urlscan.io logo urlscan.io
SecurityTrails logo

surveymonkey.my.salesforce-sites.com Open in urlscan Pro
23.23.213.201  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://surveymonkey.secure.force.com/pay
Effective URL: https://surveymonkey.my.salesforce-sites.com/pay
Submission: On March 18 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 23.23.213.201, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is surveymonkey.my.salesforce-sites.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 21st 2023. Valid for: a year.
This is the only time surveymonkey.my.salesforce-sites.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 3.209.240.24 14618 (AMAZON-AES)
7 23.23.213.201 14618 (AMAZON-AES)
7 1
Apex Domain
Subdomains		 Transfer
7 salesforce-sites.com
surveymonkey.my.salesforce-sites.com
270 KB
1 force.com
surveymonkey.secure.force.com
386 B
7 2
Domain Requested by
7 surveymonkey.my.salesforce-sites.com surveymonkey.my.salesforce-sites.com
1 surveymonkey.secure.force.com 1 redirects
7 2

This site contains links to these domains. Also see Links.

Domain
www.surveymonkey.com
Subject Issuer Validity Valid
sfdc-yfeipo.my.salesforce-sites.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-21 -
2024-11-21		 a year crt.sh

This page contains 1 frames:

Primary Page: https://surveymonkey.my.salesforce-sites.com/pay
Frame ID: 9C94268C3F4631386CFF6319CB69F212
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

SurveyMonkey Payment Form

Page URL History Show full URLs

  1. https://surveymonkey.secure.force.com/pay HTTP 301
    https://surveymonkey.my.salesforce-sites.com/pay Page URL

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

270 kB
Transfer

344 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://surveymonkey.secure.force.com/pay HTTP 301
    https://surveymonkey.my.salesforce-sites.com/pay Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request pay
surveymonkey.my.salesforce-sites.com/
Redirect Chain
  • https://surveymonkey.secure.force.com/pay
  • https://surveymonkey.my.salesforce-sites.com/pay
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://surveymonkey.my.salesforce-sites.com/pay
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.23.213.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-213-201.compute-1.amazonaws.com
Software
/
Resource Hash
c87cadc877adf0a4240b12fb582a1dab6d57d0a2b0477983f7f0b4826c3944d9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests frame-ancestors 'self' https://surveymonkey.lightning.force.com https://surveymonkey.vf.force.com https://surveymonkey.visualforce.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options ALLOW-FROM 'self'
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-encoding
gzip
content-security-policy
upgrade-insecure-requests frame-ancestors 'self' https://surveymonkey.lightning.force.com https://surveymonkey.vf.force.com https://surveymonkey.visualforce.com
content-type
text/html;charset=UTF-8
date
Mon, 18 Mar 2024 09:19:13 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
CP="CUR OTR STA"
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-frame-options
ALLOW-FROM 'self'
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-length
0
content-security-policy
upgrade-insecure-requests
date
Mon, 18 Mar 2024 09:19:13 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://surveymonkey.my.salesforce-sites.com/pay
strict-transport-security
max-age=63072000; includeSubDomains
stub.js
surveymonkey.my.salesforce-sites.com/pay/static/111213/js/perf/ 		1 KB
688 B 		Script
General
Check archive.org
Download Go to
Full URL
https://surveymonkey.my.salesforce-sites.com/pay/static/111213/js/perf/stub.js
Requested by
Host: surveymonkey.my.salesforce-sites.com
URL: https://surveymonkey.my.salesforce-sites.com/pay
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.23.213.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-213-201.compute-1.amazonaws.com
Software
/
Resource Hash
5830f6b53e1ea91abd5de97ef219269702f413575cfe0dd6149712d68d7d61eb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://surveymonkey.my.salesforce-sites.com/pay
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 09:19:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
last-modified
Thu, 18 Dec 2014 19:28:43 GMT
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public,max-age=10368000
accept-ranges
bytes
x-xss-protection
1; mode=block
expires
Tue, 16 Jul 2024 09:19:14 GMT
3_3_3.Finalorg.ajax4jsf.javascript.AjaxScript
surveymonkey.my.salesforce-sites.com/pay/faces/a4j/g/ 		73 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://surveymonkey.my.salesforce-sites.com/pay/faces/a4j/g/3_3_3.Finalorg.ajax4jsf.javascript.AjaxScript?rel=1710530182000
Requested by
Host: surveymonkey.my.salesforce-sites.com
URL: https://surveymonkey.my.salesforce-sites.com/pay
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.23.213.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-213-201.compute-1.amazonaws.com
Software
/
Resource Hash
e2caeb89b440c1260fd3105e4b1474666ee12ae51636e9464a962c9357043cb6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://surveymonkey.my.salesforce-sites.com/pay
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 09:19:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
last-modified
Mon, 18 Mar 2024 05:23:04 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
private,max-age=3888000
content-length
19446
x-xss-protection
1; mode=block
expires
Thu, 02 May 2024 09:19:14 GMT
main.css
surveymonkey.my.salesforce-sites.com/pay/resource/1625181324000/momentiveTOS/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://surveymonkey.my.salesforce-sites.com/pay/resource/1625181324000/momentiveTOS/main.css
Requested by
Host: surveymonkey.my.salesforce-sites.com
URL: https://surveymonkey.my.salesforce-sites.com/pay
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.23.213.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-213-201.compute-1.amazonaws.com
Software
/
Resource Hash
9ca059ac6b6270485312f4e9fdd95978d6f6d5899c7d3320e03b31b82806897d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://surveymonkey.my.salesforce-sites.com/pay
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 09:19:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
last-modified
Thu, 1 Jul 2021 23:15:24 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
p3p
CP="CUR OTR STA"
cache-control
public,max-age=3888000,immutable
content-length
3939
x-xss-protection
1; mode=block
expires
Thu, 02 May 2024 09:19:14 GMT
NetworkTracking.js
surveymonkey.my.salesforce-sites.com/pay/jslibrary/1698336665248/sfdc/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://surveymonkey.my.salesforce-sites.com/pay/jslibrary/1698336665248/sfdc/NetworkTracking.js
Requested by
Host: surveymonkey.my.salesforce-sites.com
URL: https://surveymonkey.my.salesforce-sites.com/pay
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.23.213.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-213-201.compute-1.amazonaws.com
Software
/
Resource Hash
162a48a89746944d3ba05bf21bda05a16a227f552015b39af6ad25bcc371a46f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://surveymonkey.my.salesforce-sites.com/pay
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 09:19:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
last-modified
Tue, 15 Aug 2023 06:08:05 GMT
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public,max-age=10368000
accept-ranges
bytes
x-xss-protection
1; mode=block
expires
Tue, 16 Jul 2024 09:19:14 GMT
svmklogo
surveymonkey.my.salesforce-sites.com/pay/resource/1690909785000/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://surveymonkey.my.salesforce-sites.com/pay/resource/1690909785000/svmklogo
Requested by
Host: surveymonkey.my.salesforce-sites.com
URL: https://surveymonkey.my.salesforce-sites.com/pay
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.23.213.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-213-201.compute-1.amazonaws.com
Software
/
Resource Hash
ebbae1b43f010c24f314dd7ef89a31e3fab8abc284a18ec5cc2b0484d7f35db1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://surveymonkey.my.salesforce-sites.com/pay
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 09:19:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
last-modified
Tue, 1 Aug 2023 17:09:45 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
p3p
CP="CUR OTR STA"
content-type
image/svg+xml
cache-control
public,max-age=3888000,immutable
content-length
2185
x-xss-protection
1; mode=block
expires
Thu, 02 May 2024 09:19:14 GMT
Montserrat-Regular.ttf
surveymonkey.my.salesforce-sites.com/pay/resource/1625181324000/momentiveTOS/fonts/ 		240 KB
240 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://surveymonkey.my.salesforce-sites.com/pay/resource/1625181324000/momentiveTOS/fonts/Montserrat-Regular.ttf
Requested by
Host: surveymonkey.my.salesforce-sites.com
URL: https://surveymonkey.my.salesforce-sites.com/pay/resource/1625181324000/momentiveTOS/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.23.213.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-23-213-201.compute-1.amazonaws.com
Software
/
Resource Hash
077cdab15161232a9ba7124d2ddd7a9425145750788e9a966c156cc66274f525
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://surveymonkey.my.salesforce-sites.com/pay/resource/1625181324000/momentiveTOS/main.css
Origin
https://surveymonkey.my.salesforce-sites.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Mon, 18 Mar 2024 09:19:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Thu, 1 Jul 2021 23:15:24 GMT
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
p3p
CP="CUR OTR STA"
cache-control
public,max-age=3888000,immutable
content-length
245708
x-xss-protection
1; mode=block
expires
Thu, 02 May 2024 09:19:14 GMT

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| PerfConstants object| PerfLogLevel object| Perf function| Sarissa undefined| x undefined| _SARISSA_DOM_PROGID undefined| _SARISSA_XMLHTTP_PROGID undefined| _SARISSA_DOM_XMLWRITER undefined| importTable object| A4J function| _sarissa_XMLDocument_onload object| LOG object| RichFaces object| NetworkTracking object| UITheme function| scrollFunction

6 Cookies

Domain/Path Name / Value
surveymonkey.secure.force.com/ Name: CookieConsentPolicy
Value: 0:1
surveymonkey.secure.force.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
surveymonkey.my.salesforce-sites.com/ Name: CookieConsentPolicy
Value: 0:1
surveymonkey.my.salesforce-sites.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
surveymonkey.my.salesforce-sites.com/ Name: BrowserId
Value: lnD8puUIEe6lFotYjcSR2Q
surveymonkey.my.salesforce-sites.com/ Name: BrowserId_sec
Value: lnD8puUIEe6lFotYjcSR2Q

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests frame-ancestors 'self' https://surveymonkey.lightning.force.com https://surveymonkey.vf.force.com https://surveymonkey.visualforce.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options ALLOW-FROM 'self'
X-Xss-Protection 1; mode=block