![](/screenshots/ab67f8b3-46de-409e-909a-081e29af7419.png)
web.step.app
Open in
urlscan Pro
2606:4700:20::681a:7
Public Scan
Effective URL: https://web.step.app/
Submission: On May 21 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on April 14th 2024. Valid for: 3 months.
This is the only time web.step.app was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 12 | 2606:4700:20:... 2606:4700:20::681a:7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2a00:1450:400... 2a00:1450:4001:813::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:831::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 34.36.42.172 34.36.42.172 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
7 | 104.18.28.104 104.18.28.104 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2001:4860:480... 2001:4860:4802:32::36 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.217.16.138 172.217.16.138 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:801::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400c:c0d::9a | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.186.35 142.250.186.35 | 15169 (GOOGLE) (GOOGLE) | |
29 | 11 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
firebase.googleapis.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 172.42.36.34.bc.googleusercontent.com
cdn.step.app |
ASN15169 (GOOGLE, US)
region1.google-analytics.com | |
region1.analytics.google.com |
ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f10.1e100.net
firebaseinstallations.googleapis.com |
ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
step.app
2 redirects
app.step.app web.step.app cdn.step.app |
23 MB |
7 |
crisp.chat
client.crisp.chat — Cisco Umbrella Rank: 18903 image.crisp.chat — Cisco Umbrella Rank: 66278 |
165 KB |
4 |
googleapis.com
firebase.googleapis.com — Cisco Umbrella Rank: 3849 firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 566 |
941 B |
3 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39 |
279 KB |
1 |
google.de
www.google.de — Cisco Umbrella Rank: 7810 |
63 B |
1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 89 |
243 B |
1 |
google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3095 |
54 B |
1 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2533 |
252 B |
29 | 8 |
Domain | Requested by | |
---|---|---|
11 | web.step.app |
1 redirects
web.step.app
|
6 | client.crisp.chat |
web.step.app
client.crisp.chat |
3 | www.googletagmanager.com |
web.step.app
www.googletagmanager.com |
2 | firebaseinstallations.googleapis.com |
web.step.app
|
2 | firebase.googleapis.com |
web.step.app
|
1 | image.crisp.chat | |
1 | www.google.de |
web.step.app
|
1 | stats.g.doubleclick.net |
www.googletagmanager.com
|
1 | region1.analytics.google.com |
www.googletagmanager.com
|
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | cdn.step.app |
web.step.app
|
1 | app.step.app | 1 redirects |
29 | 12 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
step.app GTS CA 1P5 |
2024-04-14 - 2024-07-13 |
3 months | crt.sh |
*.google-analytics.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
cdn.step.app WR3 |
2024-05-16 - 2024-08-14 |
3 months | crt.sh |
crisp.chat E1 |
2024-04-05 - 2024-07-04 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
*.google.de WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://web.step.app/
Frame ID: 9D61C8D6BC29586D92D83251DC22DEAC
Requests: 26 HTTP requests in this frame
Frame:
https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
Frame ID: 1EEFA2729F5E671A186628658776532D
Requests: 2 HTTP requests in this frame
Screenshot
![](/screenshots/ab67f8b3-46de-409e-909a-081e29af7419.png)
Page Title
Step App | WebPage URL History Show full URLs
-
http://app.step.app/
HTTP 307
https://app.step.app/ HTTP 301
https://web.step.app/ Page URL
Detected technologies
Detected patterns
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: User Agreement
Search URL Search Domain Scan URL
Title: User Privacy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://app.step.app/
HTTP 307
https://app.step.app/ HTTP 301
https://web.step.app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
web.step.app/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-40b78a73.js
web.step.app/assets/ |
1 MB 442 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-ae585b0b.js
web.step.app/assets/ |
19 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-9b097a67.css
web.step.app/assets/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
302 KB 100 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/ Frame 1EEF Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SignIn-f70a48f6.js
web.step.app/assets/ |
744 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SignIn-8f0ff971.css
web.step.app/assets/ |
255 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ |
355 B 428 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statics.json
cdn.step.app/statics/latest/ |
23 MB 23 MB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
l.js
client.crisp.chat/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SFMono-Bold-87372509.woff2
web.step.app/assets/ |
44 KB 45 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 252 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ |
625 B 513 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
8877bd7a9b62bb83
web.step.app/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 1EEF |
0 552 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
client.js
client.crisp.chat/static/javascripts/ |
413 KB 103 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
client_default.css
client.crisp.chat/static/stylesheets/ |
362 KB 49 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
254 KB 89 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
254 KB 89 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.analytics.google.com/g/ |
0 54 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/g/ |
0 243 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ga-audiences
www.google.de/ads/ |
42 B 63 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
client.crisp.chat/settings/website/309a2196-7a62-4de0-82aa-9375f6c9ea32/prelude/ |
214 B 505 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.png
web.step.app/ |
8 KB 9 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
client.crisp.chat/settings/website/309a2196-7a62-4de0-82aa-9375f6c9ea32/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
en.js
client.crisp.chat/static/javascripts/locales/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
308 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
image.crisp.chat/avatar/website/309a2196-7a62-4de0-82aa-9375f6c9ea32/240/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| gtag object| dataLayer function| IMask function| Buffer object| $crisp string| CRISP_WEBSITE_ID object| CRISP_RUNTIME_CONFIG object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal boolean| $__CRISP_INCLUDED object| $__CRISP_INSTANCE5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.step.app/ | Name: _ga Value: GA1.1.2141134537.1716327787 |
|
.step.app/ | Name: _ga_3766Q8BJM3 Value: GS1.1.1716327787.1.0.1716327787.0.0.0 |
|
.step.app/ | Name: cf_clearance Value: h2KN17Esa84uAJt7ZAIAqIc.z4McbP4HJ3LM5Y6lML8-1716327787-1.0.1.1-UV2F1w3.WoF5tREpXmKoXQYZiTzXC2ffh9o5Qf8UvS06t.g7VCU8zWk6qkJmr4v55I8U0m5FbDW3O67qzRPWNA |
|
.step.app/ | Name: _ga_M830R3N37B Value: GS1.1.1716327787.1.0.1716327787.60.0.0 |
|
.step.app/ | Name: crisp-client%2Fsession%2F309a2196-7a62-4de0-82aa-9375f6c9ea32 Value: session_793dceeb-cb5b-498c-8464-4c87a2e5fd5a |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.step.app
cdn.step.app
client.crisp.chat
firebase.googleapis.com
firebaseinstallations.googleapis.com
image.crisp.chat
region1.analytics.google.com
region1.google-analytics.com
stats.g.doubleclick.net
web.step.app
www.google.de
www.googletagmanager.com
104.18.28.104
142.250.186.35
172.217.16.138
2001:4860:4802:32::36
2606:4700:20::681a:7
2a00:1450:4001:801::200a
2a00:1450:4001:813::2008
2a00:1450:4001:831::200a
2a00:1450:400c:c0d::9a
34.36.42.172
092dab1f1b7d58c44907495e3cd17d025cf93a8a179a47ca18071b67baafcc37
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
368bdba7e0991554ade82437e0a7fdc66d95debfec642df2dc425302701a2df0
4f3057cdec6157e48f1ce2f2d97b9593e24085f38ee901208448df09a39e0fc5
5623cc23fb5f25c6472ca24b4472e7ce8d0c9ee6c832e0e34d0d2f1df6b01284
5bf975af61eae01950eb9b0696ff3010267c88d6da948d6aeb9b908a80fbfc85
626caf211b150d21f5c20b05b378cb99540ae81d719b2af1cb1e29081704238d
655253c4f1aa7cde5800020ba66c0612c3fba93fb5882775c0ce60a5c7955a68
7852c6d1e0dcbcd71fc19dbf3071793259c36e478cf535956d98e1dff4ce3920
81c5575281e1dfebec2018211d1d68073d01891d5ed2f650359dc7e3d0eb650f
8422293b23e4916e1c890d85e6736ef803ca0f9c18a2e6363b5bca9d53cc625a
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
8940e2087e3f8ee424412c8d3141f9eaf79298056db15f6ab2ba5e031457a0f1
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
94068d31d56ff6e261d2c215bfc5f8a25788b31b467a7b40f7723c09f529e238
9b097a67faef1025bf62951c36e586916f2ed519cadb4c1cd0f47c3653e67e57
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
ac8602f2b9f65d01baa3a71c2b69bb8561582353c0c77d9117ac629720d40833
cbcf1788b72ba5a100c4899d5a7c92735474dde494f17da40530ce8d102f63e4
ce30c3cb36036aebaf99f12876df6fc5b5aa2d90add060b31eecbeaf235897ed
d283f1d727d3e0bb1d807390d8c0fefc114dfe0cf61088b04af225a10bd3bb7b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e72bb8a20c379b4126dd475238c84e5aa0fd5c2666966961fe121e7fbeda3107
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629