urlscan.io logo urlscan.io
SecurityTrails logo

staking.step.app Open in urlscan Pro
2400:52e0:1e00::874:1  Public Scan

Go To Rescan Add Verdict Report
URL: https://staking.step.app/
Submission: On December 09 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2400:52e0:1e00::874:1, located in Slovenia and belongs to BUNNYCDN, SI. The main domain is staking.step.app.
TLS certificate: Issued by R3 on December 7th 2022. Valid for: 3 months.
This is the only time staking.step.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 2400:52e0:1e0... 200325 (BUNNYCDN)
1 2a00:1450:400... 15169 (GOOGLE)
6 2
Apex Domain
Subdomains		 Transfer
5 step.app
staking.step.app
953 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 47
6 2
Domain Requested by
5 staking.step.app staking.step.app
1 www.googletagmanager.com staking.step.app
6 2

This site contains links to these domains. Also see Links.

Domain
step.app
Subject Issuer Validity Valid
staking.step.app
R3		 2022-12-07 -
2023-03-07		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://staking.step.app/
Frame ID: C2FE1FBCC389C69F8F0C769783AE26BD
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Step App | Staking

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

953 kB
Transfer

4085 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
staking.step.app/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://staking.step.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::874:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-874 /
Resource Hash
4574ea35a26862b5855343cfd5311b9d3d0649a41e737bb7a4c229074fb82748
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-expose-headers
Content-Range X-Chunked-Output X-Stream-Output
cache-control
max-age=60, stale-while-revalidate=3600
cdn-cache
HIT
cdn-cachedat
12/09/2022 15:57:34
cdn-edgestorageid
1047
cdn-proxyver
1.03
cdn-pullzone
777467
cdn-requestcountrycode
IT
cdn-requestid
36d4cbd2cf2651d92718e83a347d2b90
cdn-requestpullcode
200
cdn-requestpullsuccess
True
cdn-status
200
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Fri, 09 Dec 2022 16:00:20 GMT
etag
W/"DirIndex-605b5945438e1fe2eaf8a6571cca7ecda12d5599_CID-bafybeib5r4pnquj4q2hbrlus4yhasc3rzxaxornaanubucbieekg4l2hla"
last-modified
Wed, 07 Dec 2022 08:01:03 GMT
referrer-policy
strict-origin-when-cross-origin
server
BunnyCDN-DE1-874
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-cache-status
HIT
x-content-type-options
nosniff
x-ipfs-path
/ipfs/bafybeib5r4pnquj4q2hbrlus4yhasc3rzxaxornaanubucbieekg4l2hla/
x-request-id
0c499e81957292fe207c21d7bc895c85
x-xss-protection
0
js
www.googletagmanager.com/gtag/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-6G4XR2L3J8
Requested by
Host: staking.step.app
URL: https://staking.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://staking.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers
main.892ccea7.chunk.css
staking.step.app/static/css/ 		26 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://staking.step.app/static/css/main.892ccea7.chunk.css
Requested by
Host: staking.step.app
URL: https://staking.step.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::874:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-874 /
Resource Hash
59e4be96cb79ef1bed1aa30f6ba0d49b0bac0fc6d2934c9a9b9a907273bd3485
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://staking.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Fri, 09 Dec 2022 16:00:20 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cdn-edgestorageid
755
content-security-policy
upgrade-insecure-requests
x-cache-status
MISS
cdn-cachedat
12/05/2022 13:07:14
cdn-pullzone
777467
x-xss-protection
0
x-request-id
7195dd5abf8fad4de22b46dce6c647ce
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
BunnyCDN-DE1-874
cdn-proxyver
1.03
cdn-requestpullcode
200
etag
W/"QmaUpB6qyWXWDsc5ZTBnsdt8JaNupmVZVLh5vDecJ3WpPA"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=60, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeib5r4pnquj4q2hbrlus4yhasc3rzxaxornaanubucbieekg4l2hla/static/css/main.892ccea7.chunk.css
cdn-requestid
ab66a126e9cb760e257668979cc09d09
cdn-requestcountrycode
IT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
2.f97dae82.chunk.js
staking.step.app/static/js/ 		4 MB
922 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staking.step.app/static/js/2.f97dae82.chunk.js
Requested by
Host: staking.step.app
URL: https://staking.step.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::874:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-874 /
Resource Hash
2ba4f5e799d60152b59b9e5b3a5fbd7790c2031d70a21fdab0b8a34bbb081ead
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://staking.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Fri, 09 Dec 2022 16:00:20 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cdn-edgestorageid
865
content-security-policy
upgrade-insecure-requests
x-cache-status
MISS
cdn-cachedat
12/05/2022 13:07:14
cdn-pullzone
777467
x-xss-protection
0
x-request-id
109f6bb6d1b6c4e6e3ccb92e034a3219
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
BunnyCDN-DE1-874
cdn-proxyver
1.03
cdn-requestpullcode
200
etag
W/"QmbqDoyCDdDNox8XJiWb2K8Y9ko2gkpuPjT1riHKiUVZyV"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
cache-control
max-age=60, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeib5r4pnquj4q2hbrlus4yhasc3rzxaxornaanubucbieekg4l2hla/static/js/2.f97dae82.chunk.js
cdn-requestid
4eef23e4d15ba66c47b1fd9ac69c3072
cdn-requestcountrycode
IT
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
cdn-status
200
cdn-requestpullsuccess
True
main.dd7ee2bf.chunk.js
staking.step.app/static/js/ 		97 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staking.step.app/static/js/main.dd7ee2bf.chunk.js
Requested by
Host: staking.step.app
URL: https://staking.step.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::874:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-874 /
Resource Hash
abacfb11c1e2afd6d837f6d982c07d108a81935ea7cc53648cbd836c7f0e4244
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://staking.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Fri, 09 Dec 2022 16:00:20 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cdn-edgestorageid
874
content-security-policy
upgrade-insecure-requests
x-cache-status
MISS
cdn-cachedat
12/05/2022 13:07:14
cdn-pullzone
777467
x-xss-protection
0
x-request-id
8fc8a20b521b8aeb103e99df799a35f7
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
BunnyCDN-DE1-874
cdn-proxyver
1.03
cdn-requestpullcode
200
etag
W/"QmV5ScT8mmKW3Z9Wi6dxLn74YRkDcfSbg4gJ2NttU1eZhM"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
cache-control
max-age=60, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeib5r4pnquj4q2hbrlus4yhasc3rzxaxornaanubucbieekg4l2hla/static/js/main.dd7ee2bf.chunk.js
cdn-requestid
90cd81e60653bbfb214c9a7b1b54e1d3
cdn-requestcountrycode
IT
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
cdn-status
200
cdn-requestpullsuccess
True
logo.svg
staking.step.app/img/ 		10 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://staking.step.app/img/logo.svg
Requested by
Host: staking.step.app
URL: https://staking.step.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::874:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-874 /
Resource Hash
99aedc79d189a38480d604240099d7d028360b5925a3846fa4cb1f44a05ab081
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://staking.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Fri, 09 Dec 2022 16:00:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-edgestorageid
1053
x-cache-status
MISS
cdn-cachedat
12/05/2022 13:07:15
cdn-pullzone
777467
x-xss-protection
0
x-request-id
e973127b0f549feecac3ac339c503792
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
BunnyCDN-DE1-874
cdn-proxyver
1.03
cdn-requestpullcode
200
etag
W/"QmXctjWswDM87DWnAAXKu6nZQSZ2qoKfiwqegSUx2fyx9Q"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
access-control-expose-headers
Content-Range, X-Chunked-Output, X-Stream-Output
cache-control
max-age=60, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeib5r4pnquj4q2hbrlus4yhasc3rzxaxornaanubucbieekg4l2hla/img/logo.svg
cdn-requestid
4d465d5ccf985f8bbbfb2c3f552a0501
cdn-requestcountrycode
IT
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
cdn-status
200
cdn-requestpullsuccess
True

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| gtag object| dataLayer object| webpackJsonpstepapp object| regeneratorRuntime function| setImmediate function| clearImmediate object| _ethers

4 Cookies

Domain/Path Name / Value
.app.link/ Name: _s
Value: DV0dBlXcZ6LS64v8K0NZVhq4zSiSKKk6RyDSQp%2FhVWJLW%2Bvu1cpGtVx43BdAZ9OV
.metamask.io/ Name: _ga
Value: GA1.2.755133464.1670601622
.metamask.io/ Name: _gid
Value: GA1.2.1389540476.1670601622
.metamask.io/ Name: _gat
Value: 1

1 Console Messages

Source Level URL
Text
network error URL: https://www.googletagmanager.com/gtag/js?id=G-6G4XR2L3J8
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0