urlscan.io logo urlscan.io
SecurityTrails logo

auth-pr-30.dev.path.co.uk Open in urlscan Pro
13.225.73.77  Public Scan

Go To Rescan Add Verdict Report
URL: https://auth-pr-30.dev.path.co.uk/
Submission: On September 24 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 13.225.73.77, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is auth-pr-30.dev.path.co.uk.
TLS certificate: Issued by Amazon on September 24th 2020. Valid for: a year.
This is the only time auth-pr-30.dev.path.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 13.225.73.77 16509 (AMAZON-02)
4 1
Apex Domain
Subdomains		 Transfer
4 path.co.uk
auth-pr-30.dev.path.co.uk
75 KB
4 1
Domain Requested by
4 auth-pr-30.dev.path.co.uk auth-pr-30.dev.path.co.uk
4 1

This site contains no links.

Subject Issuer Validity Valid
auth-pr-30.dev.path.co.uk
Amazon		 2020-09-24 -
2021-10-24		 a year crt.sh

This page contains 1 frames:

Primary Page: https://auth-pr-30.dev.path.co.uk/
Frame ID: 4C0706F20362CD90718503D12FC8BE3F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

75 kB
Transfer

208 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
auth-pr-30.dev.path.co.uk/ 		753 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth-pr-30.dev.path.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.73.77 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-73-77.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cbcea8d352233a58d8f22b925f2456dc8da58e07f905725e649b899039f3f911
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.survicate.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://cdn.segment.com https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' blob:; object-src 'none'; font-src 'self' https://*.survicate.com; connect-src 'self' https://sentry.io https://*.mentor.co.uk https://*.amazonaws.com https://*.twilio.com wss://*.twilio.com https://*.segment.com https://api.segment.io https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; form-action 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
auth-pr-30.dev.path.co.uk
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
content-type
text/html
content-length
753
date
Thu, 24 Sep 2020 13:25:06 GMT
last-modified
Thu, 24 Sep 2020 13:24:26 GMT
etag
"4bc528df9dfab071a6d0ce52f45cdc2c"
x-amz-server-side-encryption
AES256
cache-control
max-age=3600
x-amz-version-id
pR0LXsh1ooBLzBhKDVI9HuEpeoUQSj9G
accept-ranges
bytes
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'none'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.survicate.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://cdn.segment.com https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' blob:; object-src 'none'; font-src 'self' https://*.survicate.com; connect-src 'self' https://sentry.io https://*.mentor.co.uk https://*.amazonaws.com https://*.twilio.com wss://*.twilio.com https://*.segment.com https://api.segment.io https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; form-action 'self'
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
referrer-policy
same-origin
x-cache
Miss from cloudfront
via
1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
6t8JUJHWlIjpEXFWE8Sk-j6FtuhkTjUgeCDsgAWRZN44dJfItnGPRQ==
runtime.365178a7a0f8f038a0f1.js
auth-pr-30.dev.path.co.uk/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth-pr-30.dev.path.co.uk/runtime.365178a7a0f8f038a0f1.js
Requested by
Host: auth-pr-30.dev.path.co.uk
URL: https://auth-pr-30.dev.path.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.73.77 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-73-77.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f97d2a761d56ffcf8f39c9cb39aad0d4cd20ab4ad274527c4228a817d3885fd9
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.survicate.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://cdn.segment.com https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' blob:; object-src 'none'; font-src 'self' https://*.survicate.com; connect-src 'self' https://sentry.io https://*.mentor.co.uk https://*.amazonaws.com https://*.twilio.com wss://*.twilio.com https://*.segment.com https://api.segment.io https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; form-action 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Origin
https://auth-pr-30.dev.path.co.uk
Referer
https://auth-pr-30.dev.path.co.uk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Sep 2020 13:25:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 24 Sep 2020 13:24:26 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"a376e2fb52031f0022ae7f58c846f5fc"
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-amz-version-id
K5XPB5Ml1sXHoL2qhW8_upim.dfF2zMD
via
1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.survicate.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://cdn.segment.com https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' blob:; object-src 'none'; font-src 'self' https://*.survicate.com; connect-src 'self' https://sentry.io https://*.mentor.co.uk https://*.amazonaws.com https://*.twilio.com wss://*.twilio.com https://*.segment.com https://api.segment.io https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; form-action 'self'
content-type
application/javascript
x-amz-cf-id
_YlYdup86Rq8RHNRlr9I03yoHvj_NKiIGttcLEitek0w1qkFV_f4Cg==
polyfills.9ac76baddaf82dc5e802.esm.js
auth-pr-30.dev.path.co.uk/ 		80 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth-pr-30.dev.path.co.uk/polyfills.9ac76baddaf82dc5e802.esm.js
Requested by
Host: auth-pr-30.dev.path.co.uk
URL: https://auth-pr-30.dev.path.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.73.77 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-73-77.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
91a1809a22612c4d6f40cbc0af4f9067fa112be1d01034819da18aa48d85faae
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.survicate.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://cdn.segment.com https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' blob:; object-src 'none'; font-src 'self' https://*.survicate.com; connect-src 'self' https://sentry.io https://*.mentor.co.uk https://*.amazonaws.com https://*.twilio.com wss://*.twilio.com https://*.segment.com https://api.segment.io https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; form-action 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Origin
https://auth-pr-30.dev.path.co.uk
Referer
https://auth-pr-30.dev.path.co.uk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Sep 2020 13:25:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 24 Sep 2020 13:24:26 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"48dd8d4d64ff2e0a2186cdd5789c267a"
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-amz-version-id
0EqEXdd3UmVnUwGiiJQi0xr3942QaHMN
via
1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.survicate.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://cdn.segment.com https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' blob:; object-src 'none'; font-src 'self' https://*.survicate.com; connect-src 'self' https://sentry.io https://*.mentor.co.uk https://*.amazonaws.com https://*.twilio.com wss://*.twilio.com https://*.segment.com https://api.segment.io https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; form-action 'self'
content-type
application/javascript
x-amz-cf-id
idlha-k9mkdkuk_N5tELhCBDV3nOLF-Fb6RXaXBIkXq6Wuo1H3O_sw==
main.c1fc168fe229efbbc4a3.esm.js
auth-pr-30.dev.path.co.uk/ 		126 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth-pr-30.dev.path.co.uk/main.c1fc168fe229efbbc4a3.esm.js
Requested by
Host: auth-pr-30.dev.path.co.uk
URL: https://auth-pr-30.dev.path.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.73.77 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-73-77.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b062a9902dda9cfc0d77f33def745a08d13484d9c23307f782aa27533dca5d81
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.survicate.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://cdn.segment.com https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' blob:; object-src 'none'; font-src 'self' https://*.survicate.com; connect-src 'self' https://sentry.io https://*.mentor.co.uk https://*.amazonaws.com https://*.twilio.com wss://*.twilio.com https://*.segment.com https://api.segment.io https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; form-action 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Origin
https://auth-pr-30.dev.path.co.uk
Referer
https://auth-pr-30.dev.path.co.uk/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Sep 2020 13:25:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 24 Sep 2020 13:24:26 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"154cd69a1462f270ea55deacc1e3dbe0"
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-amz-version-id
xlB5vxz_wuwVD_nuVeDY2B8LUEakq7xL
via
1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
cache-control
max-age=3600
content-security-policy
default-src 'none'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.survicate.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://cdn.segment.com https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' blob:; object-src 'none'; font-src 'self' https://*.survicate.com; connect-src 'self' https://sentry.io https://*.mentor.co.uk https://*.amazonaws.com https://*.twilio.com wss://*.twilio.com https://*.segment.com https://api.segment.io https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; form-action 'self'
content-type
application/javascript
x-amz-cf-id
2dbeFom2NQb6LfyLNkqoZbmdjJPSxSdQbevE1LxcvXS89M3EOLv86A==

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| webpackJsonp function| setImmediate function| clearImmediate

0 Cookies

1 Console Messages

Source Level URL
Text
console-api log URL: https://auth-pr-30.dev.path.co.uk/main.c1fc168fe229efbbc4a3.esm.js(Line 2)
Message:
config [object Object]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.survicate.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://cdn.segment.com https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' blob:; object-src 'none'; font-src 'self' https://*.survicate.com; connect-src 'self' https://sentry.io https://*.mentor.co.uk https://*.amazonaws.com https://*.twilio.com wss://*.twilio.com https://*.segment.com https://api.segment.io https://*.fullstory.com https://*.ravenjs.com https://*.survicate.com https://*.newrelic.com https://*.nr-data.net; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com; form-action 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block