urlscan.io logo urlscan.io
SecurityTrails logo

app.loft47.com Open in urlscan Pro
54.159.87.23  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://app.loft47.com/deals/85142
Effective URL: https://app.loft47.com/users/sign_in
Submission: On September 11 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 7 domains to perform 20 HTTP transactions. The main IP is 54.159.87.23, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is app.loft47.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 23rd 2020. Valid for: 3 months.
This is the only time app.loft47.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    54.159.87.23 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-159-87-23.compute-1.amazonaws.com
app.loft47.com
6    99.86.2.107 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-2-107.fra6.r.cloudfront.net
d9ffhqj94li9s.cloudfront.net
3    151.101.112.176 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
js.stripe.com
1    2606:4700::6811:4e6b (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:818::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2600:9000:214f:9e00:8:dec:1e00:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn-assets.loft47.com
2    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
2    2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:825::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
Domain Requested by
6 d9ffhqj94li9s.cloudfront.net app.loft47.com
3 cdn-assets.loft47.com d9ffhqj94li9s.cloudfront.net
3 js.stripe.com app.loft47.com
js.stripe.com
2 www.google-analytics.com www.googletagmanager.com
cdnjs.cloudflare.com
2 apis.google.com d9ffhqj94li9s.cloudfront.net
apis.google.com
2 app.loft47.com 1 redirects
1 accounts.google.com apis.google.com
1 www.googletagmanager.com app.loft47.com
1 cdnjs.cloudflare.com d9ffhqj94li9s.cloudfront.net
20 9

This site contains links to these domains. Also see Links.

Domain
loft47.com
www.loft47.com
Subject Issuer Validity Valid
app.loft47.com
Let's Encrypt Authority X3		 2020-08-23 -
2020-11-21		 3 months crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2020-05-26 -
2021-04-21		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2020-07-07 -
2020-10-08		 3 months crt.sh
cdnjs.cloudflare.com
DigiCert ECC Secure Server CA		 2020-08-12 -
2022-08-17		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
cdn-assets.loft47.com
Amazon		 2019-10-29 -
2020-11-29		 a year crt.sh
*.apis.google.com
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
accounts.google.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://app.loft47.com/users/sign_in
Frame ID: 3AE635DE0127D92EF868483F4291D04B
Requests: 17 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-6e6ed81584679d263bf5a2b0f15af9e1.html
Frame ID: F2B774141C424AC73571D347E7D3E55A
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-5ba131ba21f73590dec063db53a91ded.html
Frame ID: 1C5235931249EA21DFC35F13FDD5D7B4
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: BED5FF043058C62D0FAB5DDF13BCE692
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://app.loft47.com/deals/85142 HTTP 302
    https://app.loft47.com/users/sign_in Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^Cowboy$/i
Overall confidence: 100%
Detected patterns
  • headers server /^Cowboy$/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /apis\.google\.com\/js\/[a-z]*\.js/i

Page Statistics

20
Requests

100 %
HTTPS

67 %
IPv6

7
Domains

9
Subdomains

9
IPs

2
Countries

1847 kB
Transfer

7194 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://app.loft47.com/deals/85142 HTTP 302
    https://app.loft47.com/users/sign_in Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set sign_in
app.loft47.com/users/
Redirect Chain
  • https://app.loft47.com/deals/85142
  • https://app.loft47.com/users/sign_in
26 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.loft47.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.159.87.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-159-87-23.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
84c955c8330451822621e93a8a4932a7d526ceed52b9ff0cc04128b982c5de5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
app.loft47.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
_vey_session=XosnfBhdDu8%2FFvFfr%2FS7wPaWHUekYxKW5TtZYeTxYlpC%2BqM7MK1fjR8d%2FtXye4roDxneXvMY045xa%2F3EeAgcmdGaqYC3l%2Bu0mmxUAtWERMN%2BQ0u2qMqMuolMRIPhrU0nXsOPtb7uazaZLWA8SRhxZWBBVg8EqwUJ6tG7pk95GRXYFWl%2Bu5PEAP0mZlvvEopT7NCIl8Yw0BhWFcRACH5dnVWbRO7Ml8CwMsRXTvY86Tg%3D--iHbTDbV9Di193Gw1--Gss2CcHwFqVOi%2B5xZZZVLQ%3D%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
Cowboy
Date
Fri, 11 Sep 2020 04:09:35 GMT
Connection
keep-alive
X-Frame-Options
SAMEORIGIN
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
Referrer-Policy
strict-origin-when-cross-origin
Content-Type
text/html; charset=utf-8
Etag
W/"84c955c8330451822621e93a8a4932a7"
Cache-Control
max-age=0, private, must-revalidate
Set-Cookie
_vey_session=xk36WESeqo%2Fiq9V5LtuP2cpItiu5%2FNsatQ0h%2FQ3397scNHGQztvzZ7cpDN5yEPnSMfwmbLn1caKpViLMGX3E9XoDtm%2BJroB2zYXbywJZk9hHK%2BW2VtpfN6rBR%2BfCyTCbYDA1vtPmnGxxlAFFGB5tGQ3KLX4VziDzqPtVMbVPVA5UWLafX2MbyeqN5on8mg%3D%3D--ux7vkejL94YFbswQ--wcoeUAOb8PQf3BWvk8YeOQ%3D%3D; path=/; secure; HttpOnly
X-Request-Id
47520c74-3a21-4a03-92ab-7814b18622bc
X-Runtime
0.034286
Vary
Accept-Encoding
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Via
1.1 vegur

Redirect headers

Server
Cowboy
Date
Fri, 11 Sep 2020 04:09:35 GMT
Connection
keep-alive
Location
https://app.loft47.com/users/sign_in
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache
Set-Cookie
_vey_session=XosnfBhdDu8%2FFvFfr%2FS7wPaWHUekYxKW5TtZYeTxYlpC%2BqM7MK1fjR8d%2FtXye4roDxneXvMY045xa%2F3EeAgcmdGaqYC3l%2Bu0mmxUAtWERMN%2BQ0u2qMqMuolMRIPhrU0nXsOPtb7uazaZLWA8SRhxZWBBVg8EqwUJ6tG7pk95GRXYFWl%2Bu5PEAP0mZlvvEopT7NCIl8Yw0BhWFcRACH5dnVWbRO7Ml8CwMsRXTvY86Tg%3D--iHbTDbV9Di193Gw1--Gss2CcHwFqVOi%2B5xZZZVLQ%3D%3D; path=/; secure; HttpOnly
X-Request-Id
06970f52-4634-4b12-a9eb-d2c5ea3577e7
X-Runtime
0.004892
Vary
Accept-Encoding
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Via
1.1 vegur
application-77684ae8d9abfc2cc86a712dfbc128caf7cb42486217265d53aa025a162d80cc.css
d9ffhqj94li9s.cloudfront.net/assets/ 		211 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d9ffhqj94li9s.cloudfront.net/assets/application-77684ae8d9abfc2cc86a712dfbc128caf7cb42486217265d53aa025a162d80cc.css
Requested by
Host: app.loft47.com
URL: https://app.loft47.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.107 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-107.fra6.r.cloudfront.net
Software
Cowboy /
Resource Hash
bfac2a80faa1cba89449b7cc56f61bb00f99c580e69d41225497debf58916b40
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 11 Sep 2020 04:09:35 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Wed, 09 Sep 2020 23:05:48 GMT
Server
Cowboy
X-Amz-Cf-Pop
FRA6-C1
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
text/css
Via
1.1 vegur, 1.1 3095e870e1a1a1b03178e40ab1872de5.cloudfront.net (CloudFront)
Cache-Control
public, max-age=86400
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Length
36870
X-Amz-Cf-Id
u4nZAcgvQ-isA1kmZ3vfDOScqn0asFlt-DosdaUEF2qCYZ8VUdiotQ==
require-lodash-fcb590b233483fba364ea36edf50bb190860b59196a7bbcb93b467eff76fe0f3.js
d9ffhqj94li9s.cloudfront.net/assets/ 		449 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d9ffhqj94li9s.cloudfront.net/assets/require-lodash-fcb590b233483fba364ea36edf50bb190860b59196a7bbcb93b467eff76fe0f3.js
Requested by
Host: app.loft47.com
URL: https://app.loft47.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.107 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-107.fra6.r.cloudfront.net
Software
Cowboy /
Resource Hash
fcb590b233483fba364ea36edf50bb190860b59196a7bbcb93b467eff76fe0f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 11 Sep 2020 04:09:36 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Wed, 09 Sep 2020 23:07:48 GMT
Server
Cowboy
X-Amz-Cf-Pop
FRA6-C1
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
application/javascript
Via
1.1 vegur, 1.1 c26b8e74df43cd99786e716221463d0c.cloudfront.net (CloudFront)
Cache-Control
public, max-age=86400
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Length
82150
X-Amz-Cf-Id
ya_rvBKr-lQ5BvRywjE7Ei8ZAjY4dMyIlei6OxvIMdnE2epZbvineA==
/
js.stripe.com/v3/ 		180 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: app.loft47.com
URL: https://app.loft47.com/users/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c06b8da09a95178990a04b36d34c1ca91f5c0c56586b64583fabebdf66e1e803
Security Headers
Name Value
Content-Security-Policy connect-src 'self' https://api.stripe.com https://errors.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 11 Sep 2020 04:09:36 GMT
content-encoding
gzip
vary
Accept-Encoding
age
81
via
1.1 varnish
x-cache
HIT
status
200
content-length
47660
x-amz-id-2
FdgB4iHCf3NwIZtYhD8Ixy565Ga/tpG7GpEAhkcb6jPAXY4Jvvn6xMu7mpGgNLvDZLdAMI+mpKs=
x-served-by
cache-hhn4066-HHN
timing-allow-origin
*
last-modified
Thu, 10 Sep 2020 22:44:02 GMT
server
AmazonS3
etag
"d5c6c8f67bf390cf9c0e454c37704009"
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-amz-request-id
7C75658F81E5D397
access-control-allow-origin
*
cache-control
public, max-age=300
content-security-policy
connect-src 'self' https://api.stripe.com https://errors.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
27
vendor-9ef27f645bd40bc943b242cbbdd86e7def006391dbef8931fc494b7a543adb6d.js
d9ffhqj94li9s.cloudfront.net/assets/ 		2 MB
384 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d9ffhqj94li9s.cloudfront.net/assets/vendor-9ef27f645bd40bc943b242cbbdd86e7def006391dbef8931fc494b7a543adb6d.js
Requested by
Host: app.loft47.com
URL: https://app.loft47.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.107 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-107.fra6.r.cloudfront.net
Software
Cowboy /
Resource Hash
9ef27f645bd40bc943b242cbbdd86e7def006391dbef8931fc494b7a543adb6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 11 Sep 2020 04:09:36 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Wed, 09 Sep 2020 23:07:48 GMT
Server
Cowboy
X-Amz-Cf-Pop
FRA6-C1
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
application/javascript
Via
1.1 vegur, 1.1 6e432daa93321d42e8840614082fcdc3.cloudfront.net (CloudFront)
Cache-Control
public, max-age=86400
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Length
392201
X-Amz-Cf-Id
kuDhN9W7Clce3Q5cEcfyJMF_-GGxKMXQn2WviWUqCtu3sRSm8Abi8Q==
webpacked-5dc0bfe2a1d2abcdde72221b9ece1237cee8fb1668d5a6c0218c72fa71903775.js
d9ffhqj94li9s.cloudfront.net/assets/ 		4 MB
879 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d9ffhqj94li9s.cloudfront.net/assets/webpacked-5dc0bfe2a1d2abcdde72221b9ece1237cee8fb1668d5a6c0218c72fa71903775.js
Requested by
Host: app.loft47.com
URL: https://app.loft47.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.107 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-107.fra6.r.cloudfront.net
Software
Cowboy /
Resource Hash
5dc0bfe2a1d2abcdde72221b9ece1237cee8fb1668d5a6c0218c72fa71903775
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 11 Sep 2020 04:09:35 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Wed, 09 Sep 2020 23:07:48 GMT
Server
Cowboy
X-Amz-Cf-Pop
FRA6-C1
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
application/javascript
Via
1.1 vegur, 1.1 507b5edb20d0e1a0b73c8687f53defa9.cloudfront.net (CloudFront)
Cache-Control
public, max-age=86400
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Length
899766
X-Amz-Cf-Id
as5G2aVFJPGp4PMAcoYy5c2lFoOPOk2ihb8p1AHJ-V7OWmWrUA2d8Q==
application-11564aa9d082cc2bd388ec4a3c215b4790b06104db775e434f867a709b1f9a70.js
d9ffhqj94li9s.cloudfront.net/assets/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d9ffhqj94li9s.cloudfront.net/assets/application-11564aa9d082cc2bd388ec4a3c215b4790b06104db775e434f867a709b1f9a70.js
Requested by
Host: app.loft47.com
URL: https://app.loft47.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.107 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-107.fra6.r.cloudfront.net
Software
Cowboy /
Resource Hash
11564aa9d082cc2bd388ec4a3c215b4790b06104db775e434f867a709b1f9a70
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 05:39:19 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Tue, 08 Sep 2020 18:14:36 GMT
Server
Cowboy
Age
81017
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript
Via
1.1 vegur, 1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront)
Cache-Control
public, max-age=86400
X-Cache
Hit from cloudfront
X-Amz-Cf-Pop
FRA6-C1
Content-Length
5209
X-Amz-Cf-Id
wccNYK6Im9PoIsvLub_-wc8cXXQxF0hj5Cj3yR0-GBoTV8CxI0MWAw==
loft47-logo--white-8f65943fc0b0b050f8a3b5495ef39a06b9ba8a45350eb3f88b5b7439ae5f380e.svg
d9ffhqj94li9s.cloudfront.net/assets/ 		31 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d9ffhqj94li9s.cloudfront.net/assets/loft47-logo--white-8f65943fc0b0b050f8a3b5495ef39a06b9ba8a45350eb3f88b5b7439ae5f380e.svg
Requested by
Host: app.loft47.com
URL: https://app.loft47.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.107 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-107.fra6.r.cloudfront.net
Software
Cowboy /
Resource Hash
8f65943fc0b0b050f8a3b5495ef39a06b9ba8a45350eb3f88b5b7439ae5f380e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 11 Sep 2020 04:09:36 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Wed, 09 Sep 2020 23:05:48 GMT
Server
Cowboy
X-Amz-Cf-Pop
FRA6-C1
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
image/svg+xml
Via
1.1 vegur, 1.1 6e432daa93321d42e8840614082fcdc3.cloudfront.net (CloudFront)
Cache-Control
public, max-age=86400
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Length
23770
X-Amz-Cf-Id
stWOL7xJcAicw3ZJAH9VyXZT-zbTCbrQtuNg_wFGrCk4c90MMd5gOw==
rollbar.min.js
cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.5/ 		61 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.5/rollbar.min.js
Requested by
Host: d9ffhqj94li9s.cloudfront.net
URL: https://d9ffhqj94li9s.cloudfront.net/assets/vendor-9ef27f645bd40bc943b242cbbdd86e7def006391dbef8931fc494b7a543adb6d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a72c4e26c25b078342335d627ed7e11b6bdab12dc334fa338d232199702f4e8
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Origin
https://app.loft47.com
Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 11 Sep 2020 04:09:37 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
106657
x-via
cfworker/kv
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17048
cf-request-id
051cf3d17200002b7d3609f200000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:16:01 GMT
server
cloudflare
etag
"5eb03fc1-f483"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
5d0e88c8bf142b7d-FRA
expires
Wed, 01 Sep 2021 04:09:37 GMT
gtm.js
www.googletagmanager.com/ 		82 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KVMWNT
Requested by
Host: app.loft47.com
URL: https://app.loft47.com/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b257da639f572219110df61a3cfadbd13508160fd742aa5c50b7752cd832a61c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 11 Sep 2020 04:09:37 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31758
x-xss-protection
0
last-modified
Fri, 11 Sep 2020 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 11 Sep 2020 04:09:37 GMT
m-outer-6e6ed81584679d263bf5a2b0f15af9e1.html
js.stripe.com/v3/ Frame F2B7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-6e6ed81584679d263bf5a2b0f15af9e1.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy connect-src 'self'; default-src 'self'; font-src 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
js.stripe.com
:scheme
https
:path
/v3/m-outer-6e6ed81584679d263bf5a2b0f15af9e1.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://app.loft47.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://app.loft47.com/

Response headers

status
200
x-amz-id-2
pFnmCVyglRDXrLkvtxLfszGh05YXGrF3/yGPPkHnof2o+XqitAkN+//3EbX9dQm0HbnhWbuOhHE=
x-amz-request-id
25AFF042B6C984DA
last-modified
Thu, 10 Sep 2020 22:19:50 GMT
etag
"6e6ed81584679d263bf5a2b0f15af9e1"
cache-control
public, max-age=300
content-type
text/html; charset=utf-8
server
AmazonS3
content-encoding
gzip
accept-ranges
bytes
date
Fri, 11 Sep 2020 04:09:37 GMT
via
1.1 varnish
age
20
x-served-by
cache-hhn4066-HHN
x-cache
HIT
x-cache-hits
15
vary
Accept-Encoding
access-control-allow-origin
*
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
content-security-policy
connect-src 'self'; default-src 'self'; font-src 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'
content-length
185
SourceSansPro-Semibold.otf.woff
cdn-assets.loft47.com/fonts/ 		131 KB
132 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn-assets.loft47.com/fonts/SourceSansPro-Semibold.otf.woff
Requested by
Host: d9ffhqj94li9s.cloudfront.net
URL: https://d9ffhqj94li9s.cloudfront.net/assets/application-77684ae8d9abfc2cc86a712dfbc128caf7cb42486217265d53aa025a162d80cc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:8:dec:1e00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d32bf151f07cfba3d72dd4009e58addeba6b7540727d976b74425ee22e408ea6

Request headers

Origin
https://app.loft47.com
Referer
https://d9ffhqj94li9s.cloudfront.net/assets/application-77684ae8d9abfc2cc86a712dfbc128caf7cb42486217265d53aa025a162d80cc.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 11 Sep 2020 04:09:39 GMT
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
last-modified
Wed, 31 Jul 2019 17:21:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
status
200
etag
"7a89c69cdc383fe3ac47a5e4281e8f92"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/font-woff
access-control-allow-origin
*
x-cache
Miss from cloudfront
accept-ranges
bytes
content-length
134540
x-amz-cf-id
sk-eiazY6v7WmeSvorMOTTDpeE4MMTxY3ysOwYsrYLxEwE3Yt76YVQ==
SourceSansPro-Regular.otf.woff
cdn-assets.loft47.com/fonts/ 		130 KB
131 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn-assets.loft47.com/fonts/SourceSansPro-Regular.otf.woff
Requested by
Host: d9ffhqj94li9s.cloudfront.net
URL: https://d9ffhqj94li9s.cloudfront.net/assets/application-77684ae8d9abfc2cc86a712dfbc128caf7cb42486217265d53aa025a162d80cc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:8:dec:1e00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
154564c20eb3bd31c8212f6994482f59adfd00531be9509b0f52d310d623b26e

Request headers

Origin
https://app.loft47.com
Referer
https://d9ffhqj94li9s.cloudfront.net/assets/application-77684ae8d9abfc2cc86a712dfbc128caf7cb42486217265d53aa025a162d80cc.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 11 Sep 2020 04:09:39 GMT
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
last-modified
Wed, 31 Jul 2019 17:21:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
status
200
etag
"788a2bcde2b05619551257e5f2053278"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/font-woff
access-control-allow-origin
*
x-cache
Miss from cloudfront
accept-ranges
bytes
content-length
133352
x-amz-cf-id
bytAblrG-ZgIctKeFA-EyOS4dWXotKtmybau9BTq7YeKfryukyHFBA==
vey.ttf
cdn-assets.loft47.com/fonts/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn-assets.loft47.com/fonts/vey.ttf?w0k1xk
Requested by
Host: d9ffhqj94li9s.cloudfront.net
URL: https://d9ffhqj94li9s.cloudfront.net/assets/application-77684ae8d9abfc2cc86a712dfbc128caf7cb42486217265d53aa025a162d80cc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:9e00:8:dec:1e00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
09c25f6b2bcc51b3c903ab47a3d9f41800d7f2c32090ad9802b4ee232ea956e3

Request headers

Origin
https://app.loft47.com
Referer
https://d9ffhqj94li9s.cloudfront.net/assets/application-77684ae8d9abfc2cc86a712dfbc128caf7cb42486217265d53aa025a162d80cc.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 11 Sep 2020 04:09:39 GMT
via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
last-modified
Wed, 31 Jul 2019 17:21:48 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
status
200
etag
"52ad3fc2188e3c5c3d51f9aa819519bf"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
x-cache
Miss from cloudfront
accept-ranges
bytes
content-length
11296
x-amz-cf-id
N0rVN2V5wXoOwvgL7OFMzzImn3M9QdrdcaC5nMJqGcloV8lcZ94k0w==
controller-5ba131ba21f73590dec063db53a91ded.html
js.stripe.com/v3/ Frame 1C52 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-5ba131ba21f73590dec063db53a91ded.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.176 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy connect-src 'self' https://api.stripe.com https://errors.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
js.stripe.com
:scheme
https
:path
/v3/controller-5ba131ba21f73590dec063db53a91ded.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://app.loft47.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://app.loft47.com/

Response headers

status
200
x-amz-id-2
JDalCcxV3v2ux5h8uOCJesVbVJaQixyvDc2rO9fGNxRWEKpCjRPoVhstraqaQ1hseiCfnzUAUmo=
x-amz-request-id
448B37BB69DC1D9B
last-modified
Thu, 10 Sep 2020 22:19:50 GMT
etag
"5ba131ba21f73590dec063db53a91ded"
cache-control
public, max-age=300
content-type
text/html; charset=utf-8
server
AmazonS3
content-encoding
gzip
accept-ranges
bytes
date
Fri, 11 Sep 2020 04:09:37 GMT
via
1.1 varnish
age
292
x-served-by
cache-hhn4066-HHN
x-cache
HIT
x-cache-hits
34
vary
Accept-Encoding
access-control-allow-origin
*
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
content-security-policy
connect-src 'self' https://api.stripe.com https://errors.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
content-length
221
api.js
apis.google.com/js/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/api.js
Requested by
Host: d9ffhqj94li9s.cloudfront.net
URL: https://d9ffhqj94li9s.cloudfront.net/assets/webpacked-5dc0bfe2a1d2abcdde72221b9ece1237cee8fb1668d5a6c0218c72fa71903775.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7310f2a7f840a02cd44057f3c3cff18225a56d33f22e08b62026032ffb3a97ce
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-FBYUz7deZw8+1aoiDR+OnA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 11 Sep 2020 04:09:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"3f0564110e0c22ccd28ac76a33412441"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-FBYUz7deZw8+1aoiDR+OnA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
expires
Fri, 11 Sep 2020 04:09:37 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVMWNT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 19 Aug 2020 20:46:40 GMT
server
Golfe2
age
3237
date
Fri, 11 Sep 2020 03:15:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18323
expires
Fri, 11 Sep 2020 05:15:40 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/ 		105 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cdf379f03fb1def6543a61f0d1fb32dfae87274e462e4a611711be3317cb62c9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 07 Sep 2020 17:04:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sun, 02 Aug 2020 22:35:54 GMT
server
sffe
age
299125
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35665
x-xss-protection
0
expires
Tue, 07 Sep 2021 17:04:12 GMT
collect
www.google-analytics.com/j/ 		1 B
394 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j85&a=692574239&t=pageview&_s=1&dl=https%3A%2F%2Fapp.loft47.com%2Fusers%2Fsign_in&ul=en-us&de=UTF-8&dt=Loft47&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABAAAAAC~&jid=911635600&gjid=250113828&cid=2143174995.1599797378&tid=UA-75088967-1&_gid=1495905816.1599797378&_r=1&gtm=2wg920KVMWNT&z=71724830
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.5/rollbar.min.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://app.loft47.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 11 Sep 2020 04:09:37 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://app.loft47.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
iframe
accounts.google.com/o/oauth2/ Frame BED5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-sRkyl5FLDVDO5kbIkeI+cw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Xss-Protection 0

Request headers

:method
GET
:authority
accounts.google.com
:scheme
https
:path
/o/oauth2/iframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://app.loft47.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
NID=204=0SN8I-OxX4Y0kFqUE474Ul5OwCMwlkm7JRiutIx1P-cocKB8jgI0vP2aStCyyZCJbnr2_Azs9RdtouKWVTwplEX18qZoaaycdPeU_-SFcsHIx_c9z5nQqqRv70oJpornugN89x_JcIb3DkxjLkPtGAzQJyBfguqaS1tkXY7nx_8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://app.loft47.com/

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 11 Sep 2020 04:09:38 GMT
content-language
en-US
content-security-policy
script-src 'report-sample' 'nonce-sRkyl5FLDVDO5kbIkeI+cw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Verdicts & Comments Add Verdict or Comment

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| vey_constants function| _ function| Stripe function| setupFloatingLabels object| _rollbarConfig object| Routes function| $ function| jQuery object| jQuery112406775822168073449 function| SearchIndex function| Bloodhound object| I18n function| tmpl function| Messenger function| EventEmitter object| _rollbarShims object| _rollbarWrappedError object| Rollbar function| rollbar object| ApiRoutes function| moment function| cx object| React object| ReactRouter object| ReactDOM object| ee object| ReactSelect object| regeneratorRuntime object| VTwo object| Post object| Fetch object| __core-js_shared__ function| Color function| Chart object| App object| GoogleOAuth object| ReactRailsUJS function| getPositionRight object| dataLayer number| _rollbarStartTime boolean| _rollbarDidLoad boolean| _rollbarInitialized object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gapi object| ___jsl object| gaplugins object| gaGlobal object| gaData object| gadgets object| osapi object| oauth2

6 Cookies

Domain/Path Name / Value
.app.loft47.com/ Name: _gat_UA-75088967-1
Value: 1
.app.loft47.com/ Name: _gid
Value: GA1.3.1495905816.1599797378
.google.com/ Name: NID
Value: 204=0SN8I-OxX4Y0kFqUE474Ul5OwCMwlkm7JRiutIx1P-cocKB8jgI0vP2aStCyyZCJbnr2_Azs9RdtouKWVTwplEX18qZoaaycdPeU_-SFcsHIx_c9z5nQqqRv70oJpornugN89x_JcIb3DkxjLkPtGAzQJyBfguqaS1tkXY7nx_8
.app.loft47.com/ Name: G_ENABLED_IDPS
Value: google
.app.loft47.com/ Name: _ga
Value: GA1.3.2143174995.1599797378
app.loft47.com/ Name: _vey_session
Value: xk36WESeqo%2Fiq9V5LtuP2cpItiu5%2FNsatQ0h%2FQ3397scNHGQztvzZ7cpDN5yEPnSMfwmbLn1caKpViLMGX3E9XoDtm%2BJroB2zYXbywJZk9hHK%2BW2VtpfN6rBR%2BfCyTCbYDA1vtPmnGxxlAFFGB5tGQ3KLX4VziDzqPtVMbVPVA5UWLafX2MbyeqN5on8mg%3D%3D--ux7vkejL94YFbswQ--wcoeUAOb8PQf3BWvk8YeOQ%3D%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
apis.google.com
app.loft47.com
cdn-assets.loft47.com
cdnjs.cloudflare.com
d9ffhqj94li9s.cloudfront.net
js.stripe.com
www.google-analytics.com
www.googletagmanager.com
151.101.112.176
2600:9000:214f:9e00:8:dec:1e00:93a1
2606:4700::6811:4e6b
2a00:1450:4001:809::200e
2a00:1450:4001:818::2008
2a00:1450:4001:824::200e
2a00:1450:4001:825::200d
54.159.87.23
99.86.2.107
09c25f6b2bcc51b3c903ab47a3d9f41800d7f2c32090ad9802b4ee232ea956e3
11564aa9d082cc2bd388ec4a3c215b4790b06104db775e434f867a709b1f9a70
154564c20eb3bd31c8212f6994482f59adfd00531be9509b0f52d310d623b26e
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
5dc0bfe2a1d2abcdde72221b9ece1237cee8fb1668d5a6c0218c72fa71903775
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7310f2a7f840a02cd44057f3c3cff18225a56d33f22e08b62026032ffb3a97ce
84c955c8330451822621e93a8a4932a7d526ceed52b9ff0cc04128b982c5de5b
8a72c4e26c25b078342335d627ed7e11b6bdab12dc334fa338d232199702f4e8
8f65943fc0b0b050f8a3b5495ef39a06b9ba8a45350eb3f88b5b7439ae5f380e
9ef27f645bd40bc943b242cbbdd86e7def006391dbef8931fc494b7a543adb6d
b257da639f572219110df61a3cfadbd13508160fd742aa5c50b7752cd832a61c
bfac2a80faa1cba89449b7cc56f61bb00f99c580e69d41225497debf58916b40
c06b8da09a95178990a04b36d34c1ca91f5c0c56586b64583fabebdf66e1e803
cdf379f03fb1def6543a61f0d1fb32dfae87274e462e4a611711be3317cb62c9
d32bf151f07cfba3d72dd4009e58addeba6b7540727d976b74425ee22e408ea6
fcb590b233483fba364ea36edf50bb190860b59196a7bbcb93b467eff76fe0f3