urlscan.io logo urlscan.io
SecurityTrails logo

login-stg.botchk.net Open in urlscan Pro
34.98.108.110  Public Scan

Go To Rescan Add Verdict Report
URL: https://login-stg.botchk.net/
Submission: On April 06 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 17 HTTP transactions. The main IP is 34.98.108.110, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is login-stg.botchk.net.
TLS certificate: Issued by GTS CA 1D4 on April 6th 2024. Valid for: 3 months.
This is the only time login-stg.botchk.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 34.98.108.110 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
10 151.101.66.133 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a05:d014:275... 16509 (AMAZON-02)
17 7
1    34.98.108.110 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 110.108.98.34.bc.googleusercontent.com
login-stg.botchk.net
1    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
10    151.101.66.133 (United States)

ASN54113 (FASTLY, US)
dev-console-cdn.humansecurity.com
1    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a05:d014:275:cb00::c8 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
pxportal-mktg-banner.netlify.app
Domain Requested by
10 dev-console-cdn.humansecurity.com login-stg.botchk.net
1 pxportal-mktg-banner.netlify.app dev-console-cdn.humansecurity.com
1 fonts.gstatic.com fonts.googleapis.com
1 www.google-analytics.com login-stg.botchk.net
1 fonts.googleapis.com login-stg.botchk.net
1 login-stg.botchk.net login-stg.botchk.net
0 browser.sentry-cdn.com Failed login-stg.botchk.net
17 7

This site contains no links.

Subject Issuer Validity Valid
login-stg.botchk.net
GTS CA 1D4		 2024-04-06 -
2024-07-05		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
*.humansecurity.com
Sectigo RSA Domain Validation Secure Server CA		 2024-03-12 -
2025-04-07		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
*.netlify.app
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-01-15 -
2025-02-14		 a year crt.sh

This page contains 2 frames:

Primary Page: https://login-stg.botchk.net/
Frame ID: CDF8A76663930ECFF27A2EB23DC40A52
Requests: 16 HTTP requests in this frame

Frame: https://pxportal-mktg-banner.netlify.app/
Frame ID: 3E0EAA53B9885A68B606BA21749F43AF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HUMAN Portal

Detected technologies

Overall confidence: 100%
Detected patterns
  • <script[^>]*src="[^"]*browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

17
Requests

88 %
HTTPS

67 %
IPv6

7
Domains

7
Subdomains

7
IPs

2
Countries

260 kB
Transfer

781 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
login-stg.botchk.net/ 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login-stg.botchk.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.108.110 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
110.108.98.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
1f9235556187b38353903b16f2f435204897493e358e73416e99353a1f66a261
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; frame-ancestors 'self'; block-all-mixed-content; script-src 'unsafe-inline' 'unsafe-eval' pxportal-mktg-banner.netlify.app *.perimeterx.com *.humansecurity.com client.px-cloud.net cdn.trackjs.com ok1static.oktacdn.com rum-static.pingdom.net www.google-analytics.com widget.intercom.io js.intercomcdn.com code.jquery.com *.px-cloud.net *.px-cdn.net fonts.googleapis.com www.google.com *.newrelic.com *.nr-data.net; object-src 'none'; worker-src blob:; report-uri https://us-central1-portalx-csp.cloudfunctions.net/report; report-to csp-report;
Strict-Transport-Security max-age=86400
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-encoding
gzip
content-security-policy
upgrade-insecure-requests; frame-ancestors 'self'; block-all-mixed-content; script-src 'unsafe-inline' 'unsafe-eval' pxportal-mktg-banner.netlify.app *.perimeterx.com *.humansecurity.com client.px-cloud.net cdn.trackjs.com ok1static.oktacdn.com rum-static.pingdom.net www.google-analytics.com widget.intercom.io js.intercomcdn.com code.jquery.com *.px-cloud.net *.px-cdn.net fonts.googleapis.com www.google.com *.newrelic.com *.nr-data.net; object-src 'none'; worker-src blob:; report-uri https://us-central1-portalx-csp.cloudfunctions.net/report; report-to csp-report;
content-security-policy-report-only
upgrade-insecure-requests; frame-ancestors 'self'; block-all-mixed-content; script-src 'unsafe-inline' 'unsafe-eval' pxportal-mktg-banner.netlify.app *.perimeterx.com *.humansecurity.com client.px-cloud.net cdn.trackjs.com ok1static.oktacdn.com rum-static.pingdom.net www.google-analytics.com widget.intercom.io js.intercomcdn.com code.jquery.com *.px-cloud.net *.px-cdn.net fonts.googleapis.com www.google.com *.newrelic.com *.nr-data.net; object-src 'none'; worker-src blob:; report-uri https://us-central1-portalx-csp.cloudfunctions.net/report; report-to csp-report;
content-type
text/html; charset=UTF-8
date
Sat, 06 Apr 2024 19:35:52 GMT
etag
W/"1681-18ea9020268"
expires
0
last-modified
Thu, 04 Apr 2024 12:07:45 GMT
referrer-policy
same-origin
report-to
group: csp-report, max_age: 10886400, endpoints: [url: https://us-central1-portalx-csp.cloudfunctions.net/report]
server
nginx
strict-transport-security
max-age=86400
surrogate-control
no-store
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
0
css
fonts.googleapis.com/ 		177 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Heebo:300,400,500,700|Jura:500,600,700|Sunflower:300,500,700
Requested by
Host: login-stg.botchk.net
URL: https://login-stg.botchk.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
053a20fffb6614c0951c4bfbb4333a9077922e1a474b1d1f82e88f203b73d3fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sat, 06 Apr 2024 19:35:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 06 Apr 2024 19:35:52 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 06 Apr 2024 19:35:52 GMT
init.js
login-stg.botchk.net/3tHq532g/ 		0
0
bundle.tracing.min.js
browser.sentry-cdn.com/7.7.0/ 		0
0
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: login-stg.botchk.net
URL: https://login-stg.botchk.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 06 Apr 2024 18:19:53 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4559
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sat, 06 Apr 2024 20:19:53 GMT
asset-manifest.json
dev-console-cdn.humansecurity.com/auth/ 		1 KB
897 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dev-console-cdn.humansecurity.com/auth/asset-manifest.json
Requested by
Host: login-stg.botchk.net
URL: https://login-stg.botchk.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
c30c53721dddc94a47e715c98b5d83e470003a1d9c868255f413251abfb9aaa0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sat, 06 Apr 2024 19:35:52 GMT
date
Sat, 06 Apr 2024 19:35:52 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=300
x-guploader-uploadid
ABPtcPpz1oiEuSYwwNQINEpsAhiB-lx_RepP7lEgijZJI5ppGDlr8FkHZ9VyOwcJwKI892ep4XI
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
4
x-goog-stored-content-encoding
gzip
x-served-by
cache-fra-eddf8230153-FRA
last-modified
Tue, 02 Apr 2024 07:36:54 GMT
server
UploadServer
x-timer
S1712432152.379168,VS0,VE164
etag
"a41f16835e027f74292573526b5d4c80"
vary
Accept-Encoding
x-goog-generation
1712043414378928
content-type
application/json
access-control-allow-origin
*
x-goog-hash
crc32c=4Zb+uA==, md5=pB8Wg14Cf3QpJXNSa11MgA==
cache-control
max-age=0
x-goog-stored-content-length
332
x-amz-checksum-crc32c
4Zb+uA==
accept-ranges
bytes
x-cache-hits
0
favicon.svg
dev-console-cdn.humansecurity.com/auth/ 		2 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://dev-console-cdn.humansecurity.com/auth/favicon.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
9c4d47c7bbb6b5406c1521587d9d5dab3c4de0f76a4fc12ac4ea97a2790ebe93
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 06 Apr 2025 19:35:52 GMT
date
Sat, 06 Apr 2024 19:35:52 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=300
x-guploader-uploadid
ABPtcPrW06IBgmTe5Mi_6bpaL-fHLTFSBse-rw8cgE5C2zChyOMKXF_LbofEygQ5skj8zLXZJFY
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
x-served-by
cache-fra-eddf8230127-FRA
last-modified
Tue, 02 Apr 2024 07:36:54 GMT
server
UploadServer
x-timer
S1712432152.399398,VS0,VE150
etag
"79258a2a65fafff67950061c4764f380"
vary
Accept-Encoding
x-goog-generation
1712043414464657
content-type
image/svg+xml
access-control-allow-origin
*
x-goog-hash
crc32c=rl3nWw==, md5=eSWKKmX6//Z5UAYcR2TzgA==
cache-control
max-age=31536000, immutable
x-goog-stored-content-length
711
x-amz-checksum-crc32c
rl3nWw==
accept-ranges
bytes
x-cache-hits
0
main.f49d6ab2c678dbd019c4.js
dev-console-cdn.humansecurity.com/auth/ 		407 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev-console-cdn.humansecurity.com/auth/main.f49d6ab2c678dbd019c4.js
Requested by
Host: login-stg.botchk.net
URL: https://login-stg.botchk.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
81e97b6cfc971399c4c4b17e89333fbbfd2801866f01e3f71a12da203d806f61
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 06 Apr 2025 19:35:52 GMT
date
Sat, 06 Apr 2024 19:35:52 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=300
x-guploader-uploadid
ABPtcPpaVr5erVtFrZcrHYC0w06Cp9px8ERgUm3DwlaIe9E_2shX-SnBTO0nW3Hsww6qwlDIiW83L4XSlg
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
x-served-by
cache-fra-eddf8230127-FRA
last-modified
Tue, 02 Apr 2024 07:36:54 GMT
server
UploadServer
x-timer
S1712432153.554094,VS0,VE199
etag
"b65778858156ff03b897696f890e8726"
vary
Accept-Encoding
x-goog-generation
1712043414581458
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=QSq+XA==, md5=tld4hYFW/wO4l2lviQ6HJg==
cache-control
max-age=31536000, immutable
x-goog-stored-content-length
128016
x-amz-checksum-crc32c
QSq+XA==
accept-ranges
bytes
x-cache-hits
0
src_login_index_js.f97697d5.js
dev-console-cdn.humansecurity.com/auth/static/js/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev-console-cdn.humansecurity.com/auth/static/js/src_login_index_js.f97697d5.js
Requested by
Host: login-stg.botchk.net
URL: https://login-stg.botchk.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
12c7962064a9a5443fbd5b68572273bdbf938753c8d67cfef06522c40e20b76e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 06 Apr 2025 19:35:52 GMT
date
Sat, 06 Apr 2024 19:35:52 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=300
x-guploader-uploadid
ABPtcPr1vfHzZoVLsLAfkbqR_OTRVK6Orh4QjyxW6HzDz6TpuvYKrNvOaFElOFeKFiDdlbogNocV0ANYxQ
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
x-served-by
cache-fra-eddf8230127-FRA
last-modified
Tue, 02 Apr 2024 07:36:54 GMT
server
UploadServer
x-timer
S1712432153.555042,VS0,VE173
etag
"1385119c4576898a315daa6ed92a96aa"
vary
Accept-Encoding
x-goog-generation
1712043414543720
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=IrjTkA==, md5=E4URnEV2iYoxXapu2SqWqg==
cache-control
max-age=31536000, immutable
x-goog-stored-content-length
5648
x-amz-checksum-crc32c
IrjTkA==
accept-ranges
bytes
x-cache-hits
0
src_register_index_js.cea6ecb2.js
dev-console-cdn.humansecurity.com/auth/static/js/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev-console-cdn.humansecurity.com/auth/static/js/src_register_index_js.cea6ecb2.js
Requested by
Host: login-stg.botchk.net
URL: https://login-stg.botchk.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ae10d1d8c70316ef5183bc5c72a36f7426b33547792a59363df272ae66ada47f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 06 Apr 2025 19:35:52 GMT
date
Sat, 06 Apr 2024 19:35:52 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=300
x-guploader-uploadid
ABPtcPohxNjuEzZZ1Pf9n5w9TGH02Uj0cVs-uB0mro-XJ0vD2hMPIry9HVS0J_3ZS0Jbw8lRhAs
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
x-served-by
cache-fra-eddf8230127-FRA
last-modified
Tue, 02 Apr 2024 07:36:54 GMT
server
UploadServer
x-timer
S1712432153.554958,VS0,VE146
etag
"11f2fb1b774718cfc77fe7fbd988caf3"
vary
Accept-Encoding
x-goog-generation
1712043414672372
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=RV9KWg==, md5=EfL7G3dHGM/Hf+f72YjK8w==
cache-control
max-age=31536000, immutable
x-goog-stored-content-length
3502
x-amz-checksum-crc32c
RV9KWg==
accept-ranges
bytes
x-cache-hits
0
src_change-password_index_js.f5d5c3fe.js
dev-console-cdn.humansecurity.com/auth/static/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev-console-cdn.humansecurity.com/auth/static/js/src_change-password_index_js.f5d5c3fe.js
Requested by
Host: login-stg.botchk.net
URL: https://login-stg.botchk.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
c2e0c2c0de4359b832e1a8cb3e3a6281ab0371e851c5ba38c8ecf9c45e33b56c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 06 Apr 2025 19:35:52 GMT
date
Sat, 06 Apr 2024 19:35:52 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=300
x-guploader-uploadid
ABPtcPr9P8MMCHlnef9hIRRp0OeIPBSUAZqXjh5mQS6NawYNtjlXbsofOygxyjTkkRybtd8284c8auVnJA
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
x-served-by
cache-fra-eddf8230127-FRA
last-modified
Tue, 02 Apr 2024 07:36:54 GMT
server
UploadServer
x-timer
S1712432153.554948,VS0,VE144
etag
"826537f1d12239d6ba73ed225b860a5c"
vary
Accept-Encoding
x-goog-generation
1712043414460492
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=plAcSQ==, md5=gmU38dEiOda6c+0iW4YKXA==
cache-control
max-age=31536000, immutable
x-goog-stored-content-length
2257
x-amz-checksum-crc32c
plAcSQ==
accept-ranges
bytes
x-cache-hits
0
vendors-node_modules_axios_index_js-node_modules_classnames_index_js-node_modules_connected-r-37ab61.7a940908.js
dev-console-cdn.humansecurity.com/auth/static/js/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev-console-cdn.humansecurity.com/auth/static/js/vendors-node_modules_axios_index_js-node_modules_classnames_index_js-node_modules_connected-r-37ab61.7a940908.js
Requested by
Host: login-stg.botchk.net
URL: https://login-stg.botchk.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
24210dacf64ea182193c1abb150864aa4b5248fac02de3a4dd8a0e4f8ad55e19
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 06 Apr 2025 19:35:52 GMT
date
Sat, 06 Apr 2024 19:35:52 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=300
x-guploader-uploadid
ABPtcPr_3gZb5Qt3pCJfi6LabmzcnyZ6bAOEjK5IWvrcxWP9C9cUi7eQksPNF4NmpM557Ar9fJbjneW2Vg
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
x-served-by
cache-fra-eddf8230127-FRA
last-modified
Tue, 02 Apr 2024 07:36:54 GMT
server
UploadServer
x-timer
S1712432153.554695,VS0,VE169
etag
"58b58ae42386a078f378708fd11f961d"
vary
Accept-Encoding
x-goog-generation
1712043414479878
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=acr8Yg==, md5=WLWK5COGoHjzeHCP0R+WHQ==
cache-control
max-age=31536000, immutable
x-goog-stored-content-length
7770
x-amz-checksum-crc32c
acr8Yg==
accept-ranges
bytes
x-cache-hits
0
vendors-node_modules_react-final-form_dist_react-final-form_es_js.2b36edf2.js
dev-console-cdn.humansecurity.com/auth/static/js/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev-console-cdn.humansecurity.com/auth/static/js/vendors-node_modules_react-final-form_dist_react-final-form_es_js.2b36edf2.js
Requested by
Host: login-stg.botchk.net
URL: https://login-stg.botchk.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
e478d39c4229b1444f5ff095aeb8bb27fa9f4e4951b25af33be1d9f57893e8ca
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 06 Apr 2025 19:35:52 GMT
date
Sat, 06 Apr 2024 19:35:52 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=300
x-guploader-uploadid
ABPtcPpEd3JXNburtOjS1g6WSS82c8MA9-__0yyDE52fL7wEUh7Znk1yG9YPWxrhhL5U72THWF4-rSIPsQ
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
x-served-by
cache-fra-eddf8230127-FRA
last-modified
Tue, 02 Apr 2024 07:36:54 GMT
server
UploadServer
x-timer
S1712432153.554660,VS0,VE158
etag
"d7f96859cd2b8d92edf2e34ad6b54057"
vary
Accept-Encoding
x-goog-generation
1712043414737104
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=GbJZaQ==, md5=1/loWc0rjZLt8uNK1rVAVw==
cache-control
max-age=31536000, immutable
x-goog-stored-content-length
7839
x-amz-checksum-crc32c
GbJZaQ==
accept-ranges
bytes
x-cache-hits
0
src_shared_components_Button_js-src_shared_components_Card_js-src_shared_components_ErrorMess-b82f7a.f268c3d8.js
dev-console-cdn.humansecurity.com/auth/static/js/ 		32 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev-console-cdn.humansecurity.com/auth/static/js/src_shared_components_Button_js-src_shared_components_Card_js-src_shared_components_ErrorMess-b82f7a.f268c3d8.js
Requested by
Host: login-stg.botchk.net
URL: https://login-stg.botchk.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
587509dd0d2f92326b9fe241010afb05338f8bf8da481926422f91d5732dcc08
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 06 Apr 2025 19:35:52 GMT
date
Sat, 06 Apr 2024 19:35:52 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=300
x-guploader-uploadid
ABPtcPoYFM7_IFP9_l37EqZABct-Mt_HtYrpwipAkCORhjY8_AUNGeUJVzNqxcENzFXmkI9ueeFRbjIOrQ
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
x-served-by
cache-fra-eddf8230127-FRA
last-modified
Tue, 02 Apr 2024 07:36:54 GMT
server
UploadServer
x-timer
S1712432153.554635,VS0,VE149
etag
"c100248df0581f880ddd63de29a0474d"
vary
Accept-Encoding
x-goog-generation
1712043414554512
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=9hkhRg==, md5=wQAkjfBYH4gN3WPeKaBHTQ==
cache-control
max-age=31536000, immutable
x-goog-stored-content-length
9388
x-amz-checksum-crc32c
9hkhRg==
accept-ranges
bytes
x-cache-hits
0
NGS6v5_NC0k9P9H2TbE.woff2
fonts.gstatic.com/s/heebo/v26/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/heebo/v26/NGS6v5_NC0k9P9H2TbE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Heebo:300,400,500,700|Jura:500,600,700|Sunflower:300,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
964dfe7c512a6166c71c6c9791d84a9ce38c192f66e596dbc507114024a5c431
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://login-stg.botchk.net
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 06 Apr 2024 04:49:34 GMT
x-content-type-options
nosniff
age
53179
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30240
x-xss-protection
0
last-modified
Wed, 31 Jan 2024 23:13:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 06 Apr 2025 04:49:34 GMT
favicon.svg
dev-console-cdn.humansecurity.com/auth/ 		2 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://dev-console-cdn.humansecurity.com/auth/favicon.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
9c4d47c7bbb6b5406c1521587d9d5dab3c4de0f76a4fc12ac4ea97a2790ebe93
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 06 Apr 2025 19:35:53 GMT
date
Sat, 06 Apr 2024 19:35:53 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=300
x-guploader-uploadid
ABPtcPo35iTQq1TIU7W9owTta-7Tte-XpVIrmypYtSuF0K0ANfVqTpSrqEskUxZljiFj0DScVZE
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
x-served-by
cache-fra-eddf8230127-FRA
last-modified
Tue, 02 Apr 2024 07:36:54 GMT
server
UploadServer
x-timer
S1712432153.098674,VS0,VE127
etag
"79258a2a65fafff67950061c4764f380"
vary
Accept-Encoding
x-goog-generation
1712043414464657
content-type
image/svg+xml
access-control-allow-origin
*
x-goog-hash
crc32c=rl3nWw==, md5=eSWKKmX6//Z5UAYcR2TzgA==
cache-control
max-age=31536000, immutable
x-goog-stored-content-length
711
x-amz-checksum-crc32c
rl3nWw==
accept-ranges
bytes
x-cache-hits
0
/
pxportal-mktg-banner.netlify.app/ Frame 3E0E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pxportal-mktg-banner.netlify.app/
Requested by
Host: dev-console-cdn.humansecurity.com
URL: https://dev-console-cdn.humansecurity.com/auth/main.f49d6ab2c678dbd019c4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
age
826
cache-control
public,max-age=0,must-revalidate
cache-status
"Netlify Edge"; hit
content-encoding
br
content-length
1941
content-type
text/html; charset=UTF-8
date
Sat, 06 Apr 2024 19:35:53 GMT
etag
"97a438887ef3b3b68e388dbbbd430a27-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-nf-request-id
01HTTEJ0HS7J93X863Q605TCFP

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
login-stg.botchk.net
URL
https://login-stg.botchk.net/3tHq532g/init.js
Domain
browser.sentry-cdn.com
URL
https://browser.sentry-cdn.com/7.7.0/bundle.tracing.min.js

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| pxcdn string| GoogleAnalyticsObject function| ga object| pxas object| google_tag_data object| gaplugins object| webpackChunk_portalx_auth object| regeneratorRuntime object| Sentry

1 Cookies

Domain/Path Name / Value
.info.humansecurity.com/ Name: __cf_bm
Value: fz5pWKsR24Xe_ZEmj9a8Tyhlux3y7r44Uq8IFgcPKTA-1712432153-1.0.1.1-pKuIpEOf7g1naqJPSBESMsMGORclSfZPaJtchh3DCl0Ep5B0ymov9sI7YL2dRn0J08sGwlqQ3.JEZRTNCkLwyg

11 Console Messages

Source Level URL
Text
security error URL: https://login-stg.botchk.net/
Message:
The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
security error URL: https://login-stg.botchk.net/
Message:
[Report Only] Refused to load the script 'https://login-stg.botchk.net/3tHq532g/init.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' pxportal-mktg-banner.netlify.app *.perimeterx.com *.humansecurity.com client.px-cloud.net cdn.trackjs.com ok1static.oktacdn.com rum-static.pingdom.net www.google-analytics.com widget.intercom.io js.intercomcdn.com code.jquery.com *.px-cloud.net *.px-cdn.net fonts.googleapis.com www.google.com *.newrelic.com *.nr-data.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://login-stg.botchk.net/
Message:
Refused to load the script 'https://login-stg.botchk.net/3tHq532g/init.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' pxportal-mktg-banner.netlify.app *.perimeterx.com *.humansecurity.com client.px-cloud.net cdn.trackjs.com ok1static.oktacdn.com rum-static.pingdom.net www.google-analytics.com widget.intercom.io js.intercomcdn.com code.jquery.com *.px-cloud.net *.px-cdn.net fonts.googleapis.com www.google.com *.newrelic.com *.nr-data.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://login-stg.botchk.net/
Message:
[Report Only] Refused to load the script 'https://browser.sentry-cdn.com/7.7.0/bundle.tracing.min.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' pxportal-mktg-banner.netlify.app *.perimeterx.com *.humansecurity.com client.px-cloud.net cdn.trackjs.com ok1static.oktacdn.com rum-static.pingdom.net www.google-analytics.com widget.intercom.io js.intercomcdn.com code.jquery.com *.px-cloud.net *.px-cdn.net fonts.googleapis.com www.google.com *.newrelic.com *.nr-data.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://login-stg.botchk.net/
Message:
Refused to load the script 'https://browser.sentry-cdn.com/7.7.0/bundle.tracing.min.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' pxportal-mktg-banner.netlify.app *.perimeterx.com *.humansecurity.com client.px-cloud.net cdn.trackjs.com ok1static.oktacdn.com rum-static.pingdom.net www.google-analytics.com widget.intercom.io js.intercomcdn.com code.jquery.com *.px-cloud.net *.px-cdn.net fonts.googleapis.com www.google.com *.newrelic.com *.nr-data.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://dev-console-cdn.humansecurity.com/auth/main.f49d6ab2c678dbd019c4.js(Line 1)
Message:
The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
recommendation verbose URL: https://login-stg.botchk.net/user/login
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
other warning URL: https://login-stg.botchk.net/user/login
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://login-stg.botchk.net/user/login
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://login-stg.botchk.net/user/login
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://login-stg.botchk.net/user/login
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests; frame-ancestors 'self'; block-all-mixed-content; script-src 'unsafe-inline' 'unsafe-eval' pxportal-mktg-banner.netlify.app *.perimeterx.com *.humansecurity.com client.px-cloud.net cdn.trackjs.com ok1static.oktacdn.com rum-static.pingdom.net www.google-analytics.com widget.intercom.io js.intercomcdn.com code.jquery.com *.px-cloud.net *.px-cdn.net fonts.googleapis.com www.google.com *.newrelic.com *.nr-data.net; object-src 'none'; worker-src blob:; report-uri https://us-central1-portalx-csp.cloudfunctions.net/report; report-to csp-report;
Strict-Transport-Security max-age=86400
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0