urlscan.io logo urlscan.io
SecurityTrails logo

duncdon.supportingcast.fm Open in urlscan Pro
151.101.2.217  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://duncdon.supportingcast.fm/login?t=nzvObN6uoMDv683XRi93mvG97lYayh
Effective URL: https://duncdon.supportingcast.fm/request_access
Submission: On May 12 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 12 HTTP transactions. The main IP is 151.101.2.217, located in San Francisco, United States and belongs to FASTLY, US. The main domain is duncdon.supportingcast.fm.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2023 Q3 on August 1st 2023. Valid for: a year.
This is the only time duncdon.supportingcast.fm was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 10 151.101.2.217 54113 (FASTLY)
1 2a04:4e42:400... 54113 (FASTLY)
2 52.35.127.12 16509 (AMAZON-02)
12 3
Apex Domain
Subdomains		 Transfer
10 supportingcast.fm
duncdon.supportingcast.fm
media.supportingcast.fm
2 MB
2 amplitude.com
api.amplitude.com — Cisco Umbrella Rank: 2266
227 B
1 polyfill-fastly.io
polyfill-fastly.io — Cisco Umbrella Rank: 22332
364 B
12 3
Domain Requested by
6 media.supportingcast.fm duncdon.supportingcast.fm
4 duncdon.supportingcast.fm 1 redirects duncdon.supportingcast.fm
2 api.amplitude.com media.supportingcast.fm
1 polyfill-fastly.io media.supportingcast.fm
12 4

This site contains links to these domains. Also see Links.

Domain
www.supportingcast.fm
Subject Issuer Validity Valid
*.supportingcast.fm
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-08-01 -
2024-09-01		 a year crt.sh
polyfill-fastly.net
Certainly Intermediate R1		 2024-04-23 -
2024-05-23		 a month crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA		 2024-01-31 -
2025-03-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://duncdon.supportingcast.fm/request_access
Frame ID: 2C93CFD79133A71A574BC83715863106
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Dunc'd On Prime | Login

Page URL History Show full URLs

  1. https://duncdon.supportingcast.fm/login?t=nzvObN6uoMDv683XRi93mvG97lYayh HTTP 302
    https://duncdon.supportingcast.fm/request_access Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • livewire(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js

Page Statistics

12
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

1
Countries

1864 kB
Transfer

1868 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://duncdon.supportingcast.fm/login?t=nzvObN6uoMDv683XRi93mvG97lYayh HTTP 302
    https://duncdon.supportingcast.fm/request_access Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request request_access
duncdon.supportingcast.fm/
Redirect Chain
  • https://duncdon.supportingcast.fm/login?t=nzvObN6uoMDv683XRi93mvG97lYayh
  • https://duncdon.supportingcast.fm/request_access
14 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://duncdon.supportingcast.fm/request_access
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
40b3085b288459f4e6b176fd0a2b900db81d513b574e892140947c2bafb6b284
Security Headers
Name Value
Content-Security-Policy default-src 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com data:;form-action *.supportingcast.fm docs.google.com connect.stripe.com *.supportingcast.fm;img-src * data:;media-src * data:;connect-src 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com;style-src 'unsafe-inline' 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com;frame-src docs.google.com *.stripe.com www.google.com;frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
no-cache, private
content-encoding
gzip
content-security-policy
default-src 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com data:;form-action *.supportingcast.fm docs.google.com connect.stripe.com *.supportingcast.fm;img-src * data:;media-src * data:;connect-src 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com;style-src 'unsafe-inline' 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com;frame-src docs.google.com *.stripe.com www.google.com;frame-ancestors 'none';
content-type
text/html; charset=UTF-8
cr-x-cache
MISS
date
Sun, 12 May 2024 13:23:16 GMT
feature-policy
geolocation 'self' https://js.stripe.com https://www.googletagmanager.com https://amplitude.com https://profile-api.amplitude.com; payment 'self' https://js.stripe.com
permissions-policy
camera=(), display-capture=(self), fullscreen=(self), geolocation=(), microphone=(), web-share=()
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-frame-options
DENY
x-served-by
cache-iad-kiad7000061-IAD, cache-fra-etou8220065-FRA
x-timer
S1715520196.396535,VS0,VE248
x-xss-protection
1; mode=block

Redirect headers

accept-ranges
bytes
cache-control
no-cache, private
content-length
438
content-type
text/html; charset=UTF-8
cr-x-cache
MISS
date
Sun, 12 May 2024 13:23:16 GMT
location
https://duncdon.supportingcast.fm/request_access
permissions-policy
camera=(), display-capture=(self), fullscreen=(self), geolocation=(), microphone=(), web-share=()
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-served-by
cache-iad-kjyo7100027-IAD, cache-fra-etou8220065-FRA
x-timer
S1715520196.222250,VS0,VE166
app.css
media.supportingcast.fm/css/ 		192 KB
193 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://media.supportingcast.fm/css/app.css?d=1715346507
Requested by
Host: duncdon.supportingcast.fm
URL: https://duncdon.supportingcast.fm/request_access
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
feb3ae83c347a667f2fff80919e6927000e43b8fe2c256859509e74486490002

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://duncdon.supportingcast.fm/request_access
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-served-by
cache-fra-etou8220065-FRA
date
Sun, 12 May 2024 13:23:16 GMT
via
1.1 varnish
cr-x-cache
HIT
last-modified
Fri, 10 May 2024 12:59:38 GMT
age
1398
x-timer
S1715520197.683231,VS0,VE1
etag
"7343ccacc3f07b0e7467f06958bc9bcb"
x-amz-server-side-encryption
AES256
x-cache
HIT
content-type
text/css
accept-ranges
bytes
content-length
197066
x-cache-hits
0
all.css
duncdon.supportingcast.fm/css/fontawesome/ 		137 KB
138 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://duncdon.supportingcast.fm/css/fontawesome/all.css
Requested by
Host: duncdon.supportingcast.fm
URL: https://duncdon.supportingcast.fm/request_access
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b11c01424cba6c9b882cb71f7e8b9598fc6bbd03519f53f717e70b53f67af723
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' *.supportingcast.cc *.supportingcast.dev *.supportingcast.co *.supportingcast.fm; style-src 'self' 'unsafe-inline' *.supportingcast.biz *.supportingcast.cc *.supportingcast.co *.supportingcast.fm; font-src 'self' *.supportingcast.biz *.supportingcast.cc *.supportingcast.co *.supportingcast.fm; frame-src *.supportingcast.cc *.supportingcast.co *.supportingcast.dev *.supportingcast.fm; object-src 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://duncdon.supportingcast.fm/request_access
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' *.supportingcast.cc *.supportingcast.dev *.supportingcast.co *.supportingcast.fm; style-src 'self' 'unsafe-inline' *.supportingcast.biz *.supportingcast.cc *.supportingcast.co *.supportingcast.fm; font-src 'self' *.supportingcast.biz *.supportingcast.cc *.supportingcast.co *.supportingcast.fm; frame-src *.supportingcast.cc *.supportingcast.co *.supportingcast.dev *.supportingcast.fm; object-src 'none'
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
date
Sun, 12 May 2024 13:23:16 GMT
age
39
x-cache
MISS, HIT
content-length
140798
x-xss-protection
1; mode=block
x-served-by
cache-iad-kcgs7200142-IAD, cache-fra-etou8220065-FRA
cr-x-cache
MISS
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 10 May 2024 12:58:32 GMT
accept-ch
Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA
x-timer
S1715520197.658224,VS0,VE90
etag
"663e19f8-225fe"
x-frame-options
DENY
content-type
text/css
accept-ranges
bytes
x-cache-hits
0, 0
supportingcast_sdk.js
media.supportingcast.fm/js/ 		98 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://media.supportingcast.fm/js/supportingcast_sdk.js?d=1715346507
Requested by
Host: duncdon.supportingcast.fm
URL: https://duncdon.supportingcast.fm/request_access
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0b3ac26b039604374f7097d710d7096f9f717d571154b603cdccf3b9175006b6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://duncdon.supportingcast.fm/request_access
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-served-by
cache-fra-etou8220065-FRA
date
Sun, 12 May 2024 13:23:16 GMT
via
1.1 varnish
cr-x-cache
HIT
last-modified
Fri, 10 May 2024 12:59:41 GMT
age
1398
x-timer
S1715520197.683622,VS0,VE1
etag
"d334c6795d6e04e29d6bd8fe983c52e1"
x-amz-server-side-encryption
AES256
x-cache
HIT
content-type
text/javascript
accept-ranges
bytes
content-length
99861
x-cache-hits
0
e350f9f9-bf2c-4ee3-a8de-02d048a0dc10.jpg
media.supportingcast.fm/content/368/ 		234 KB
235 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.supportingcast.fm/content/368/e350f9f9-bf2c-4ee3-a8de-02d048a0dc10.jpg
Requested by
Host: duncdon.supportingcast.fm
URL: https://duncdon.supportingcast.fm/request_access
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5069ced239b3c6fa5b1cb367242242824afeaf61e024b6a7cb51c23685ca1a57

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://duncdon.supportingcast.fm/request_access
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-served-by
cache-fra-etou8220065-FRA
date
Sun, 12 May 2024 13:23:16 GMT
via
1.1 varnish
cr-x-cache
HIT
last-modified
Tue, 11 Jul 2023 16:56:22 GMT
age
446263
x-timer
S1715520197.683606,VS0,VE1
etag
"e7f32d8616d4d1427687054939a8da75"
x-amz-server-side-encryption
AES256
x-cache
HIT
content-type
image/jpeg
cache-control
max-age=604800
accept-ranges
bytes
content-length
239898
x-cache-hits
0
spin.js
media.supportingcast.fm/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://media.supportingcast.fm/js/spin.js?d=1715346507
Requested by
Host: duncdon.supportingcast.fm
URL: https://duncdon.supportingcast.fm/request_access
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fe5f5e7e72312bcccc4cb3e07f0a4f71d2b5785d28dda708ea469549f25b3853

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://duncdon.supportingcast.fm/request_access
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-served-by
cache-fra-etou8220065-FRA
date
Sun, 12 May 2024 13:23:16 GMT
via
1.1 varnish
cr-x-cache
HIT
last-modified
Fri, 10 May 2024 12:59:41 GMT
age
1398
x-timer
S1715520197.683600,VS0,VE1
etag
"9943f9004db8e4924549aea726b06bf9"
x-amz-server-side-encryption
AES256
x-cache
HIT
content-type
text/javascript
accept-ranges
bytes
content-length
3007
x-cache-hits
0
app.js
media.supportingcast.fm/js/ 		980 KB
981 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://media.supportingcast.fm/js/app.js?d=1715346507
Requested by
Host: duncdon.supportingcast.fm
URL: https://duncdon.supportingcast.fm/request_access
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9f93ddb98aded74ebb9c86bea8501752cf424a596f6d5c0284daa08e94fa4b2d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://duncdon.supportingcast.fm/request_access
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-served-by
cache-fra-etou8220065-FRA
date
Sun, 12 May 2024 13:23:16 GMT
via
1.1 varnish
cr-x-cache
HIT
last-modified
Fri, 10 May 2024 12:59:41 GMT
age
1398
x-timer
S1715520197.723284,VS0,VE1
etag
"7f900ac7b073702896d6e67866cd0922"
x-amz-server-side-encryption
AES256
x-cache
HIT
content-type
text/javascript
accept-ranges
bytes
content-length
1003601
x-cache-hits
0
livewire.min.js
duncdon.supportingcast.fm/vendor/livewire/ 		136 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://duncdon.supportingcast.fm/vendor/livewire/livewire.min.js?id=5d8beb2e
Requested by
Host: duncdon.supportingcast.fm
URL: https://duncdon.supportingcast.fm/request_access
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
17aaa7ba175c7260fbd4042e3c3794edf2206048125dd45206a37741eb9ef298
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' *.supportingcast.cc *.supportingcast.dev *.supportingcast.co *.supportingcast.fm; style-src 'self' 'unsafe-inline' *.supportingcast.biz *.supportingcast.cc *.supportingcast.co *.supportingcast.fm; font-src 'self' *.supportingcast.biz *.supportingcast.cc *.supportingcast.co *.supportingcast.fm; frame-src *.supportingcast.cc *.supportingcast.co *.supportingcast.dev *.supportingcast.fm; object-src 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://duncdon.supportingcast.fm/request_access
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' *.supportingcast.cc *.supportingcast.dev *.supportingcast.co *.supportingcast.fm; style-src 'self' 'unsafe-inline' *.supportingcast.biz *.supportingcast.cc *.supportingcast.co *.supportingcast.fm; font-src 'self' *.supportingcast.biz *.supportingcast.cc *.supportingcast.co *.supportingcast.fm; frame-src *.supportingcast.cc *.supportingcast.co *.supportingcast.dev *.supportingcast.fm; object-src 'none'
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
date
Sun, 12 May 2024 13:23:16 GMT
age
39
x-cache
MISS, HIT
content-length
139038
x-xss-protection
1; mode=block
x-served-by
cache-iad-kjyo7100099-IAD, cache-fra-etou8220065-FRA
cr-x-cache
MISS
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 10 May 2024 13:04:16 GMT
accept-ch
Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA
x-timer
S1715520197.726229,VS0,VE88
etag
"663e1b50-21f1e"
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
accept-ranges
bytes
x-cache-hits
0, 0
polyfill.min.js
polyfill-fastly.io/v3/ 		104 B
364 B 		Script
General
Check archive.org
Download Go to
Full URL
https://polyfill-fastly.io/v3/polyfill.min.js?features=Object.assign%2CString.prototype.startsWith%2Cdocument.querySelector%2CURLSearchParams%2CReflect.apply%2CElement.prototype.classList%2CElement.prototype.cloneNode%2CNumber.parseFloat%2CXMLHttpRequest%2ClocalStorage%2Chtml5shiv%2Cconsole.log%2Cconsole.error%2CSymbol.iterator%2CNodeList.prototype.%40%40iterator%2CArray.prototype.%40%40iterator%2Cfetch%2CPromise
Requested by
Host: media.supportingcast.fm
URL: https://media.supportingcast.fm/js/supportingcast_sdk.js?d=1715346507
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::347 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://duncdon.supportingcast.fm/request_access
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 13:23:16 GMT
content-encoding
br
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800, immutable
accept-ranges
none
x-served-by
cache-fra-eddf8230068-FRA
/
api.amplitude.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.amplitude.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.35.127.12 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-35-127-12.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
*/*
Access-Control-Request-Headers
cross-origin-resource-policy
Access-Control-Request-Method
POST
Origin
https://duncdon.supportingcast.fm
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
cross-origin-resource-policy
access-control-allow-methods
GET, POST
access-control-allow-origin
*
access-control-max-age
86400
content-length
0
date
Sun, 12 May 2024 13:23:17 GMT
strict-transport-security
max-age=15768000
/
api.amplitude.com/ 		7 B
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.amplitude.com/
Requested by
Host: media.supportingcast.fm
URL: https://media.supportingcast.fm/js/app.js?d=1715346507
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.35.127.12 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-35-127-12.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
Referer
https://duncdon.supportingcast.fm/request_access
Cross-Origin-Resource-Policy
cross-origin
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 12 May 2024 13:23:17 GMT
strict-transport-security
max-age=15768000
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
access-control-allow-origin
*
trace-id
Root=1-6640c2c5-24754b972cd5491e08876416
content-length
7
7e2e0e6f-1f51-4eb7-a06c-929e5fbe7022.jpg
media.supportingcast.fm/content/363/ 		73 KB
74 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://media.supportingcast.fm/content/363/7e2e0e6f-1f51-4eb7-a06c-929e5fbe7022.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
237625922af0af9a131075fefbd06bd416a93d8fac2fd850e513ab730bf1cff3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://duncdon.supportingcast.fm/request_access
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-served-by
cache-fra-etou8220065-FRA
date
Sun, 12 May 2024 13:23:16 GMT
via
1.1 varnish
cr-x-cache
HIT
last-modified
Tue, 11 Jul 2023 16:56:21 GMT
age
453351
x-timer
S1715520197.873451,VS0,VE1
etag
"3116c50dfdc9a79c1dad9624a529a7f3"
x-amz-server-side-encryption
AES256
x-cache
HIT
content-type
image/jpeg
cache-control
max-age=604800
accept-ranges
bytes
content-length
75148
x-cache-hits
0

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| gtmDataLayer function| SupportingCastSDK function| SupportingCastPaymentForm function| StripeElements object| webpackChunksupporting_cast object| __core-js_shared__ object| core function| ImageUploader object| intlTelInputGlobals number| uidEvent object| tabs function| axios function| Vue object| scNavMobile object| __AMPLITUDE__ object| amplitude object| amplitudeEventHandler object| SupportingCastApi object| ScSlugHandler object| SupportingCastS3Uploader object| spin object| amplitude_instance object| analyticsConnectorInstances object| mobileNav object| Livewire object| Alpine

3 Cookies

Domain/Path Name / Value
duncdon.supportingcast.fm/ Name: XSRF-TOKEN
Value: eyJpdiI6Ikd3SFhTcDljMWh4akY4dERCeHFjbkE9PSIsInZhbHVlIjoiZzBlRW81TXh0VE82WnhpeDhEYngvRmlVZ0JscTdqa2NmenduaitENnhEMG1zNDN6Tkk3VG1hTDdVeTFBWjd3NWRGeTRhOGY0b3l3L3AyekVZOXBGNXk3c29VUy9nRXVSdXg4TUFOYUMwUFdnaUsvdjVGWlVVaTBCMjdSYVg0dHAiLCJtYWMiOiIzNDkyYTU5ZDBlY2MxZmU0MTRlMTEyZWI2YzUyNjhmY2YyODVlYmJhNzk1MDg1YmNjNWI4ZGM2NTc4NmEzMGViIiwidGFnIjoiIn0%3D
duncdon.supportingcast.fm/ Name: laravel_session
Value: eyJpdiI6IjlRRXZ5enk5OFpSbXBBcGhGUkFTdVE9PSIsInZhbHVlIjoidWVjWUt0Vi9QalFOSjZjS1Q3YVFxbEtEaUt4RVFGSW1WVytYaXp4QnZQWnVydnZHQ0dBZlFHL0ZJUjlJOGcyRjhMS09Sc3k3SjhHdHQ1b2I0aUF5OWk4eEw4aVkveTh3Qjkwa3FVb2UyK3hmZVhSOUxHSWVxYi9HUGpLbTlhc1AiLCJtYWMiOiJlY2VhOGIwMjk3MGRhNzM5ZGI5Y2M1ZmNiZGEzM2NmMjgxZjM3YjMxMTRiYWNlNmMxNjU0YjRjZTNkOTY2MDRmIiwidGFnIjoiIn0%3D
.supportingcast.fm/ Name: amp_6045bd
Value: t7Gnjk_SJ0Q4URse0k5g6C...1htmfhk81.1htmfhk82.1.0.1

4 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: geolocation. Values defined in Permissions-Policy header will be used.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
javascript warning URL: https://media.supportingcast.fm/js/supportingcast_sdk.js?d=1715346507(Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://polyfill-fastly.io/v3/polyfill.min.js?features=Object.assign%2CString.prototype.startsWith%2Cdocument.querySelector%2CURLSearchParams%2CReflect.apply%2CElement.prototype.classList%2CElement.prototype.cloneNode%2CNumber.parseFloat%2CXMLHttpRequest%2ClocalStorage%2Chtml5shiv%2Cconsole.log%2Cconsole.error%2CSymbol.iterator%2CNodeList.prototype.%40%40iterator%2CArray.prototype.%40%40iterator%2Cfetch%2CPromise, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://media.supportingcast.fm/js/supportingcast_sdk.js?d=1715346507(Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://polyfill-fastly.io/v3/polyfill.min.js?features=Object.assign%2CString.prototype.startsWith%2Cdocument.querySelector%2CURLSearchParams%2CReflect.apply%2CElement.prototype.classList%2CElement.prototype.cloneNode%2CNumber.parseFloat%2CXMLHttpRequest%2ClocalStorage%2Chtml5shiv%2Cconsole.log%2Cconsole.error%2CSymbol.iterator%2CNodeList.prototype.%40%40iterator%2CArray.prototype.%40%40iterator%2Cfetch%2CPromise, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com data:;form-action *.supportingcast.fm docs.google.com connect.stripe.com *.supportingcast.fm;img-src * data:;media-src * data:;connect-src 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com;style-src 'unsafe-inline' 'self' api.npr.org *.amplitude.com cdn.jsdelivr.net *.stripe.com www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.googletagmanager.com *.facebook.net *.facebook.com maxcdn.bootstrapcdn.com *.mouseflow.com polyfill-fastly.io polyfill.io *.supportingcast.fm supportingcast.s3.amazonaws.com sc-uploads-prod.s3.amazonaws.com sc-uploads-prod.s3-accelerate.amazonaws.com;frame-src docs.google.com *.stripe.com www.google.com;frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block