ee54199a5cd41cfdd2973c4474f8100d8a71a4db9e5

my.vaven.co Open in urlscan Pro 116.203.93.185 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

3 Domains

5 Subdomains

5 IPs

2 Countries

1852 kBTransfer

4816 kBSize

5 Cookies

4 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

5 Cookies

2 Console Messages

Security Headers

Indicators

my.vaven.co Open in urlscan Pro
116.203.93.185 Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

5
IPs

2
Countries

1852 kB
Transfer

4816 kB
Size

5
Cookies

20 HTTP transactions
0 data transactions