urlscan.io logo urlscan.io
SecurityTrails logo

payments.inventory.gallery Open in urlscan Pro
54.225.202.105  Public Scan

Go To Rescan Add Verdict Report
URL: https://payments.inventory.gallery/
Submission: On March 14 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 11 HTTP transactions. The main IP is 54.225.202.105, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is payments.inventory.gallery.
TLS certificate: Issued by R3 on March 14th 2023. Valid for: 3 months.
This is the only time payments.inventory.gallery was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 54.225.202.105 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 2400:52e0:1e0... 200325 (BUNNYCDN)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 18.66.122.38 16509 (AMAZON-02)
3 54.174.64.109 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
11 6
4    54.225.202.105 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-202-105.compute-1.amazonaws.com
payments.inventory.gallery
1    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2400:52e0:1e00::1077:1 (Slovenia)

ASN200325 (BUNNYCDN, SI)
cdn.materialdesignicons.com
2    2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    18.66.122.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-38.fra60.r.cloudfront.net
cdn1-sandbox.affirm.com
3    54.174.64.109 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-174-64-109.compute-1.amazonaws.com
sandbox.affirm.com
1    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
4 affirm.com
cdn1-sandbox.affirm.com — Cisco Umbrella Rank: 113021
sandbox.affirm.com — Cisco Umbrella Rank: 127466
104 KB
4 inventory.gallery
payments.inventory.gallery
224 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 337
41 KB
1 gstatic.com
fonts.gstatic.com
38 KB
1 materialdesignicons.com
cdn.materialdesignicons.com — Cisco Umbrella Rank: 38943
709 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 34
1 KB
11 6
Domain Requested by
4 payments.inventory.gallery payments.inventory.gallery
3 sandbox.affirm.com cdn1-sandbox.affirm.com
2 cdn.jsdelivr.net 1 redirects payments.inventory.gallery
1 fonts.gstatic.com fonts.googleapis.com
1 cdn1-sandbox.affirm.com payments.inventory.gallery
1 cdn.materialdesignicons.com 1 redirects
1 fonts.googleapis.com payments.inventory.gallery
11 7

This site contains no links.

Subject Issuer Validity Valid
payments.inventory.gallery
R3		 2023-03-14 -
2023-06-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-03-02 -
2023-05-25		 3 months crt.sh
affirm.com
Amazon RSA 2048 M01		 2023-02-28 -
2023-12-18		 10 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-03-02 -
2023-05-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://payments.inventory.gallery/
Frame ID: 9B8091076923FAAA6E2F83A6A96C3CE6
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

payments-invoice-payment

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

11
Requests

91 %
HTTPS

57 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

407 kB
Transfer

2142 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://cdn.materialdesignicons.com/5.4.55/css/materialdesignicons.min.css HTTP 301
  • https://cdn.jsdelivr.net/mdi/5.4.55/css/materialdesignicons.min.css HTTP 301
  • https://cdn.jsdelivr.net/npm/@mdi/font@5.4.55/css/materialdesignicons.min.css

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
payments.inventory.gallery/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://payments.inventory.gallery/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.225.202.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-225-202-105.compute-1.amazonaws.com
Software
Arternal AmazonS3 /
Resource Hash
c73dedf2af60f49d3c8e4c2293306d5c4962d090e0aae7a88c929c22fe2773c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
999
content-type
text/html
date
Tue, 14 Mar 2023 22:45:34 GMT
etag
"5a561234ea76a8c45f47a85cb4a7e601"
last-modified
Fri, 16 Sep 2022 00:55:32 GMT
referrer-policy
no-referrer-when-downgrade
server
Arternal AmazonS3
strict-transport-security
max-age=31536000;
vary
Accept-Encoding
x-amz-id-2
gVBfVvNTM+/IwhexVBWz8DzZeZLELHDuBzbM/BQJMuBK4SWXUN7KVFVQf4c0yNGdQ37bonn2T7M=
x-amz-request-id
C9AFRGF5TTCWT6SB
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block;
css2
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@100;300;500;700&display=swap
Requested by
Host: payments.inventory.gallery
URL: https://payments.inventory.gallery/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2e81d0d51eda961e11122abd10f0116feb11208f813f481422e7bc5dc6c57f2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.inventory.gallery/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 14 Mar 2023 22:45:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 22:45:33 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 14 Mar 2023 22:45:33 GMT
materialdesignicons.min.css
cdn.jsdelivr.net/npm/@mdi/font@5.4.55/css/
Redirect Chain
  • https://cdn.materialdesignicons.com/5.4.55/css/materialdesignicons.min.css
  • https://cdn.jsdelivr.net/mdi/5.4.55/css/materialdesignicons.min.css
  • https://cdn.jsdelivr.net/npm/@mdi/font@5.4.55/css/materialdesignicons.min.css
245 KB
40 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@mdi/font@5.4.55/css/materialdesignicons.min.css
Requested by
Host: payments.inventory.gallery
URL: https://payments.inventory.gallery/
Protocol
H2
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee3527737949377d842c8d715b99b98b0e31c2528aa49809cb9555dd8908cc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.inventory.gallery/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 14 Mar 2023 22:45:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1779085
x-jsd-version
5.4.55
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra-eddf8230058-FRA, cache-yyz4533-YYZ
x-jsd-version-type
version
server
cloudflare
etag
W/"3d236-+1GUFQQB1xbFJxuoLlvWA9Vm3l0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AaHwYgmub9QLsOjkKSvF6Wgl7%2Bz8l9X%2BSAs5x2YStsZbZS7bkjIV3se5rHGGSFjyAeiq4VgYfAiOGj%2F%2Fuqt77hqXNd5ntSj98fw%2BpD%2Bf%2BwwdQkJPIe3GKfWXA1W6qGBinCSpBx0Xe22ALmHtWcE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
7a800c32cd783732-FRA

Redirect headers

date
Tue, 14 Mar 2023 22:45:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1779053
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
111
x-served-by
cache-fra-eddf8230116-FRA, cache-jnb7024-JNB
server
cloudflare
vary
Accept-Encoding, Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FF1wr1KKNmFlO7qUEEDEszkVu4gICPqlyZrL195Dmot3L5D9GORc43veYyyDDiZgdFP2MemRnUL%2BMYkVgE%2BAYgAxICYVFTlKF0V0Elsgv%2F4s0X2QqoA9ho7CZbICD09jeYyMLmvnAQYmBvYa1iY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
location
https://cdn.jsdelivr.net/npm/@mdi/font@5.4.55/css/materialdesignicons.min.css
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000
timing-allow-origin
*
cf-ray
7a800c329d523732-FRA
app.ac405f73.css
payments.inventory.gallery/css/ 		1 MB
147 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.inventory.gallery/css/app.ac405f73.css
Requested by
Host: payments.inventory.gallery
URL: https://payments.inventory.gallery/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.225.202.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-225-202-105.compute-1.amazonaws.com
Software
Arternal, AmazonS3 /
Resource Hash
39fca7f5ccd7e4623841ab2e0d638002b8536fb6959935a3b22b1e5c0cd50d8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.inventory.gallery/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 14 Mar 2023 22:45:34 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000;
last-modified
Fri, 16 Sep 2022 00:55:32 GMT
server
Arternal, AmazonS3
x-amz-request-id
C9A8C95JSV8B9X5W
x-content-type-options
nosniff
etag
"cac604b1a9c3a92901886288f9eff96e"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
x-amz-id-2
tMxE1UDH/KsQkNqJ1qvyvUkzku1bxEo5umM8C2JMhHtQ4gZQRkdaeXAEOw0sILFBzR6RCSM2gGU=
x-xss-protection
1; mode=block;
app.ead7d32e.js
payments.inventory.gallery/js/ 		38 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.inventory.gallery/js/app.ead7d32e.js
Requested by
Host: payments.inventory.gallery
URL: https://payments.inventory.gallery/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.225.202.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-225-202-105.compute-1.amazonaws.com
Software
Arternal, AmazonS3 /
Resource Hash
e16e112a9e16dc23e8ecfd82a1e4506c9200ccc3c1fc4947998a7778d70b5158
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.inventory.gallery/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 14 Mar 2023 22:45:34 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000;
last-modified
Fri, 16 Sep 2022 00:55:32 GMT
server
Arternal, AmazonS3
x-amz-request-id
C9A7B429QBASQZ7E
x-content-type-options
nosniff
etag
"4fc6901f62597fe37c6251944d76c102"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-id-2
9X73LXKVGtiJGh5qCXLrSLKcnCwg8paFdHbNc+WWIGvIDDdmYejYP/AWc/akheEBZojx/vQUCfM=
x-xss-protection
1; mode=block;
chunk-vendors.06ea7b60.js
payments.inventory.gallery/js/ 		172 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.inventory.gallery/js/chunk-vendors.06ea7b60.js
Requested by
Host: payments.inventory.gallery
URL: https://payments.inventory.gallery/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.225.202.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-225-202-105.compute-1.amazonaws.com
Software
Arternal, AmazonS3 /
Resource Hash
9ff40a311c074fda2443c3dda22e1afe1899bd83048dc466588abc49ae36c35b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.inventory.gallery/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 14 Mar 2023 22:45:34 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000;
last-modified
Fri, 16 Sep 2022 00:55:32 GMT
server
Arternal, AmazonS3
x-amz-request-id
C9ADH6G61Q70ZM61
x-content-type-options
nosniff
etag
"15fe03efeddcfbae71f29aff2fb8f503"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-id-2
raq5TrdFFRACB9R2PVC35AGiQqqGNQ8SQqbC9+vPziUMQDz3DXEgD7MAzTs1xDcoDu5gh/v7DAw=
x-xss-protection
1; mode=block;
affirm.js
cdn1-sandbox.affirm.com/js/v2/ 		475 KB
102 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn1-sandbox.affirm.com/js/v2/affirm.js
Requested by
Host: payments.inventory.gallery
URL: https://payments.inventory.gallery/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-38.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
40206e94038cdcab3c3f4ae1f94f1a183ddc497ebbd31e4d7382909bd9ae55c4
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.inventory.gallery/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 14 Mar 2023 22:35:12 GMT
content-encoding
br
via
1.1 8ac93eaf91328abbc6951d3fbab21e80.cloudfront.net (CloudFront)
strict-transport-security
max-age=86400
x-amz-cf-pop
FRA60-P2
age
620
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
462
x-affirm-cache-status
HIT
x-affirm-request-id
33c87e60-02c7-45b1-c5d5-b5084a6abd0a
last-modified
Thu, 09 Mar 2023 06:32:01 GMT
server
istio-envoy
etag
W/"21566e03b5aef7d7966565d99a982db0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1800, stale-while-revalidate=259200, public
timing-allow-origin
*
link
<https://cdn1-sandbox.affirm.com>; rel=preconnect; crossorigin, <https://cdn1-sandbox.affirm.com>; rel=preconnect, <https://cdn-assets.affirm.com>; rel=preconnect; crossorigin, <https://cdn-assets.affirm.com>; rel=preconnect, <https://cdnjs.cloudflare.com>; rel=preconnect; crossorigin, <https://cdnjs.cloudflare.com>; rel=preconnect
x-amz-cf-id
WlAvY8xSPEvWNrTE3z5JCld8TajswUqK1KKhyU391zB-hhwuKm4Qkw==
touch_track
sandbox.affirm.com/api/v2/session/ 		46 B
985 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sandbox.affirm.com/api/v2/session/touch_track
Requested by
Host: cdn1-sandbox.affirm.com
URL: https://cdn1-sandbox.affirm.com/js/v2/affirm.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.174.64.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-174-64-109.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
2c64ac96df939466ab77b64f633c876c87df7e47ffc89c9ff5fef9fc897499c1
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.inventory.gallery/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 14 Mar 2023 22:45:33 GMT
x-affirm-request-id
35d12c5e-9bfa-49f0-c946-4f9b8a33df4e
content-encoding
gzip
strict-transport-security
max-age=86400
server
istio-envoy
vary
Accept-Encoding,Origin
access-control-max-age
86400
content-type
application/json
access-control-allow-origin
https://payments.inventory.gallery
access-control-allow-methods
GET, OPTIONS
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
24
x-affirm-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, X-Requested-With
cookie_sent
sandbox.affirm.com/api/v2/ 		22 B
567 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sandbox.affirm.com/api/v2/cookie_sent
Requested by
Host: cdn1-sandbox.affirm.com
URL: https://cdn1-sandbox.affirm.com/js/v2/affirm.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.174.64.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-174-64-109.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
924aebf24af414b12986f4af470b2ac7b61d765897f9e222c0af15805de9ae40
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept
application/json
Referer
https://payments.inventory.gallery/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 14 Mar 2023 22:45:33 GMT
x-affirm-request-id
1ab052db-532d-488c-c8f7-05994a5e3175
content-encoding
gzip
strict-transport-security
max-age=86400
server
istio-envoy
vary
Accept-Encoding,cookie, Origin,Origin
access-control-max-age
86400
content-type
application/json
access-control-allow-origin
https://payments.inventory.gallery
access-control-allow-methods
GET, OPTIONS
cache-control
max-age=3600
access-control-allow-credentials
true
x-envoy-upstream-service-time
7
x-affirm-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, X-Requested-With
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@100;300;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://payments.inventory.gallery
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Fri, 10 Mar 2023 09:24:48 GMT
x-content-type-options
nosniff
age
393645
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37924
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 20:54:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 09 Mar 2024 09:24:48 GMT
cookie_sent
sandbox.affirm.com/api/v2/ 		21 B
565 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sandbox.affirm.com/api/v2/cookie_sent
Requested by
Host: cdn1-sandbox.affirm.com
URL: https://cdn1-sandbox.affirm.com/js/v2/affirm.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.174.64.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-174-64-109.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
8d728ba62f3f7c795e471c6dce9d637ffce93580e4936c3f1b578320242df7b8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept
application/json
Referer
https://payments.inventory.gallery/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 14 Mar 2023 22:45:33 GMT
x-affirm-request-id
a76d00d8-ae94-4390-c3de-31d75cc96415
content-encoding
gzip
strict-transport-security
max-age=86400
server
istio-envoy
vary
Accept-Encoding,cookie, Origin,Origin
access-control-max-age
86400
content-type
application/json
access-control-allow-origin
https://payments.inventory.gallery
access-control-allow-methods
GET, OPTIONS
cache-control
max-age=3600
access-control-allow-credentials
true
x-envoy-upstream-service-time
8
x-affirm-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, X-Requested-With

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| _affirm_config object| affirm object| perfMetrics object| webpackJsonp boolean| __VUE__ object| __VUE_DEVTOOLS_PLUGINS__

5 Cookies

Domain/Path Name / Value
.affirm.com/ Name: DUMMY_COOKIE
Value: DUMMY_VALUE
.affirm.com/ Name: tracker_device
Value: 88424c88-c093-4478-bf33-21c456b1a09d
.affirm.com/ Name: t_v2_s
Value: eyIgYiI6Ik9EZzBNalJqT0RndFl6QTVNeTAwTkRjNExXSm1Nek10TWpGak5EVTJZakZoTURsayJ9.FvKKjQ.RmReLBn89GeDXmnBhXh8LIxCTGU
.affirm.com/ Name: 3060738.3440491
Value: 88424c88-c093-4478-bf33-21c456b1a09d
payments.inventory.gallery/ Name: tracker_device
Value: 88424c88-c093-4478-bf33-21c456b1a09d

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block;