urlscan.io logo urlscan.io
SecurityTrails logo

web.step.app Open in urlscan Pro
2606:4700:20::681a:7  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://app.step.app/
Effective URL: https://web.step.app/
Submission: On May 21 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 4 countries across 8 domains to perform 29 HTTP transactions. The main IP is 2606:4700:20::681a:7, located in United States and belongs to CLOUDFLARENET, US. The main domain is web.step.app.
TLS certificate: Issued by GTS CA 1P5 on April 14th 2024. Valid for: 3 months.
This is the only time web.step.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 12 2606:4700:20:... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 34.36.42.172 396982 (GOOGLE-CL...)
7 104.18.28.104 13335 (CLOUDFLAR...)
2 2001:4860:480... 15169 (GOOGLE)
1 172.217.16.138 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.250.186.35 15169 (GOOGLE)
29 11
12    2606:4700:20::681a:7 (United States)

ASN13335 (CLOUDFLARENET, US)
app.step.app
web.step.app
3    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebase.googleapis.com
1    34.36.42.172 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 172.42.36.34.bc.googleusercontent.com
cdn.step.app
7    104.18.28.104 (None, )

ASN13335 (CLOUDFLARENET, US)
client.crisp.chat
image.crisp.chat
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
region1.analytics.google.com
1    172.217.16.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f10.1e100.net
firebaseinstallations.googleapis.com
1    2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com
1    2a00:1450:400c:c0d::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net
www.google.de
Apex Domain
Subdomains		 Transfer
13 step.app
app.step.app
web.step.app
cdn.step.app
23 MB
7 crisp.chat
client.crisp.chat — Cisco Umbrella Rank: 18903
image.crisp.chat — Cisco Umbrella Rank: 66278
165 KB
4 googleapis.com
firebase.googleapis.com — Cisco Umbrella Rank: 3849
firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 566
941 B
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
279 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 7810
63 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 89
243 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3095
54 B
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2533
252 B
29 8
Domain Requested by
11 web.step.app 1 redirects web.step.app
6 client.crisp.chat web.step.app
client.crisp.chat
3 www.googletagmanager.com web.step.app
www.googletagmanager.com
2 firebaseinstallations.googleapis.com web.step.app
2 firebase.googleapis.com web.step.app
1 image.crisp.chat
1 www.google.de web.step.app
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 region1.google-analytics.com www.googletagmanager.com
1 cdn.step.app web.step.app
1 app.step.app 1 redirects
29 12

This site contains links to these domains. Also see Links.

Domain
step.app
Subject Issuer Validity Valid
step.app
GTS CA 1P5		 2024-04-14 -
2024-07-13		 3 months crt.sh
*.google-analytics.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
upload.video.google.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
cdn.step.app
WR3		 2024-05-16 -
2024-08-14		 3 months crt.sh
crisp.chat
E1		 2024-04-05 -
2024-07-04		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.google.de
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://web.step.app/
Frame ID: 9D61C8D6BC29586D92D83251DC22DEAC
Requests: 26 HTTP requests in this frame

Frame: https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
Frame ID: 1EEFA2729F5E671A186628658776532D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Step App | Web

Page URL History Show full URLs

  1. http://app.step.app/ HTTP 307
    https://app.step.app/ HTTP 301
    https://web.step.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

29
Requests

97 %
HTTPS

60 %
IPv6

8
Domains

12
Subdomains

11
IPs

4
Countries

24341 kB
Transfer

26602 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.step.app/ HTTP 307
    https://app.step.app/ HTTP 301
    https://web.step.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
web.step.app/
Redirect Chain
  • http://app.step.app/
  • https://app.step.app/
  • https://web.step.app/
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7852c6d1e0dcbcd71fc19dbf3071793259c36e478cf535956d98e1dff4ce3920
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
cache-control
max-age=60, stale-while-revalidate=3600
cdn-cache
REVALIDATED
cdn-cachedat
05/18/2024 10:43:13
cdn-edgestorageid
1082
cdn-proxyver
1.04
cdn-pullzone
972527
cdn-requestcountrycode
DE
cdn-requestid
8f0e41998bc93e2ec6867c89eb499c9d
cdn-requestpullcode
200
cdn-requestpullsuccess
True
cdn-status
200
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cf-cache-status
DYNAMIC
cf-ray
8877bd7a9b62bb83-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Tue, 21 May 2024 21:43:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b8sIlhBPvxW%2FxKWXWcvcdL9woo0NPeGSppdgGNUHe0U71fDfaHtOoDmIvMGONB3LyjSmGFObFSbve2WvuleePloo7eUF%2F0OFUDboKHUwS90kmBCrbVTrVIKPprYcQpPdCwjcWZBH08%2BPWA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-cache-status
MISS
x-content-type-options
nosniff
x-ipfs-path
/ipfs/bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq/
x-ipfs-roots
bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq
x-request-id
a5bba991fad912f30ddd0b40c16ab915
x-xss-protection
0

Redirect headers

cache-control
max-age=3600
cf-ray
8877bd79da98bb83-FRA
content-length
167
content-type
text/html
date
Tue, 21 May 2024 21:43:06 GMT
expires
Tue, 21 May 2024 22:43:06 GMT
location
https://web.step.app
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PajuDZsNPI7HDqe4uhHFF9FlszdRS8sYWCPV2L3PV2nx9W7OKd3E8zpbWfJd6wpdebE1%2FJ4acE003qDmpwifSRoOICMUzeag7TrmqiwlI8Hi1MNh%2FF0Pd5tTtGF17YQa8aRA8CcWcz%2FgPg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
index-40b78a73.js
web.step.app/assets/ 		1 MB
442 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-40b78a73.js
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5bf975af61eae01950eb9b0696ff3010267c88d6da948d6aeb9b908a80fbfc85
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Origin
https://web.step.app
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq,QmZeAEQFcNCrwMwoETNv4EssXwkb7eqi5VnNAFWy5DEjiZ,QmYqbm5PbSfFouJN3RKBCYN5cL8k7g7fq54nWqht3ewYV8
etag
W/"QmYqbm5PbSfFouJN3RKBCYN5cL8k7g7fq54nWqht3ewYV8"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq/assets/index-40b78a73.js
cdn-requestcountrycode
DE
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
date
Tue, 21 May 2024 21:43:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
1081
x-cache-status
MISS
cdn-cachedat
05/02/2024 15:57:08
x-xss-protection
0
x-request-id
d62ce21356a90d50adf05e51e68f0e92
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G4Y7dzNpLX%2FZbhLSKXK%2BTf7z01YEMfNglf3wxizwC%2BS51CS6jdfJbHFnChgjztl6lyHBNZYZ4ZX%2BJL63zQnfuv%2FNZ8xcNk%2BRYCWyVLtNnvJY%2BEN3yjJHd1%2Fc6WbMJgraPkDm%2F0DK27CLBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
dba0b37654b0a4ee58757b1876a85e75
cf-ray
8877bd7b3c0ebb83-FRA
cdn-status
200
cdn-requestpullsuccess
True
index-ae585b0b.js
web.step.app/assets/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-ae585b0b.js
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Origin
https://web.step.app
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeifewb3mmnkvatgaelypizb6wnn6k5tbzjlqbxpum2en3iovv7jqw4,QmWxp2cWboBuMHdZUEiJ4j2p56Qx61WU7CrbLUPtbUWYKC,QmWgomjk9TL6qcADTs9iqUYa7KK4x8ZhFPCKVPUvRNYvhX
etag
W/"QmWgomjk9TL6qcADTs9iqUYa7KK4x8ZhFPCKVPUvRNYvhX"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeifewb3mmnkvatgaelypizb6wnn6k5tbzjlqbxpum2en3iovv7jqw4/assets/index-ae585b0b.js
cdn-requestcountrycode
DE
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
date
Tue, 21 May 2024 21:43:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
1080
x-cache-status
MISS
cdn-cachedat
03/20/2024 14:15:28
x-xss-protection
0
x-request-id
a18050e189879a1ab6846d900fcf85b9
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BnnyBEnEaEoCCT6BDjRU8VPAtlI8ZCxiyKqyDO6fwqlMEm72IWyLwxwp3e8HQ3YVrDb7RGGFwCt8%2ByN52NszDaW0WYbklv0OJCcGW7LgI%2Bsm6fSdDL5ZfqRqVKYh6SdaVK6lSXN2Y7Gf6w%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
56e2b49dc1e97e405c26af682c85008b
cf-ray
8877bd7b3c0fbb83-FRA
cdn-status
200
cdn-requestpullsuccess
True
index-9b097a67.css
web.step.app/assets/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-9b097a67.css
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b097a67faef1025bf62951c36e586916f2ed519cadb4c1cd0f47c3653e67e57
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq,QmZeAEQFcNCrwMwoETNv4EssXwkb7eqi5VnNAFWy5DEjiZ,QmVSieWYVnZ1KfBYTLLyW5KRqC37mDarmpeqAZ5fh3KAkr
etag
W/"QmVSieWYVnZ1KfBYTLLyW5KRqC37mDarmpeqAZ5fh3KAkr"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq/assets/index-9b097a67.css
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date
Tue, 21 May 2024 21:43:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
1080
x-cache-status
MISS
cdn-cachedat
05/02/2024 16:08:05
x-xss-protection
0
x-request-id
1dba195bfe25b810b20d7e22480167ac
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ron6NQehxjUZXiPFyrOfYImmsWl7P8SB3E6CZYCh1ZRU6xQO3OwgEM17CpNSF1gAetm2ObrLSVUHL3nwrJawUMLXken%2F6CpSOJuD1Mkwg32xQOFgqtxY7dv1zNLEHjRNghZyrDxgGcD3FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
0076c1c7cfa3f38e9856cda9680a0d92
cf-ray
8877bd7b3c0cbb83-FRA
cdn-status
200
cdn-requestpullsuccess
True
js
www.googletagmanager.com/gtag/ 		302 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-3766Q8BJM3
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8940e2087e3f8ee424412c8d3141f9eaf79298056db15f6ab2ba5e031457a0f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
102404
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 21 May 2024 21:43:06 GMT
main.js
web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/ Frame 1EEF
Redirect Chain
  • https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Server
2606:4700:20::681a:7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f3057cdec6157e48f1ce2f2d97b9593e24085f38ee901208448df09a39e0fc5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Tue, 21 May 2024 21:43:07 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hlnfp8QGcBCbBgaprYt5FnHLKvN047XeM43c%2FYrIK4tRAORaJiyTdPqEqQIpVyg2pxVuqvt%2BxufZjnpVhVHB1E8dFtsFgzs5ow2nxhNwma0WVSAEl6InZbcDjXOGqocQ%2BGiSpn%2FEqZ6DVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
8877bd7d9ecfbb83-FRA

Redirect headers

date
Tue, 21 May 2024 21:43:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzNk00rQsrBKrXAR%2Bt1GZzICZ%2B1WnOUZEBFeZMurSLbVLpdptu4JpeErqs03NLXGWskvVTQUlpIfrmloMNOt2X04nmuYYLRPQgNHv88wsdKuf3UneK80%2FUI6KncqwXlw81mmMioCmvWH2w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
cache-control
max-age=300, public
cf-ray
8877bd7d0e42bb83-FRA
content-length
0
SignIn-f70a48f6.js
web.step.app/assets/ 		744 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SignIn-f70a48f6.js
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-40b78a73.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce30c3cb36036aebaf99f12876df6fc5b5aa2d90add060b31eecbeaf235897ed
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://web.step.app
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq,QmZeAEQFcNCrwMwoETNv4EssXwkb7eqi5VnNAFWy5DEjiZ,QmPU4HCjyYxwtwedD8kfVjLSdjJSRgfc8vecjYMRc1cKj6
etag
W/"QmPU4HCjyYxwtwedD8kfVjLSdjJSRgfc8vecjYMRc1cKj6"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq/assets/SignIn-f70a48f6.js
cdn-requestcountrycode
DE
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
date
Tue, 21 May 2024 21:43:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
1080
x-cache-status
MISS
cdn-cachedat
05/02/2024 16:08:07
x-xss-protection
0
x-request-id
8016d785c23cf7bde7020ac61dabc5c6
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AFpuoPfWBMEvf2YOPNz%2FsRgqkzKNcKHNZOq%2FRC46ubZrbB6Vg61SFOIdtcmRqauJBqAw2Y8QsheOfjRUcukrxk7jeqVa%2FyUWrnkkIHDk%2Bwj3W4438VJa680k59nZvIerl1XBtTX77k0IQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
91b7d94874989f7ce642780e218a9dfe
cf-ray
8877bd7d4e79bb83-FRA
cdn-status
200
cdn-requestpullsuccess
True
SignIn-8f0ff971.css
web.step.app/assets/ 		255 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SignIn-8f0ff971.css
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-40b78a73.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq,QmZeAEQFcNCrwMwoETNv4EssXwkb7eqi5VnNAFWy5DEjiZ,QmZKu1StPwUJ15tQWV822NXxcvGUBLgBkjx3RcLsURJyM6
etag
W/"QmZKu1StPwUJ15tQWV822NXxcvGUBLgBkjx3RcLsURJyM6"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq/assets/SignIn-8f0ff971.css
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date
Tue, 21 May 2024 21:43:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
1079
x-cache-status
MISS
cdn-cachedat
05/02/2024 16:08:07
x-xss-protection
0
x-request-id
2e0891788ea7da007a6e3476d77625af
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pDk3pPmCOekEZspxA8%2BUuzx0ZZ5xhirj49yi0N5KgyjEXfsp9exOwYdKkb%2FRJ%2FnjsIwAuDJH6uonCZXcR3M5yZ8OsZOnB1FZ8ymw9xcdtJAxbJgbOZAFsiPlQnhllo3Mn5lRFuOQiZN0ew%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
ad9d30dd4f66fc17f500dd0a0f44ade3
cf-ray
8877bd7d4e77bb83-FRA
cdn-status
200
cdn-requestpullsuccess
True
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ 		355 B
428 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/webConfig
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-40b78a73.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
accept
application/json
Referer
https://web.step.app/
x-goog-api-key
AIzaSyD8XRCLUrS4ypRFN6Oubg0nfxNrECVmbWQ
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://web.step.app
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
238
x-xss-protection
0
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/webConfig
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-api-key
Access-Control-Request-Method
GET
Origin
https://web.step.app
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://web.step.app
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Tue, 21 May 2024 21:43:07 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
statics.json
cdn.step.app/statics/latest/ 		23 MB
23 MB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.step.app/statics/latest/statics.json
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-40b78a73.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.42.172 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
172.42.36.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 20:40:17 GMT
age
3770
x-guploader-uploadid
ABPtcPrcBnjYOsaCFYU4WVmQOjnrpD-N0cF9QuCux59r9ieKkcEKI3_FfT8sweX_QxmPsa9vZU0
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23924430
last-modified
Thu, 02 May 2024 10:32:38 GMT
server
UploadServer
etag
"51d53d733f2728266bead18da6a3148c"
x-goog-generation
1714645958092131
x-goog-hash
crc32c=z5OqXw==, md5=UdU9cz8nKCZr6tGNpqMUjA==
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public,max-age=3600
x-goog-stored-content-length
23924430
accept-ranges
bytes
content-type
application/json
l.js
client.crisp.chat/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://client.crisp.chat/l.js
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-40b78a73.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.28.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbcf1788b72ba5a100c4899d5a7c92735474dde494f17da40530ce8d102f63e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
33330
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 24 Aug 2023 11:12:52 GMT
server
cloudflare
etag
W/"64e73b34-205d"
access-control-max-age
300
access-control-allow-methods
HEAD, GET, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
access-control-allow-credentials
false
vary
Accept-Encoding
cf-ray
8877bd7dce62349d-WAW
access-control-allow-headers
Content-Type, Origin
expires
Wed, 22 May 2024 21:43:07 GMT
SFMono-Bold-87372509.woff2
web.step.app/assets/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SFMono-Bold-87372509.woff2
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-9b097a67.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/assets/index-9b097a67.css
Origin
https://web.step.app
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq,QmZeAEQFcNCrwMwoETNv4EssXwkb7eqi5VnNAFWy5DEjiZ,QmRUJyHLiehuBNz86sjjhMESnYRHmPwfCLGUTVr1oLXYHe
etag
"QmRUJyHLiehuBNz86sjjhMESnYRHmPwfCLGUTVr1oLXYHe"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq/assets/SFMono-Bold-87372509.woff2
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date
Tue, 21 May 2024 21:43:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
1080
x-cache-status
MISS
cdn-cachedat
05/15/2024 19:10:32
content-length
44888
x-xss-protection
0
x-request-id
09631d57e7d60ea41b4334bc8411a988
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aLsaB2%2FODH%2BYRGDzNDd6K5MIQItrTa7ExWfXGQjENes3UbVb5gXjmVFbcEbjHqrgkVwmy4wxoAG3h83sbG96eO%2FX%2FmHzK63bKcu3J9GGZG%2BQVOw%2B7GrOqhV1VNMvDvALyh%2BY2k6%2FVmwp4g%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
2b5befd9ca031e9fbece64612012f5e6
accept-ranges
bytes
cf-ray
8877bd7d9ed1bb83-FRA
cdn-status
200
cdn-requestpullsuccess
True
collect
region1.google-analytics.com/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-3766Q8BJM3&gtm=45je45f0v9165619434za200&_p=1716327786818&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=2141134537.1716327787&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.207%7CGoogle%2520Chrome%3B124.0.6367.207%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1716327787&sct=1&seg=0&dl=https%3A%2F%2Fweb.step.app%2F&dt=Step%20App%20%7C%20Web&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=760
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3766Q8BJM3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 21 May 2024 21:43:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ 		625 B
513 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/installations
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-40b78a73.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f10.1e100.net
Software
ESF /
Resource Hash
092dab1f1b7d58c44907495e3cd17d025cf93a8a179a47ca18071b67baafcc37
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
x-firebase-client
eyJ2ZXJzaW9uIjoyLCJoZWFydGJlYXRzIjpbeyJhZ2VudCI6ImZpcmUtY29yZS8wLjkuMCBmaXJlLWNvcmUtZXNtMjAxNy8wLjkuMCBmaXJlLWpzLyBmaXJlLWlpZC8wLjYuMCBmaXJlLWlpZC1lc20yMDE3LzAuNi4wIGZpcmUtYW5hbHl0aWNzLzAuOS4wIGZpcmUtYW5hbHl0aWNzLWVzbTIwMTcvMC45LjAgZmlyZS1qcy1hbGwtYXBwLzkuMTUuMCIsImRhdGVzIjpbIjIwMjQtMDUtMjEiXX1dfQ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type
application/json
accept
application/json
Referer
https://web.step.app/
x-goog-api-key
AIzaSyD8XRCLUrS4ypRFN6Oubg0nfxNrECVmbWQ
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://web.step.app
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
490
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/installations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-firebase-client,x-goog-api-key
Access-Control-Request-Method
POST
Origin
https://web.step.app
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-firebase-client,x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://web.step.app
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Tue, 21 May 2024 21:43:07 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
8877bd7a9b62bb83
web.step.app/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 1EEF 		0
552 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.step.app/cdn-cgi/challenge-platform/h/b/jsd/r/8877bd7a9b62bb83
Requested by
Host: web.step.app
URL: https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 21 May 2024 21:43:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
8877bd7e3f76bb83-FRA
content-length
0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tSmT0IQtH2gN2%2BDObxURRAevjP7sFzr4KW%2FXx1dk69ngDZrjBiOsH%2FzgkPJaKr1uS0L7ibWUIWQ1%2BfpevKaEYiX6sWcPpgbYQDc67SsRMF3Y6wwVCbu9FdskML8ywdgthqAJW5BcWmlww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
client.js
client.crisp.chat/static/javascripts/ 		413 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://client.crisp.chat/static/javascripts/client.js?9e7cb0c
Requested by
Host: client.crisp.chat
URL: https://client.crisp.chat/l.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.28.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
655253c4f1aa7cde5800020ba66c0612c3fba93fb5882775c0ce60a5c7955a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
33329
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 24 Aug 2023 11:12:52 GMT
server
cloudflare
etag
W/"64e73b34-6736b"
access-control-max-age
300
access-control-allow-methods
HEAD, GET, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=315360000
access-control-allow-credentials
false
vary
Accept-Encoding
cf-ray
8877bd7e4ef1349d-WAW
access-control-allow-headers
Content-Type, Origin
expires
Fri, 19 May 2034 21:43:07 GMT
client_default.css
client.crisp.chat/static/stylesheets/ 		362 KB
49 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://client.crisp.chat/static/stylesheets/client_default.css?9e7cb0c
Requested by
Host: client.crisp.chat
URL: https://client.crisp.chat/l.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.28.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac8602f2b9f65d01baa3a71c2b69bb8561582353c0c77d9117ac629720d40833
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
33329
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 09 May 2024 12:26:32 GMT
server
cloudflare
etag
W/"663cc0f8-5a9cb"
access-control-max-age
300
access-control-allow-methods
HEAD, GET, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=315360000
access-control-allow-credentials
false
vary
Accept-Encoding
cf-ray
8877bd7e4ef4349d-WAW
access-control-allow-headers
Content-Type, Origin
expires
Fri, 19 May 2034 21:43:07 GMT
js
www.googletagmanager.com/gtag/ 		254 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-M830R3N37B
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-40b78a73.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d283f1d727d3e0bb1d807390d8c0fefc114dfe0cf61088b04af225a10bd3bb7b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91227
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 21 May 2024 21:43:07 GMT
js
www.googletagmanager.com/gtag/ 		254 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-M830R3N37B&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3766Q8BJM3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e72bb8a20c379b4126dd475238c84e5aa0fd5c2666966961fe121e7fbeda3107
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91248
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 21 May 2024 21:43:07 GMT
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-M830R3N37B&gtm=45je45f0h1v9115484297za200zb9165619434&_p=1716327786818&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&_fid=fK_ifC0ofGUmyIOTp2ww-H&cid=2141134537.1716327787&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.207%7CGoogle%2520Chrome%3B124.0.6367.207%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1716327787&sct=1&seg=0&dl=https%3A%2F%2Fweb.step.app%2F&dt=Step%20App%20%7C%20Web&en=page_view&_fv=1&_ss=2&_ee=1&ep.origin=firebase&tfd=1072
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-M830R3N37B
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 21 May 2024 21:43:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
243 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-M830R3N37B&cid=2141134537.1716327787&gtm=45je45f0h1v9115484297za200zb9165619434&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-M830R3N37B
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 21 May 2024 21:43:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-M830R3N37B&cid=2141134537.1716327787&gtm=45je45f0h1v9115484297za200zb9165619434&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=117206968
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 21 May 2024 21:43:07 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
client.crisp.chat/settings/website/309a2196-7a62-4de0-82aa-9375f6c9ea32/prelude/ 		214 B
505 B 		Script
General
Check archive.org
Download Go to
Full URL
https://client.crisp.chat/settings/website/309a2196-7a62-4de0-82aa-9375f6c9ea32/prelude/?callback=window.%24__CRISP_INSTANCE.__spool.website_handler&2024-4-21-23-43
Requested by
Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?9e7cb0c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.28.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8422293b23e4916e1c890d85e6736ef803ca0f9c18a2e6363b5bca9d53cc625a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 21 May 2024 21:43:07 GMT
server
cloudflare
access-control-max-age
300
access-control-allow-methods
HEAD, GET, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
access-control-allow-credentials
false
vary
Accept-Encoding
cf-ray
8877bd8038c6349d-WAW
access-control-allow-headers
Content-Type, Origin
expires
Wed, 22 May 2024 01:43:07 GMT
favicon.png
web.step.app/ 		8 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://web.step.app/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94068d31d56ff6e261d2c215bfc5f8a25788b31b467a7b40f7723c09f529e238
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq,Qmcs8q6osnb7M93MgRoNsT7KCDTLmoxHbBEVZdKHBpxTXW
etag
"Qmcs8q6osnb7M93MgRoNsT7KCDTLmoxHbBEVZdKHBpxTXW"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
image/png
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeidzvuszyfpf7jwlzeogdszun5muwc4mibwxoue2hsdpvlj2az75mq/favicon.png
cdn-requestcountrycode
DE
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
date
Tue, 21 May 2024 21:43:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
1080
x-cache-status
MISS
cdn-cachedat
05/02/2024 16:36:37
content-length
7933
x-xss-protection
0
x-request-id
3976fe7864fdc99105ec0c5190e4fb89
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eBN99KSyBrJER5ltKDKQ11RKNaoEZLqcDGN0d8%2FMVaJdNDZFn%2FVgQ5zfRrjIQrQbAbhQdk3lNVxjAUym44pdB%2FJkvJ%2BXbrGV9OZfD6U0WLeFuGwIxRD%2BsjfAoVsD88XJTvrZiC137ugtIA%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
8e37c72335e487cdcd670dfc8c2be968
accept-ranges
bytes
cf-ray
8877bd817ab0bb83-FRA
cdn-status
200
cdn-requestpullsuccess
True
/
client.crisp.chat/settings/website/309a2196-7a62-4de0-82aa-9375f6c9ea32/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://client.crisp.chat/settings/website/309a2196-7a62-4de0-82aa-9375f6c9ea32/?callback=window.%24__CRISP_INSTANCE.__spool.website_handler&1715416352409
Requested by
Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?9e7cb0c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.28.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
368bdba7e0991554ade82437e0a7fdc66d95debfec642df2dc425302701a2df0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
6952
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 21 May 2024 19:47:16 GMT
server
cloudflare
access-control-max-age
300
access-control-allow-methods
HEAD, GET, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
access-control-allow-credentials
false
vary
Accept-Encoding
cf-ray
8877bd836c0f349d-WAW
access-control-allow-headers
Content-Type, Origin
expires
Wed, 22 May 2024 01:43:08 GMT
en.js
client.crisp.chat/static/javascripts/locales/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://client.crisp.chat/static/javascripts/locales/en.js?9e7cb0c
Requested by
Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?9e7cb0c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.28.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5623cc23fb5f25c6472ca24b4472e7ce8d0c9ee6c832e0e34d0d2f1df6b01284
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
33317
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 08 Aug 2023 12:01:16 GMT
server
cloudflare
etag
W/"64d22e8c-1ce8"
access-control-max-age
300
access-control-allow-methods
HEAD, GET, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=315360000
access-control-allow-credentials
false
vary
Accept-Encoding
cf-ray
8877bd83ecae349d-WAW
access-control-allow-headers
Content-Type, Origin
expires
Fri, 19 May 2034 21:43:08 GMT
truncated
/ 		308 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
626caf211b150d21f5c20b05b378cb99540ae81d719b2af1cb1e29081704238d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
image.crisp.chat/avatar/website/309a2196-7a62-4de0-82aa-9375f6c9ea32/240/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.crisp.chat/avatar/website/309a2196-7a62-4de0-82aa-9375f6c9ea32/240/?1715416352409
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.28.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81c5575281e1dfebec2018211d1d68073d01891d5ed2f650359dc7e3d0eb650f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.step.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 21:43:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
age
9697
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5758
last-modified
Sat, 18 May 2024 05:33:05 GMT
server
cloudflare
etag
W/"167e-18f8a308017"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
8877bd848d70349d-WAW
expires
Fri, 19 May 2034 21:43:08 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| gtag object| dataLayer function| IMask function| Buffer object| $crisp string| CRISP_WEBSITE_ID object| CRISP_RUNTIME_CONFIG object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal boolean| $__CRISP_INCLUDED object| $__CRISP_INSTANCE

5 Cookies

Domain/Path Name / Value
.step.app/ Name: _ga
Value: GA1.1.2141134537.1716327787
.step.app/ Name: _ga_3766Q8BJM3
Value: GS1.1.1716327787.1.0.1716327787.0.0.0
.step.app/ Name: cf_clearance
Value: h2KN17Esa84uAJt7ZAIAqIc.z4McbP4HJ3LM5Y6lML8-1716327787-1.0.1.1-UV2F1w3.WoF5tREpXmKoXQYZiTzXC2ffh9o5Qf8UvS06t.g7VCU8zWk6qkJmr4v55I8U0m5FbDW3O67qzRPWNA
.step.app/ Name: _ga_M830R3N37B
Value: GS1.1.1716327787.1.0.1716327787.60.0.0
.step.app/ Name: crisp-client%2Fsession%2F309a2196-7a62-4de0-82aa-9375f6c9ea32
Value: session_793dceeb-cb5b-498c-8464-4c87a2e5fd5a

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.step.app
cdn.step.app
client.crisp.chat
firebase.googleapis.com
firebaseinstallations.googleapis.com
image.crisp.chat
region1.analytics.google.com
region1.google-analytics.com
stats.g.doubleclick.net
web.step.app
www.google.de
www.googletagmanager.com
104.18.28.104
142.250.186.35
172.217.16.138
2001:4860:4802:32::36
2606:4700:20::681a:7
2a00:1450:4001:801::200a
2a00:1450:4001:813::2008
2a00:1450:4001:831::200a
2a00:1450:400c:c0d::9a
34.36.42.172
092dab1f1b7d58c44907495e3cd17d025cf93a8a179a47ca18071b67baafcc37
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
368bdba7e0991554ade82437e0a7fdc66d95debfec642df2dc425302701a2df0
4f3057cdec6157e48f1ce2f2d97b9593e24085f38ee901208448df09a39e0fc5
5623cc23fb5f25c6472ca24b4472e7ce8d0c9ee6c832e0e34d0d2f1df6b01284
5bf975af61eae01950eb9b0696ff3010267c88d6da948d6aeb9b908a80fbfc85
626caf211b150d21f5c20b05b378cb99540ae81d719b2af1cb1e29081704238d
655253c4f1aa7cde5800020ba66c0612c3fba93fb5882775c0ce60a5c7955a68
7852c6d1e0dcbcd71fc19dbf3071793259c36e478cf535956d98e1dff4ce3920
81c5575281e1dfebec2018211d1d68073d01891d5ed2f650359dc7e3d0eb650f
8422293b23e4916e1c890d85e6736ef803ca0f9c18a2e6363b5bca9d53cc625a
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
8940e2087e3f8ee424412c8d3141f9eaf79298056db15f6ab2ba5e031457a0f1
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
94068d31d56ff6e261d2c215bfc5f8a25788b31b467a7b40f7723c09f529e238
9b097a67faef1025bf62951c36e586916f2ed519cadb4c1cd0f47c3653e67e57
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
ac8602f2b9f65d01baa3a71c2b69bb8561582353c0c77d9117ac629720d40833
cbcf1788b72ba5a100c4899d5a7c92735474dde494f17da40530ce8d102f63e4
ce30c3cb36036aebaf99f12876df6fc5b5aa2d90add060b31eecbeaf235897ed
d283f1d727d3e0bb1d807390d8c0fefc114dfe0cf61088b04af225a10bd3bb7b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e72bb8a20c379b4126dd475238c84e5aa0fd5c2666966961fe121e7fbeda3107
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629