urlscan.io logo urlscan.io
SecurityTrails logo

vivamacity.loopreturns.com Open in urlscan Pro
35.82.247.11  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://vivamacity.loopreturns.com/
Effective URL: https://vivamacity.loopreturns.com/
Submission: On February 15 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 3 countries across 10 domains to perform 25 HTTP transactions. The main IP is 35.82.247.11, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is vivamacity.loopreturns.com.
TLS certificate: Issued by R3 on December 2nd 2023. Valid for: 3 months.
This is the only time vivamacity.loopreturns.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    52.39.206.222 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-39-206-222.us-west-2.compute.amazonaws.com
vivamacity.loopreturns.com
3    35.82.247.11 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-82-247-11.us-west-2.compute.amazonaws.com
vivamacity.loopreturns.com
api.loopreturns.com
1    2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
4    2600:9000:2251:8a00:5:931b:16c0:21 (United States)

ASN16509 (AMAZON-02, US)
d1nnh0c8uc313v.cloudfront.net
1    2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    99.86.4.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-99.fra6.r.cloudfront.net
js.stripe.com
1    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
3    54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com
q.stripe.com
2    151.101.128.176 (United States)

ASN54113 (FASTLY, US)
m.stripe.network
1    44.241.41.145 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-241-41-145.us-west-2.compute.amazonaws.com
m.stripe.com
1    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    13.227.222.191 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-222-191.ams54.r.cloudfront.net
cdn.segment.com
1    23.227.60.200 (Ottawa, Canada)

ASN13335 (CLOUDFLARENET, US)
PTR: cdn.shopify.com
cdn.shopify.com
2    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1356
q.stripe.com — Cisco Umbrella Rank: 8764
m.stripe.com — Cisco Umbrella Rank: 1289
152 KB
4 cloudfront.net
d1nnh0c8uc313v.cloudfront.net
545 KB
4 loopreturns.com
vivamacity.loopreturns.com
api.loopreturns.com — Cisco Umbrella Rank: 175611
28 KB
3 gstatic.com
www.gstatic.com
fonts.gstatic.com
232 KB
2 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1944
30 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1444
16 KB
1 shopify.com
cdn.shopify.com — Cisco Umbrella Rank: 2285
4 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 48
1 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 52
92 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
1 KB
25 10
Domain Requested by
4 d1nnh0c8uc313v.cloudfront.net vivamacity.loopreturns.com
3 q.stripe.com vivamacity.loopreturns.com
3 js.stripe.com vivamacity.loopreturns.com
js.stripe.com
2 fonts.gstatic.com fonts.googleapis.com
2 cdn.segment.com d1nnh0c8uc313v.cloudfront.net
2 m.stripe.network js.stripe.com
m.stripe.network
2 api.loopreturns.com d1nnh0c8uc313v.cloudfront.net
2 vivamacity.loopreturns.com 1 redirects
1 cdn.shopify.com
1 fonts.googleapis.com d1nnh0c8uc313v.cloudfront.net
1 m.stripe.com m.stripe.network
1 www.gstatic.com www.google.com
1 www.googletagmanager.com vivamacity.loopreturns.com
1 www.google.com vivamacity.loopreturns.com
25 14

This site contains links to these domains. Also see Links.

Domain
www.vivamacity.com
www.loopreturns.com
Subject Issuer Validity Valid
*.loop.gift
R3		 2023-12-02 -
2024-03-01		 3 months crt.sh
www.google.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-02-07 -
2024-05-09		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-12-20 -
2024-03-21		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-22 -
2024-03-21		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
*.segment.com
Amazon RSA 2048 M03		 2023-11-14 -
2024-12-13		 a year crt.sh
cdn.shopify.com
E1		 2024-01-06 -
2024-04-05		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://vivamacity.loopreturns.com/
Frame ID: 84FE208732A977BD618390378086DEE4
Requests: 17 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 841EC7A3767337F704E7E79A9B3FE942
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: D63273D915759BE094D8E45929FC3820
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Vivamacity ReturnsLoop Returns | The returns solution for Shopify's top brands

Page URL History Show full URLs

  1. http://vivamacity.loopreturns.com/ HTTP 301
    https://vivamacity.loopreturns.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

25
Requests

100 %
HTTPS

43 %
IPv6

10
Domains

14
Subdomains

13
IPs

3
Countries

1102 kB
Transfer

4101 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://vivamacity.loopreturns.com/ HTTP 301
    https://vivamacity.loopreturns.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
vivamacity.loopreturns.com/
Redirect Chain
  • http://vivamacity.loopreturns.com/
  • https://vivamacity.loopreturns.com/
3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vivamacity.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.82.247.11 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-82-247-11.us-west-2.compute.amazonaws.com
Software
openresty/1.21.4.2 /
Resource Hash
78c391adb68cb2ff0e4645c63670eb8f5f3f3afe0acc678c3c526a36efad4742
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-security-policy
frame-ancestors 'self' *.loopreturns.com *.myshopify.com
content-type
text/html; charset=utf-8
date
Thu, 15 Feb 2024 20:46:59 GMT
etag
W/"65ce6fde-a27"
last-modified
Thu, 15 Feb 2024 20:11:10 GMT
referrer-policy
strict-origin-when-cross-origin
server
openresty/1.21.4.2
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

Connection
keep-alive
Content-Length
175
Content-Type
text/html
Date
Thu, 15 Feb 2024 20:46:59 GMT
Location
https://vivamacity.loopreturns.com/
Server
openresty/1.21.4.2
api.js
www.google.com/recaptcha/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: vivamacity.loopreturns.com
URL: https://vivamacity.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d1366169a5911b46848e8e9a44be326ccf46950c96be143a42145a17247aee06
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vivamacity.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 20:47:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 15 Feb 2024 20:47:00 GMT
index.e7ec2ef9.js
d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/ 		820 KB
191 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/index.e7ec2ef9.js
Requested by
Host: vivamacity.loopreturns.com
URL: https://vivamacity.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:8a00:5:931b:16c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4b8e7e50b68f6577e617692516f268d6b7556badfcbd41cff7f90af03e57a14e

Request headers

Referer
https://vivamacity.loopreturns.com/
Origin
https://vivamacity.loopreturns.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 20:46:54 GMT
x-amz-version-id
9RcpC_3oIjNlqyTzzZ35lScRqJRTBte_
content-encoding
gzip
via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
7
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-expiration
expiry-date="Sun, 17 Mar 2024 00:00:00 GMT", rule-id="rule-1"
last-modified
Thu, 15 Feb 2024 20:11:15 GMT
server
AmazonS3
etag
W/"8f5ad959047dd75430ed295d28db6b4e"
access-control-max-age
0
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
x-amz-cf-id
atvCpUN02M9Qer9oJh3GTgqBF5c3AsNEI-Qtt8h3Kk0MMHidU6HRVw==
vendor.0accc842.js
d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/ 		814 KB
276 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.0accc842.js
Requested by
Host: vivamacity.loopreturns.com
URL: https://vivamacity.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:8a00:5:931b:16c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3b69c85426545db5aadc05b7f8d0a001dc69c3d7c8c07e874b6d340475346cc9

Request headers

Referer
https://vivamacity.loopreturns.com/
Origin
https://vivamacity.loopreturns.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
qNSHpoaoDyEbW6b.9IpN71W6K8tOnbDi
content-encoding
gzip
via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
date
Thu, 15 Feb 2024 20:37:32 GMT
x-amz-cf-pop
FRA60-P3
age
568
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 09 Feb 2024 20:35:19 GMT
server
AmazonS3
etag
W/"67cef0ae62aebbb07a4ae868ded7b09d"
access-control-max-age
0
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
x-amz-cf-id
5k-pSUhlJkCSuQkYPo-3eqrOJufmV_7go6yKTo_9iIQekWLQakdc0g==
index.8b7badf4.css
d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/ 		834 KB
77 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/index.8b7badf4.css
Requested by
Host: vivamacity.loopreturns.com
URL: https://vivamacity.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:8a00:5:931b:16c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8b7badf4eb22f38863cf3aba7e2f44a965163e180fed6de9749b285588f93721

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vivamacity.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
sjMfLip8JpWtAIljUWdQNnXLCu8fG8we
content-encoding
gzip
via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
x-amz-expiration
expiry-date="Sun, 17 Mar 2024 00:00:00 GMT", rule-id="rule-1"
last-modified
Thu, 15 Feb 2024 18:42:54 GMT
server
AmazonS3
date
Thu, 15 Feb 2024 20:46:54 GMT
x-amz-cf-pop
FRA60-P3
age
7
x-amz-server-side-encryption
AES256
etag
W/"ea4ee840d87eb9e7aadf6bf94996bb76"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/css
x-amz-cf-id
jhHSQLjr5r0JlwtwsVVpIstZbtBxVo9HGEgfQI8Uzcztl7izipP7Dw==
js
www.googletagmanager.com/gtag/ 		276 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-XHPC1ZBWV3
Requested by
Host: vivamacity.loopreturns.com
URL: https://vivamacity.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6fb1bee6f05a80b854713ba8fad602f2407ca4ac13fbde734d97fe087642fc32
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vivamacity.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 20:47:00 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
93365
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Feb 2024 20:47:00 GMT
/
js.stripe.com/v3/ 		598 KB
147 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: vivamacity.loopreturns.com
URL: https://vivamacity.loopreturns.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-99.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
d88d24d49ad03a8014c9ee0c3f1515ac1945c15ee8b373dec84765308bf3c7cc
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vivamacity.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 20:46:41 GMT
content-encoding
br
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
20
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
last-modified
Thu, 15 Feb 2024 18:42:39 GMT
server
Cloudfront
etag
W/"09507a63bec2211f3c0c1033bcf88a25"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
XBBulf7zQRd30F5wjMq-GveRYnbqNBzJ6HCks5FxdLEOgbQ2auGvgQ==
recaptcha__de.js
www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/ 		492 KB
197 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f73b574d1f2ea3ca1551ec864077fa60535b48e64a20f39930d5bab098181f6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://vivamacity.loopreturns.com/
Origin
https://vivamacity.loopreturns.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 18:44:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
7344
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
201084
x-xss-protection
0
last-modified
Mon, 12 Feb 2024 03:00:37 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 14 Feb 2025 18:44:36 GMT
init
api.loopreturns.com/api/v1/ 		20 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.loopreturns.com/api/v1/init
Requested by
Host: d1nnh0c8uc313v.cloudfront.net
URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.0accc842.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.82.247.11 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-82-247-11.us-west-2.compute.amazonaws.com
Software
openresty/1.21.4.2 /
Resource Hash
3ccb7a4c3fdc1c3a57ff5c4fae8b375aad84d492d119c0a043702144a042e1ed
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://vivamacity.loopreturns.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 20:47:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff, nosniff
content-security-policy
frame-ancestors 'self' *.loopreturns.com *.myshopify.com
x-loop-request-id
d60a0ba1-68e3-44e5-8abd-8b4bfa838948
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
openresty/1.21.4.2
x-frame-options
SAMEORIGIN, SAMEORIGIN
access-control-allow-methods
DELETE, GET, PATCH, POST, PUT, OPTIONS
content-type
application/json
access-control-allow-origin
https://vivamacity.loopreturns.com
access-control-expose-headers
Version
cache-control
no-cache, private
access-control-allow-credentials
true
x-ratelimit-limit
300
access-control-allow-headers
Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, X-Authorization, X-CSRF-TOKEN, x-datadog-trace-id, x-datadog-parent-id, x-datadog-origin, x-datadog-sampling-priority, x-datadog-sampled
x-ratelimit-remaining
299
version
0
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 841E 		200 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-99.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://vivamacity.loopreturns.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
3138
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 15 Feb 2024 19:54:43 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Tue, 06 Feb 2024 23:12:25 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-cf-id
Gedg4eavTU_xNAKU_ii_4ERrbwQ--RFz_Y1u2Gd3voxWmbo6OAGMNQ==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
js.stripe.com/v3/fingerprinted/js/ Frame 841E 		526 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-99.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 19:54:44 GMT
via
1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
age
3137
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
content-length
526
last-modified
Tue, 06 Feb 2024 23:12:23 GMT
server
Cloudfront
etag
"d96c709017743c0759cf3853d1806ba5"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
ITmLlcnlQHHQEjAHprRdLUOTwpN9Mq7e1kqiC8fBxoh3FfcjPSZdrA==
csp-report
q.stripe.com/ Frame 841E 		0
715 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: vivamacity.loopreturns.com
URL: https://vivamacity.loopreturns.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Thu, 15 Feb 2024 20:47:00 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1708030020870798
x-envoy-upstream-service-time
2
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
1
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1708030020870248
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame 841E 		0
716 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: vivamacity.loopreturns.com
URL: https://vivamacity.loopreturns.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Thu, 15 Feb 2024 20:47:00 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1708030020870642
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
0
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1708030020870218
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
inner.html
m.stripe.network/ Frame D632 		930 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
179
cache-control
max-age=300, public
content-encoding
br
content-length
540
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 15 Feb 2024 20:47:00 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 varnish
x-cache
HIT
x-cache-hits
315
x-content-type-options
nosniff
x-request-id
91120701-7828-46a7-b433-24e6323c0f76
x-served-by
cache-fra-eddf8230065-FRA
x-timer
S1708030020.442271,VS0,VE0
csp-report
q.stripe.com/ Frame D632 		0
490 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: vivamacity.loopreturns.com
URL: https://vivamacity.loopreturns.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Thu, 15 Feb 2024 20:47:00 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1708030020871403
x-envoy-upstream-service-time
10
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-stripe-server-envoy-upstream-service-time-ms
1
x-stripe-client-envoy-start-time-us
1708030020870295
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
expires
0
out-4.5.43.js
m.stripe.network/ Frame D632 		87 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.43.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Thu, 15 Feb 2024 20:47:00 GMT
x-content-type-options
nosniff
content-encoding
br
via
1.1 varnish
age
53
x-cache
HIT
content-length
15509
x-request-id
59f7b37a-8b62-4e26-93d5-0da3ec1df781
x-served-by
cache-fra-eddf8230065-FRA
server
Fastly
x-timer
S1708030020.471552,VS0,VE0
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
accept-ranges
bytes
x-cache-hits
107
6
m.stripe.com/ Frame D632 		156 B
668 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.241.41.145 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-241-41-145.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
052b8d7b6fae2927c912ecf0b6241ac5b8a10f4b57abc2f5e76a53e3dea81378
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
green
date
Thu, 15 Feb 2024 20:47:01 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1708030021035242
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
3
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1708030021034856
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
css
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Oswald%7CRaleway
Requested by
Host: d1nnh0c8uc313v.cloudfront.net
URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.0accc842.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2a82aceffd70089182417eb31db891e7a3b1529b69e45a47971ba537a8c8c18b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vivamacity.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 15 Feb 2024 20:47:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 15 Feb 2024 20:47:01 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 15 Feb 2024 20:47:01 GMT
analytics.min.js
cdn.segment.com/analytics.js/v1/23J8MEiBHfZJhx1lYDEqR9SPqaIV9vvR/ 		108 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/23J8MEiBHfZJhx1lYDEqR9SPqaIV9vvR/analytics.min.js
Requested by
Host: d1nnh0c8uc313v.cloudfront.net
URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/index.e7ec2ef9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.227.222.191 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-227-222-191.ams54.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2b6ed7aaa4b9609a0a3f790751bcad8941fcad07ed9d7c432c0ed7c6f117ff59

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vivamacity.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
FW21CdpRNLxSuj5LPA.642bXOH4alrsI
content-encoding
br
via
1.1 4445c4223f8c2460ef5d29a08d1cc6ac.cloudfront.net (CloudFront)
date
Thu, 15 Feb 2024 20:45:14 GMT
x-amz-cf-pop
AMS54-C1
age
108
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 12 Feb 2024 20:31:31 GMT
server
AmazonS3
etag
W/"82453d7b3d71f93156d03b8b646bddb6"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
xv_La588L0HjkK-kdGetSZWMtxkIBYvQPQBMKuVBy2Rvx-w_rmdS-A==
reason-groups
api.loopreturns.com/api/v1/2728/ 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.loopreturns.com/api/v1/2728/reason-groups
Requested by
Host: d1nnh0c8uc313v.cloudfront.net
URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.0accc842.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.82.247.11 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-82-247-11.us-west-2.compute.amazonaws.com
Software
openresty/1.21.4.2 /
Resource Hash
7c14df10ee42436485a99e0410e3f1e81fc0a51d74b99cdab1ac654d351ee9cb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://vivamacity.loopreturns.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 20:47:01 GMT
content-security-policy
frame-ancestors 'self' *.loopreturns.com *.myshopify.com
x-content-type-options
nosniff, nosniff
x-loop-request-id
a084c17a-8131-4daa-b771-5ddc872d811f
x-xss-protection
1; mode=block
server
openresty/1.21.4.2
x-frame-options
SAMEORIGIN, SAMEORIGIN
access-control-allow-methods
DELETE, GET, PATCH, POST, PUT, OPTIONS
content-type
application/json
access-control-allow-origin
https://vivamacity.loopreturns.com
access-control-expose-headers
Version
cache-control
no-cache, private
access-control-allow-credentials
true
x-ratelimit-limit
300
access-control-allow-headers
Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, X-Authorization, X-CSRF-TOKEN, x-datadog-trace-id, x-datadog-parent-id, x-datadog-origin, x-datadog-sampling-priority, x-datadog-sampled
x-ratelimit-remaining
298
version
0
VIVAMACITY-NEW-LOGO-VECTOR_140x@2x.png
cdn.shopify.com/s/files/1/1370/5267/files/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/s/files/1/1370/5267/files/VIVAMACITY-NEW-LOGO-VECTOR_140x@2x.png?v=1579999904
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
13a77c5e7f221c8b2f9fbb38bd407f22114671cf17e0685dd740f7e77ddf90ce
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vivamacity.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 20:47:01 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
source-type
image/png
server-timing
imagery;dur=455.633, imageryFetch;dur=35.623, imageryProcess;dur=419.001;desc="image", cfRequestDuration;dur=62.000036
source-length
326271
content-length
3510
x-xss-protection
1; mode=block
x-request-id
57400817-5e06-4da1-a8ff-1df4ea7d9ee1
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 12 Feb 2024 16:35:06 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3xeKfOsliQjhSj%2F%2BUviKl2ZJap0dFWFFODaw1tnYrG%2FlIOMpX8185or5ddl2PBzXJUyQCYgtQ2LGNKmlpCdSy9reY%2Bi60crCxA%2FAyDXh6vmDkRSGETBnONdEIXf9vZUDLA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/avif
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1370/5267/files/VIVAMACITY-NEW-LOGO-VECTOR_140x@2x.png>; rel="canonical"
cf-ray
856067515f518fd0-FRA
close.svg
d1nnh0c8uc313v.cloudfront.net/customer-portal/img/icons/ 		652 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1nnh0c8uc313v.cloudfront.net/customer-portal/img/icons/close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:8a00:5:931b:16c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
91c4e52fb442a8db49f6288f4e0c59376f0f8c9675bc8e847154e576dd57944b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vivamacity.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
o9QsrTfI7Yatbdv2tLsGEMgqxgCE4zkT
date
Thu, 15 Feb 2024 19:58:54 GMT
via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
2888
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
652
x-amz-expiration
expiry-date="Sat, 16 Mar 2024 00:00:00 GMT", rule-id="rule-1"
last-modified
Wed, 14 Feb 2024 22:34:54 GMT
server
AmazonS3
etag
"765baec03ebf4eba6af7248b4b6e190d"
vary
Accept-Encoding, Origin
content-type
image/svg+xml
accept-ranges
bytes
x-amz-cf-id
tgThDQh39vrDNQgwnocG_hdmC60hkidAGgDCJ_FqZf6rd8EYTUmweA==
TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v53/ 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald%7CRaleway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24df88e7e15c4b0b11eccc139235e04384513c803b5221485375b7acee755bac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://vivamacity.loopreturns.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 13 Feb 2024 07:21:10 GMT
x-content-type-options
nosniff
age
221151
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12276
x-xss-protection
0
last-modified
Tue, 15 Aug 2023 18:49:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Feb 2025 07:21:10 GMT
1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
fonts.gstatic.com/s/raleway/v29/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v29/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald%7CRaleway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5ec1e2ebe080ec8fbfbdc7dd9c0c25449e1d98e4e947c11a00fd770d8841698b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://vivamacity.loopreturns.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 17:48:29 GMT
x-content-type-options
nosniff
age
10712
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22420
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:56:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 14 Feb 2025 17:48:29 GMT
settings
cdn.segment.com/v1/projects/23J8MEiBHfZJhx1lYDEqR9SPqaIV9vvR/ 		603 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/23J8MEiBHfZJhx1lYDEqR9SPqaIV9vvR/settings
Requested by
Host: d1nnh0c8uc313v.cloudfront.net
URL: https://d1nnh0c8uc313v.cloudfront.net/customer-portal/assets/vendor.0accc842.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.227.222.191 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-227-222-191.ams54.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9c7623455cf5c4b62c93ef4bf3ddc8f3173c42e971919fb07fa2fc22eeada537

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://vivamacity.loopreturns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
79Amep1qqKdkfYFQj6AbO.kGyylAkxne
date
Thu, 15 Feb 2024 18:37:30 GMT
via
1.1 b8eaad25e4131c15c21d3d50aac2684c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS54-C1
age
7772
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
603
last-modified
Mon, 18 Dec 2023 16:45:39 GMT
server
AmazonS3
etag
"9bef6a1d7822765f31f2226144670713"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
accept-ranges
bytes
x-amz-cf-id
E6jZbJIL1LWvhY12iwXmS05AP9bW3_dYs_WBEiJ-TMvMpDCVF2s6xA==

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| webpackChunkStripeJSouter function| noop function| Stripe object| DD_RUM function| applyFocusVisiblePolyfill boolean| __VUE__ boolean| __vite_is_modern_browser object| google_tag_manager object| google_tag_data object| dataLayer object| recaptcha object| analytics object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext

4 Cookies

Domain/Path Name / Value
m.stripe.com/ Name: m
Value: 761fb7d3-b86d-42ed-b7f6-22e31f584f36d9b18d
.vivamacity.loopreturns.com/ Name: __stripe_mid
Value: 914191d9-b335-4948-a5ee-69d4dfbdc3e90c1a5e
.vivamacity.loopreturns.com/ Name: __stripe_sid
Value: 88d02fa4-6579-434b-858f-fd0ed43c2f6f615e65
vivamacity.loopreturns.com/ Name: _dd_s
Value: rum=0&expire=1708030920227

2 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
other warning URL: https://vivamacity.loopreturns.com/#/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.loopreturns.com *.myshopify.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.loopreturns.com
cdn.segment.com
cdn.shopify.com
d1nnh0c8uc313v.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
vivamacity.loopreturns.com
www.google.com
www.googletagmanager.com
www.gstatic.com
13.227.222.191
151.101.128.176
23.227.60.200
2600:9000:2251:8a00:5:931b:16c0:21
2a00:1450:4001:800::2003
2a00:1450:4001:811::2008
2a00:1450:4001:812::2004
2a00:1450:4001:829::200a
2a00:1450:4001:830::2003
35.82.247.11
44.241.41.145
52.39.206.222
54.187.119.242
99.86.4.99
052b8d7b6fae2927c912ecf0b6241ac5b8a10f4b57abc2f5e76a53e3dea81378
13a77c5e7f221c8b2f9fbb38bd407f22114671cf17e0685dd740f7e77ddf90ce
24df88e7e15c4b0b11eccc139235e04384513c803b5221485375b7acee755bac
2a82aceffd70089182417eb31db891e7a3b1529b69e45a47971ba537a8c8c18b
2b6ed7aaa4b9609a0a3f790751bcad8941fcad07ed9d7c432c0ed7c6f117ff59
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
3b69c85426545db5aadc05b7f8d0a001dc69c3d7c8c07e874b6d340475346cc9
3ccb7a4c3fdc1c3a57ff5c4fae8b375aad84d492d119c0a043702144a042e1ed
4b8e7e50b68f6577e617692516f268d6b7556badfcbd41cff7f90af03e57a14e
5ec1e2ebe080ec8fbfbdc7dd9c0c25449e1d98e4e947c11a00fd770d8841698b
6fb1bee6f05a80b854713ba8fad602f2407ca4ac13fbde734d97fe087642fc32
78c391adb68cb2ff0e4645c63670eb8f5f3f3afe0acc678c3c526a36efad4742
7c14df10ee42436485a99e0410e3f1e81fc0a51d74b99cdab1ac654d351ee9cb
8b7badf4eb22f38863cf3aba7e2f44a965163e180fed6de9749b285588f93721
91c4e52fb442a8db49f6288f4e0c59376f0f8c9675bc8e847154e576dd57944b
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
9c7623455cf5c4b62c93ef4bf3ddc8f3173c42e971919fb07fa2fc22eeada537
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
d1366169a5911b46848e8e9a44be326ccf46950c96be143a42145a17247aee06
d88d24d49ad03a8014c9ee0c3f1515ac1945c15ee8b373dec84765308bf3c7cc
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f73b574d1f2ea3ca1551ec864077fa60535b48e64a20f39930d5bab098181f6c