urlscan.io logo urlscan.io
SecurityTrails logo

app.govierates.com Open in urlscan Pro
20.119.136.13  Public Scan

Go To Rescan Add Verdict Report
URL: https://app.govierates.com/
Submission: On April 26 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 4 domains to perform 17 HTTP transactions. The main IP is 20.119.136.13, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is app.govierates.com.
TLS certificate: Issued by GeoTrust Global TLS RSA4096 SHA256 20... on April 10th 2024. Valid for: 6 months.
This is the only time app.govierates.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 20.119.136.13 8075 (MICROSOFT...)
17 2
Apex Domain
Subdomains		 Transfer
13 govierates.com
app.govierates.com
3 MB
0 cloudflare.com Failed
cdnjs.cloudflare.com Failed
0 azure.com Failed
js.monitor.azure.com Failed
0 bootstrapcdn.com Failed
stackpath.bootstrapcdn.com Failed
17 4
Domain Requested by
13 app.govierates.com app.govierates.com
0 cdnjs.cloudflare.com Failed app.govierates.com
0 js.monitor.azure.com Failed app.govierates.com
0 stackpath.bootstrapcdn.com Failed app.govierates.com
17 4

This site contains no links.

Subject Issuer Validity Valid
app.govierates.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2024-04-10 -
2024-10-10		 6 months crt.sh

This page contains 1 frames:

Primary Page: https://app.govierates.com/
Frame ID: D2DFEDFF1998BEBE5223FA4EA38A1B8F
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Home Page - QuickBooks_W2 Sample

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

17
Requests

76 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

2
IPs

1
Countries

2670 kB
Transfer

2661 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
app.govierates.com/ 		9 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
9d7adf665a3706621600e40dbbba8884996922a75e0b495ff88f82e788db0ae9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Content-Type
text/html; charset=utf-8
Date
Fri, 26 Apr 2024 10:07:35 GMT
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
Server
Kestrel
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
X-Frame-Options
DENY
jquery-ui.min.css
app.govierates.com/lib/jquery-ui-1.13.2/dist/css/ 		31 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.govierates.com/lib/jquery-ui-1.13.2/dist/css/jquery-ui.min.css?v=Els0hoF6_l1WxcZEDh4lQsp7EqyeeYXMHCWyv6SdmX0
Requested by
Host: app.govierates.com
URL: https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
125b3486817afe5d56c5c6440e1e2542ca7b12ac9e7985cc1c25b2bfa49d997d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:35 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d273ca82"
X-Frame-Options
DENY
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
32130
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
all.min.css
app.govierates.com/plugins/fontawesome-free/css/ 		58 KB
59 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.govierates.com/plugins/fontawesome-free/css/all.min.css
Requested by
Host: app.govierates.com
URL: https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:36 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d27350a9"
X-Frame-Options
DENY
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
59305
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
adminlte.min.css
app.govierates.com/Theme/dist/css/ 		1 MB
1 MB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.govierates.com/Theme/dist/css/adminlte.min.css
Requested by
Host: app.govierates.com
URL: https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
ae1534a2c9540d6ad60f14d8e09c48d9ad8e751b46ed849fdefe737116dcc921
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:36 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d266e70b"
X-Frame-Options
DENY
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
1396747
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
site.css
app.govierates.com/css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.govierates.com/css/site.css
Requested by
Host: app.govierates.com
URL: https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
a9a5f8d59eb68d779a2f9afc6e7cd4f46b5a3bff990d42f37e72c7cefa6347bd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:36 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d273b386"
X-Frame-Options
DENY
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
1158
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
jquery-ui.min.js
app.govierates.com/lib/jquery-ui-1.13.2/dist/Js/ 		249 KB
250 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.govierates.com/lib/jquery-ui-1.13.2/dist/Js/jquery-ui.min.js?v=lSjKY0_srUM9BE3dPm-c4fBo1dky2v27Gdjm2uoZaL0
Requested by
Host: app.govierates.com
URL: https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:36 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d270536c"
X-Frame-Options
DENY
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
255084
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
site.js
app.govierates.com/js/ 		226 B
992 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.govierates.com/js/site.js?v=BxFAw9RUJ1E4NycpKEjCNDeoSvr4RPHixdBq5wDnkeY
Requested by
Host: app.govierates.com
URL: https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e03b397a81c986a9c9b1c0f14e69eef69ee6f45efee41b9c31a7912eaad1be76
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:36 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d273b7e2"
X-Frame-Options
DENY
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
226
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
Left_Aligned-removed-bg-hi-res.png
app.govierates.com/Images/ 		629 KB
630 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.govierates.com/Images/Left_Aligned-removed-bg-hi-res.png
Requested by
Host: app.govierates.com
URL: https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
3ef7b743e17713da5c1ac442988af285c5283a02147e7b44e185723544304c44
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:36 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d27a64d3"
X-Frame-Options
DENY
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
644051
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
Sign_in_blue_btn_tall_default.png
app.govierates.com/Images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.govierates.com/Images/Sign_in_blue_btn_tall_default.png
Requested by
Host: app.govierates.com
URL: https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
d88aedc45dfd8c527b79785ec87a9ccb8bdfad57848d8535e54a79ee79360a42
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:36 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d273bf9f"
X-Frame-Options
DENY
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
2207
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/ 		0
0
bootstrap.min.css
app.govierates.com/lib/bootstrap/dist/css/ 		152 KB
153 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.govierates.com/lib/bootstrap/dist/css/bootstrap.min.css
Requested by
Host: app.govierates.com
URL: https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Origin
https://app.govierates.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:36 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d271d76e"
X-Frame-Options
DENY
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
155758
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
ai.2.min.js
js.monitor.azure.com/scripts/b/ 		0
0
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ 		0
0
jquery.min.js
app.govierates.com/lib/jquery/dist/ 		85 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.govierates.com/lib/jquery/dist/jquery.min.js
Requested by
Host: app.govierates.com
URL: https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Origin
https://app.govierates.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:38 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d272e48f"
X-Frame-Options
DENY
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
86927
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
bootstrap.bundle.min.js
stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/ 		0
0
bootstrap.bundle.min.js
app.govierates.com/lib/bootstrap/dist/js/ 		77 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.govierates.com/lib/bootstrap/dist/js/bootstrap.bundle.min.js
Requested by
Host: app.govierates.com
URL: https://app.govierates.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Origin
https://app.govierates.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:38 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d272842b"
X-Frame-Options
DENY
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
78635
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5
gr_favicon_svg.svg
app.govierates.com/Images/ 		3 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://app.govierates.com/Images/gr_favicon_svg.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.119.136.13 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
3ee626069c0af78079aa45fa3ca6ba73ca3ca5fa9504632df4e8c10dac09bcbb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://app.govierates.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 26 Apr 2024 10:07:38 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Last-Modified
Wed, 10 Apr 2024 15:14:46 GMT
Server
Kestrel
ETag
"1da8b59d273bcbe"
X-Frame-Options
DENY
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
3006
Request-Context
appId=cid-v1:e67121f5-c2fe-435b-8c81-454ecebf3ca5

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
stackpath.bootstrapcdn.com
URL
https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
Domain
js.monitor.azure.com
URL
https://js.monitor.azure.com/scripts/b/ai.2.min.js
Domain
cdnjs.cloudflare.com
URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Domain
stackpath.bootstrapcdn.com
URL
https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.bundle.min.js

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| appInsights function| $ function| jQuery object| bootstrap

0 Cookies

6 Console Messages

Source Level URL
Text
security error URL: https://app.govierates.com/(Line 10)
Message:
Refused to load the stylesheet 'https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security error URL: https://app.govierates.com/(Line 18)
Message:
Refused to load the script 'https://js.monitor.azure.com/scripts/b/ai.2.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://app.govierates.com/
Message:
Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://app.govierates.com/(Line 18)
Message:
Refused to connect to 'https://eastus2-3.in.applicationinsights.azure.com//v2/track' because it violates the following Content Security Policy directive: "connect-src 'self' wss://localhost:*".
javascript error URL: https://app.govierates.com/(Line 18)
Message:
Refused to connect to 'https://eastus2-3.in.applicationinsights.azure.com//v2/track' because it violates the document's Content Security Policy.
security error URL: https://app.govierates.com/
Message:
Refused to load the script 'https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.bundle.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' *.stripe.com *.broadly.com *.monday.com; connect-src 'self' wss://localhost:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.broadly.com *.monday.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.monday.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options DENY