![](/screenshots/850daccd-847d-41e4-b421-d273d1fc3bd6.png)
web.step.app
Open in
urlscan Pro
2606:4700:20::681a:107
Public Scan
Submission: On January 21 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on December 17th 2023. Valid for: 3 months.
This is the only time web.step.app was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 2606:4700:20:... 2606:4700:20::681a:107 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2a00:1450:400... 2a00:1450:4001:810::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:803::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 2001:4860:480... 2001:4860:4802:32::36 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:801::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 65.9.95.18 65.9.95.18 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:400c:c00::9c | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 65.9.95.36 65.9.95.36 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 54.156.160.250 54.156.160.250 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 3.33.152.127 3.33.152.127 | 16509 (AMAZON-02) (AMAZON-02) | |
27 | 11 |
ASN13335 (CLOUDFLARENET, US)
web.step.app | |
cdn-preupdate.step.app |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
firebase.googleapis.com |
ASN15169 (GOOGLE, US)
region1.google-analytics.com | |
region1.analytics.google.com |
ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com |
ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-18.prg50.r.cloudfront.net
widget.intercom.io |
ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-36.prg50.r.cloudfront.net
js.intercomcdn.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-160-250.compute-1.amazonaws.com
api-iam.intercom.io |
ASN16509 (AMAZON-02, US)
PTR: a69d63ecdf0f33068.awsglobalaccelerator.com
downloads.intercomcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
step.app
1 redirects
web.step.app cdn-preupdate.step.app |
1 MB |
4 |
googleapis.com
firebase.googleapis.com — Cisco Umbrella Rank: 3647 firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 557 |
1 KB |
3 |
intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 2157 downloads.intercomcdn.com — Cisco Umbrella Rank: 12241 |
389 KB |
3 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37 |
247 KB |
2 |
intercom.io
widget.intercom.io — Cisco Umbrella Rank: 1661 api-iam.intercom.io — Cisco Umbrella Rank: 2016 |
6 KB |
2 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2029 |
306 B |
1 |
google.de
www.google.de — Cisco Umbrella Rank: 6518 |
408 B |
1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 79 |
252 B |
1 |
google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2616 |
54 B |
27 | 9 |
Domain | Requested by | |
---|---|---|
10 | web.step.app |
1 redirects
web.step.app
|
3 | www.googletagmanager.com |
web.step.app
www.googletagmanager.com |
2 | js.intercomcdn.com |
widget.intercom.io
|
2 | firebaseinstallations.googleapis.com |
web.step.app
|
2 | region1.google-analytics.com |
www.googletagmanager.com
|
2 | firebase.googleapis.com |
web.step.app
|
1 | downloads.intercomcdn.com | |
1 | api-iam.intercom.io |
js.intercomcdn.com
|
1 | www.google.de | |
1 | stats.g.doubleclick.net |
www.googletagmanager.com
|
1 | region1.analytics.google.com |
www.googletagmanager.com
|
1 | widget.intercom.io |
web.step.app
|
1 | cdn-preupdate.step.app |
web.step.app
|
27 | 13 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
step.app GTS CA 1P5 |
2023-12-17 - 2024-03-16 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-12-11 - 2024-03-04 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-12-11 - 2024-03-04 |
3 months | crt.sh |
*.intercom.com Amazon RSA 2048 M03 |
2024-01-15 - 2025-02-11 |
a year | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-12-11 - 2024-03-04 |
3 months | crt.sh |
www.google.de GTS CA 1C3 |
2023-12-11 - 2024-03-04 |
3 months | crt.sh |
*.intercomcdn.com Amazon RSA 2048 M02 |
2023-12-01 - 2024-12-29 |
a year | crt.sh |
intercom-attachments-9.com Amazon RSA 2048 M03 |
2024-01-18 - 2025-02-15 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://web.step.app/
Frame ID: 9E6B3151538DCE67AFD97AEF7C91B2EB
Requests: 20 HTTP requests in this frame
Frame:
https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
Frame ID: 6C371C99141C700482D445DA257E7264
Requests: 2 HTTP requests in this frame
Frame:
https://js.intercomcdn.com/frame-modern.f3ec8930.js
Frame ID: EF9A01F9F156BFEF386E11ADD65D8864
Requests: 3 HTTP requests in this frame
Screenshot
![](/screenshots/850daccd-847d-41e4-b421-d273d1fc3bd6.png)
Page Title
Step App | WebDetected technologies
Detected patterns
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: User Agreement
Search URL Search Domain Scan URL
Title: User Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
web.step.app/ |
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-c9afe529.js
web.step.app/assets/ |
1 MB 438 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-ae585b0b.js
web.step.app/assets/ |
19 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-9b097a67.css
web.step.app/assets/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
276 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/ Frame 6C37 Redirect Chain
|
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SignIn-6820b114.js
web.step.app/assets/ |
744 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SignIn-8f0ff971.css
web.step.app/assets/ |
255 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ |
355 B 428 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statics.json
cdn-preupdate.step.app/statics/latest/ |
22 MB 957 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 252 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ |
625 B 679 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SFMono-Bold-87372509.woff2
web.step.app/assets/ |
44 KB 45 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
84902ee24eeb9046
web.step.app/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 6C37 |
0 500 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
abikvo75
widget.intercom.io/widget/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
221 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
221 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.analytics.google.com/g/ |
0 54 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/g/ |
0 252 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frame-modern.f3ec8930.js
js.intercomcdn.com/ Frame EF9A |
878 KB 250 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-modern.4798fff6.js
js.intercomcdn.com/ Frame EF9A |
426 KB 131 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
ping
api-iam.intercom.io/messenger/web/ Frame EF9A |
4 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1bf1cb0ca87a05407f159a07264fa0b5.png
downloads.intercomcdn.com/i/o/466034/f0c0b45e3422e1a261987507/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 54 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| gtag object| dataLayer object| intercomSettings function| Intercom function| IMask function| Buffer object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal function| __intercomAssignLocation function| __intercomReloadLocation7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.step.app/ | Name: _ga Value: GA1.1.1570568455.1705846672 |
|
.step.app/ | Name: _ga_3766Q8BJM3 Value: GS1.1.1705846672.1.0.1705846672.0.0.0 |
|
.step.app/ | Name: cf_clearance Value: 2cJZiUbgjzkmhXU.X1JzMh3DA9_yQLV83CbQAM5frwo-1705846672-1-AY0urwR6Dn1DYI8qPpTQ4PYOSWUboc8YlpLgV+z/XVXMjJd7dBmYJ/IkNa7mNPSO+Z7nGxfvyme2QvNMnldcHzk= |
|
.step.app/ | Name: _ga_M830R3N37B Value: GS1.1.1705846672.1.0.1705846672.60.0.0 |
|
.step.app/ | Name: intercom-id-abikvo75 Value: 4ac6f8db-b8de-4f21-93d6-feb8c32d5856 |
|
.step.app/ | Name: intercom-session-abikvo75 Value: |
|
.step.app/ | Name: intercom-device-id-abikvo75 Value: 08a46756-ab3c-4de2-8864-05922e872492 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api-iam.intercom.io
cdn-preupdate.step.app
downloads.intercomcdn.com
firebase.googleapis.com
firebaseinstallations.googleapis.com
js.intercomcdn.com
region1.analytics.google.com
region1.google-analytics.com
stats.g.doubleclick.net
web.step.app
widget.intercom.io
www.google.de
www.googletagmanager.com
2001:4860:4802:32::36
2606:4700:20::681a:107
2a00:1450:4001:801::200a
2a00:1450:4001:803::200a
2a00:1450:4001:810::2008
2a00:1450:4001:827::2003
2a00:1450:400c:c00::9c
3.33.152.127
54.156.160.250
65.9.95.18
65.9.95.36
0814e002ad0ee277700afa57a301fc5d07f2c4c770fe09a814610d9221d8e739
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
2db4a1bc6c27a7baa4a97ef403e2b24ca6dbf56dcec8ecabd427548531f71794
2dbd2763b4a4737449edde1b2101a203519474ca89bde86bd64712f29fc6b197
44de69172ab64ec6a967ce8c71643835aa14fcd45f5b16b11d97f8315c8b4414
4e681c35b39655dcf687fdd1517ba26b88805f1941750eeb473a60a815d353d5
4e8883853a16dd576c9b68f29f7d1c02e24e9093a9c8edb61137821e157f08b1
53d791e6da3585b8c4807fe25792a39b94a1597da580a2bf8eb0740cce50acae
659646e379eb3281e62c3b079f1f714f8cf487eceee43055c5bdb4d5aaabdb19
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
93c5a04b73763c0f05de77a3e8eeadd079b39c83f2b493f68bd0a36ba13687d7
9b097a67faef1025bf62951c36e586916f2ed519cadb4c1cd0f47c3653e67e57
9c0406e9a552bece8e09615337f53d1b67106a0c9a34178cbbe5f1551d38913d
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
a90b457cadf4e5713ffa1f33cf644072cd3b5652b5dfed0c3457036e6a58c397
b0f3d3a42479bc691e20422698ee8e2cf9772fb38037b835c922fb54ec79bbf8
e192e4d46cf7f0ad2f5e957a6d7f217aea3fccf995eca6e9af9d4965f0e5a4a2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629