urlscan.io logo urlscan.io
SecurityTrails logo

hammerhead-app-ubtkn.ondigitalocean.app Open in urlscan Pro
2a06:98c1:58::60  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://hammerhead-app-ubtkn.ondigitalocean.app/
Effective URL: https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None
Submission: On April 16 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 2a06:98c1:58::60, located in United States and belongs to CLOUDFLARENET, US. The main domain is hammerhead-app-ubtkn.ondigitalocean.app.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 17th 2023. Valid for: a year.
This is the only time hammerhead-app-ubtkn.ondigitalocean.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 2a06:98c1:58::60 13335 (CLOUDFLAR...)
3 104.16.86.20 13335 (CLOUDFLAR...)
4 54.231.237.1 16509 (AMAZON-02)
8 3
Apex Domain
Subdomains		 Transfer
4 amazonaws.com
tapara-store-location.s3.amazonaws.com
158 KB
3 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 315
68 KB
2 ondigitalocean.app
hammerhead-app-ubtkn.ondigitalocean.app
2 KB
8 3
Domain Requested by
4 tapara-store-location.s3.amazonaws.com hammerhead-app-ubtkn.ondigitalocean.app
3 cdn.jsdelivr.net hammerhead-app-ubtkn.ondigitalocean.app
2 hammerhead-app-ubtkn.ondigitalocean.app 1 redirects
8 3

This site contains no links.

Subject Issuer Validity Valid
ondigitalocean.app
Cloudflare Inc ECC CA-3		 2023-09-17 -
2024-09-16		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2023-10-10 -
2024-07-03		 9 months crt.sh

This page contains 1 frames:

Primary Page: https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None
Frame ID: 842D84F85CFD59EEE0B1A5C4A1986547
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Tapara Simple Store Locator

Page URL History Show full URLs

  1. https://hammerhead-app-ubtkn.ondigitalocean.app/ HTTP 302
    https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

8
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

228 kB
Transfer

463 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hammerhead-app-ubtkn.ondigitalocean.app/ HTTP 302
    https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
hammerhead-app-ubtkn.ondigitalocean.app/auth/login/
Redirect Chain
  • https://hammerhead-app-ubtkn.ondigitalocean.app/
  • https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:58::60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74c691ef48f1d2e24ee30d0b9d67cf5daf20fc6589473f4fe8338bbff4647afa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
private
cf-cache-status
MISS
cf-ray
8753f7028c88368a-FRA
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
date
Tue, 16 Apr 2024 11:51:41 GMT
last-modified
Tue, 16 Apr 2024 11:51:41 GMT
referrer-policy
same-origin
server
cloudflare
vary
Cookie, Accept-Encoding
x-content-type-options
nosniff
x-do-app-origin
6cbdc248-8a86-4218-a039-3321da7660d9
x-do-orig-status
200
x-frame-options
DENY

Redirect headers

cache-control
private
cf-cache-status
MISS
cf-ray
8753f700cacb368a-FRA
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
date
Tue, 16 Apr 2024 11:51:41 GMT
location
/auth/login/?shop=None
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
x-do-app-origin
6cbdc248-8a86-4218-a039-3321da7660d9
x-do-orig-status
302
x-frame-options
DENY
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ 		152 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
Requested by
Host: hammerhead-app-ubtkn.ondigitalocean.app
URL: https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.86.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://hammerhead-app-ubtkn.ondigitalocean.app
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 11:51:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2920141
x-jsd-version
5.0.2
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230097-FRA, cache-lga21934-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IP%2B7OIF2NWGDIpC69OUpFSuiFuQf%2B%2F16GJZidOvu%2BgYysaTfRG9%2BqK6EdDrkW1Q8qg1ilUCts%2Ff4qFMGmGf1tLJ24ZFfdDG10T5Co1lE3XjOOvqSaeCVdK1n%2FROTGvWRi5s%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
8753f705c84f4d3a-FRA
dashboard.css
tapara-store-location.s3.amazonaws.com/static/shopify_app/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tapara-store-location.s3.amazonaws.com/static/shopify_app/dashboard.css
Requested by
Host: hammerhead-app-ubtkn.ondigitalocean.app
URL: https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.231.237.1 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
3d937358270cfc80a7d5ba3c683defdde3115be20f9d8f969b5de9f960c37a2e

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 16 Apr 2024 11:51:42 GMT
Last-Modified
Sat, 13 Apr 2024 05:01:08 GMT
Server
AmazonS3
x-amz-request-id
ZS0MBD01XSA1JQSD
ETag
"5eac7b23073616a1e4a13c122fc01933"
x-amz-server-side-encryption
AES256
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Length
1573
x-amz-id-2
Fj2hYmVERMyVGKKNdLx/jMIbM7dh3i6NOHTmZGDx2lb8xgJpmVBJTWXeqR/uR6RshFDlpT6AOyo=
App_Icon.png
tapara-store-location.s3.amazonaws.com/static/shopify_app/ 		153 KB
154 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tapara-store-location.s3.amazonaws.com/static/shopify_app/App_Icon.png
Requested by
Host: hammerhead-app-ubtkn.ondigitalocean.app
URL: https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.231.237.1 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
c567088311b1d499e0b221a132e61cf5a3ff4537b38df8aa5e456295c0014443

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 16 Apr 2024 11:51:42 GMT
Last-Modified
Mon, 15 Apr 2024 16:15:15 GMT
Server
AmazonS3
x-amz-request-id
ZS0M3DHTCD0VM2GN
ETag
"40e296272aff4831ed1bb427901b1ea0"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Length
157139
x-amz-id-2
6ZNJJby5/WuUJfR5k4tRGqOlw6sr4AXicqpA5SZq/2ZHhIChXl7II6hEkEibW1j7MBk2r7AMo8A=
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/ 		77 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js
Requested by
Host: hammerhead-app-ubtkn.ondigitalocean.app
URL: https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.86.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://hammerhead-app-ubtkn.ondigitalocean.app
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 11:51:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2924322
x-jsd-version
5.0.2
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230080-FRA, cache-lga21928-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"13397-kBFpUnUH/55mLPZNjjYfNZMIlw0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rPPq6SxlyiiscdKm5H1Gi41vDOfvNztxaEag0Yrq41Xj8uRx6vaYFXm3JfA6fSUkeJ6%2FHSZW74Z%2FFCHOAdi705Y4OnnRcyMKed4U5zvX7qny1q8GB67q%2BazvUZ%2BcYrWEF8M%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
8753f705c8504d3a-FRA
feather.min.js
cdn.jsdelivr.net/npm/feather-icons@4.28.0/dist/ 		74 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/feather-icons@4.28.0/dist/feather.min.js
Requested by
Host: hammerhead-app-ubtkn.ondigitalocean.app
URL: https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.86.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5dfcdd882f92d647a26beb3d974ef2ef27b96bcef8b01abaef32b8bbb2d38ef9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://hammerhead-app-ubtkn.ondigitalocean.app
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 11:51:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
390532
x-jsd-version
4.28.0
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220063-FRA, cache-lga21935-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"12803-VGvmKj49iNws8jK+EoeSCbRlrvE"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xj6WGwd%2Fz0TCdGfgyTRhuSJBX41Gjul1MbKSBopmlOwp8QYX%2FXnZKS0hTD2ZFmUMktMCJzvWF2qJ%2F2lhy64TTxF7lP0eFl52sVi1HQnKlrflvLQElP%2F%2Fsoxaz4eFEEsB3Tw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
8753f705c8554d3a-FRA
dashboard.js
tapara-store-location.s3.amazonaws.com/static/shopify_app/ 		123 B
560 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tapara-store-location.s3.amazonaws.com/static/shopify_app/dashboard.js
Requested by
Host: hammerhead-app-ubtkn.ondigitalocean.app
URL: https://hammerhead-app-ubtkn.ondigitalocean.app/auth/login/?shop=None
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.231.237.1 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
baff6b34d4a2a8af812dc6b24ab7c6f53934555b2dc0bee7d4516af32041ace5

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 16 Apr 2024 11:51:42 GMT
Last-Modified
Sat, 13 Apr 2024 05:01:08 GMT
Server
AmazonS3
x-amz-request-id
ZS0Z4PXZS5X0J9XR
ETag
"72b2fc25a17f7e489ed6891bd8c060d9"
x-amz-server-side-encryption
AES256
Content-Type
application/javascript
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Length
123
x-amz-id-2
hLl0tLYs7vq5ySgCBWJOPrXlRkSlEbtuzpfmS1vs217gBxi0lGJH5yiUxNTedUyUaUI3MgVArKg=
favicon-32x32.png
tapara-store-location.s3.amazonaws.com/static/shopify_app/favicon/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://tapara-store-location.s3.amazonaws.com/static/shopify_app/favicon/favicon-32x32.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.231.237.1 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
5862e04324b6f4abc469070b548265e2e64da91782438edd9c4cb72743cc5794

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 16 Apr 2024 11:51:43 GMT
Last-Modified
Mon, 15 Apr 2024 16:15:16 GMT
Server
AmazonS3
x-amz-request-id
G3CCFC191076S2PE
ETag
"23bbee4e0aac61e8f35aed7619534ad4"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Length
1386
x-amz-id-2
8LQZwodel8cOkuJJnrxjO4AgBN3cGXTTk8RVmpm0b3NYRaw7Um7R1BHrb8hwNU2vIhwXkYmAX2A=

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| uidEvent object| bootstrap object| feather

1 Cookies

Domain/Path Name / Value
hammerhead-app-ubtkn.ondigitalocean.app/ Name: csrftoken
Value: WORiDJA8kjfFqR4slNd4XZRiN5lY5o3V

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options DENY