urlscan.io logo urlscan.io
SecurityTrails logo

exp.afc.uat1.testafl.com Open in urlscan Pro
18.245.31.105  Public Scan

Go To Rescan Add Verdict Report
URL: https://exp.afc.uat1.testafl.com/
Submission: On June 24 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 1 countries across 4 domains to perform 13 HTTP transactions. The main IP is 18.245.31.105, located in United States and belongs to AMAZON-02, US. The main domain is exp.afc.uat1.testafl.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on June 19th 2024. Valid for: a year.
This is the only time exp.afc.uat1.testafl.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 18.245.31.105 16509 (AMAZON-02)
3 2a04:4e42:600... 54113 (FASTLY)
2 18.245.46.89 16509 (AMAZON-02)
3 151.101.1.229 54113 (FASTLY)
1 3.160.150.90 16509 (AMAZON-02)
1 34.36.213.229 396982 (GOOGLE-CL...)
13 6
3    18.245.31.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-31-105.fra56.r.cloudfront.net
exp.afc.uat1.testafl.com
3    2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
2    18.245.46.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-89.fra56.r.cloudfront.net
exp-resources.afl.uat1.testafl.com
3    151.101.1.229 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    3.160.150.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-160-150-90.fra60.r.cloudfront.net
sso.uat1.testmediaservices.com.au
1    34.36.213.229 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 229.213.36.34.bc.googleusercontent.com
cdn.pendo.io
Apex Domain
Subdomains		 Transfer
6 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 381
34 KB
5 testafl.com
exp.afc.uat1.testafl.com
exp-resources.afl.uat1.testafl.com
54 KB
1 pendo.io
cdn.pendo.io — Cisco Umbrella Rank: 770
153 KB
1 testmediaservices.com.au
sso.uat1.testmediaservices.com.au
93 KB
13 4
Domain Requested by
6 cdn.jsdelivr.net exp.afc.uat1.testafl.com
cdn.jsdelivr.net
3 exp.afc.uat1.testafl.com cdn.jsdelivr.net
2 exp-resources.afl.uat1.testafl.com cdn.jsdelivr.net
1 cdn.pendo.io exp.afc.uat1.testafl.com
1 sso.uat1.testmediaservices.com.au exp.afc.uat1.testafl.com
13 5

This site contains no links.

Subject Issuer Validity Valid
exp.afc.uat1.testafl.com
Amazon RSA 2048 M02		 2024-06-19 -
2025-07-19		 a year crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh
exp-resources.afl.uat1.testafl.com
Amazon RSA 2048 M03		 2024-06-19 -
2025-07-19		 a year crt.sh
*.uat1.testmediaservices.com.au
Amazon RSA 2048 M03		 2024-03-21 -
2025-04-19		 a year crt.sh
cdn.pendo.io
WR3		 2024-05-27 -
2024-08-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://exp.afc.uat1.testafl.com/
Frame ID: D513950E67CC23EC6516DC90E5B169BC
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Pulselive - Experience Platform

Detected technologies

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

13
Requests

100 %
HTTPS

17 %
IPv6

4
Domains

5
Subdomains

6
IPs

1
Countries

334 kB
Transfer

827 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
exp.afc.uat1.testafl.com/ 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://exp.afc.uat1.testafl.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.31.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-31-105.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ad80d14c01722304964b044adc85752718b6c1301dee512294af3473acc78f5f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; always
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
allow
GET; HEAD
cache-control
public
content-encoding
br
content-security-policy
default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:;
content-type
text/html
date
Mon, 24 Jun 2024 00:24:35 GMT
etag
W/"dfd876ad8311261db35ebccfdff4a056"
last-modified
Fri, 21 Jun 2024 13:19:50 GMT
referrer-policy
no-referrer
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains; always
vary
Accept-Encoding
via
1.1 a4079c0a5989b4b7af98433fdd07f680.cloudfront.net (CloudFront)
x-amz-cf-id
q-iidAfIQTGQZP54AElHiJKS_Nh77evURC7f5PmZEcb01rCuvPAjVQ==
x-amz-cf-pop
FRA56-P8
x-amz-server-side-encryption
AES256
x-amz-version-id
rchN97Qe6oJYth0tb4zkuLktG.wD8IpB
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
runtime.min.js
cdn.jsdelivr.net/npm/regenerator-runtime@0.13.5/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/regenerator-runtime@0.13.5/runtime.min.js
Requested by
Host: exp.afc.uat1.testafl.com
URL: https://exp.afc.uat1.testafl.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6a1aac84bc3e28e0cd56096cd1bf0342c6aa200312cd04dfea0368a703c6e920
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://exp.afc.uat1.testafl.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 24 Jun 2024 00:24:35 GMT
x-content-type-options
nosniff
content-encoding
br
age
331328
x-jsd-version
0.13.5
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
2657
x-served-by
cache-fra-etou8220138-FRA
x-jsd-version-type
version
etag
W/"19d1-iM0iJvp+1XXo5wHWGfR20wcwS2c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
import-map-overrides.js
cdn.jsdelivr.net/npm/import-map-overrides@2.4.2/dist/ 		45 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/import-map-overrides@2.4.2/dist/import-map-overrides.js
Requested by
Host: exp.afc.uat1.testafl.com
URL: https://exp.afc.uat1.testafl.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6647882d9d7e97d521ef6f9eb84c129b247df9d30ab5750b2caacd0c33f9a537
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://exp.afc.uat1.testafl.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 24 Jun 2024 00:24:35 GMT
x-content-type-options
nosniff
content-encoding
br
age
1626099
x-jsd-version
2.4.2
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
13932
x-served-by
cache-fra-etou8220138-FRA
x-jsd-version-type
version
etag
W/"b302-gAAPhzfD6z2MZlNbmhw2uyUKHeQ"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
system.min.js
cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js
Requested by
Host: exp.afc.uat1.testafl.com
URL: https://exp.afc.uat1.testafl.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e0c2b97ce4fb80ad9fcfebd4e6ca9e480d35580ef91e7b5838d11bfb4ee4be95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://exp.afc.uat1.testafl.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 24 Jun 2024 00:24:36 GMT
x-content-type-options
nosniff
content-encoding
br
age
2306039
x-jsd-version
6.14.0
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
4930
x-served-by
cache-fra-etou8220138-FRA
x-jsd-version-type
version
etag
W/"2fbc-jyr/Jv1CsqxLWM1OwO0WuZFNF+Y"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
import-map.json
exp-resources.afl.uat1.testafl.com/core/ 		243 B
529 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exp-resources.afl.uat1.testafl.com/core/import-map.json
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-89.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1cfe3eae04539eba4767391c1783fe8da3f7b4dcb3d190d1077efdcaf0eaaa06

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 00:24:38 GMT
via
1.1 6373f5d706cb8d973f3ced2fc572f6a8.cloudfront.net (CloudFront)
server
AmazonS3
x-amz-cf-pop
FRA56-P9
x-cache
Error from cloudfront
content-type
application/xml
access-control-allow-origin
*
access-control-expose-headers
*
x-amz-cf-id
vBNCcl5J49atasW2f1G1Bw6rle1ivlpf_Q2vpDiy6OJilgA3cKW3Bg==
import-map.json
exp-resources.afl.uat1.testafl.com/exp/ 		243 B
531 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exp-resources.afl.uat1.testafl.com/exp/import-map.json
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-89.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3eda362d1158744ebfb3012b6f31e5f378d1b6d7ceee4b57f1ec830f2296f092

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 00:24:40 GMT
via
1.1 6373f5d706cb8d973f3ced2fc572f6a8.cloudfront.net (CloudFront)
server
AmazonS3
x-amz-cf-pop
FRA56-P9
x-cache
Error from cloudfront
content-type
application/xml
access-control-allow-origin
*
access-control-expose-headers
*
x-amz-cf-id
EXGXEX0yie2PYxU5glQgawQwJ9uVxY2LKsyUZAR3OJTSDm-3PPcDQw==
named-exports.min.js
cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/extras/ 		678 B
785 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/extras/named-exports.min.js
Requested by
Host: exp.afc.uat1.testafl.com
URL: https://exp.afc.uat1.testafl.com/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
caa7c831b9a5458937aa6534e2c74b56ca6fb02ab13ed9f3426dd7b58c91fa16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://exp.afc.uat1.testafl.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 24 Jun 2024 00:24:36 GMT
x-content-type-options
nosniff
content-encoding
br
age
1099939
x-jsd-version
6.14.0
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
414
x-served-by
cache-fra-etou8220140-FRA
x-jsd-version-type
version
etag
W/"2a6-uz0SbUR6pO8RdaivGKbhPPGB1po"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
keycloak.js
sso.uat1.testmediaservices.com.au/auth/js/ 		92 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sso.uat1.testmediaservices.com.au/auth/js/keycloak.js
Requested by
Host: exp.afc.uat1.testafl.com
URL: https://exp.afc.uat1.testafl.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.160.150.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-160-150-90.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
209767e9d8c5033ac41bdcd03d2a374983df051c08e9b65187d34bfcf8deab76
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; img-src 'self' data:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 00:24:38 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; img-src 'self' data:
via
1.1 0833e8be76641de099b8f4a92c7a1c4e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P7
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-frame-options
SAMEORIGIN
vary
Origin
content-type
text/javascript
cache-control
no-cache, must-revalidate, no-transform, no-store
permissions-policy
accelerometer=(), autoplay=(), camera=(), ch-dpr=(), ch-save-data=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), window-placement=(), xr-spatial-tracking=()
x-amz-cf-id
B5F4BIx1k-uG2vS1nfrEYnslwQtwk6FboQKedG853k6DhSO-ZvoHhg==
pendo.js
cdn.pendo.io/agent/static/83782545-d7cd-41b6-7085-5c863e634eb4/ 		467 KB
153 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pendo.io/agent/static/83782545-d7cd-41b6-7085-5c863e634eb4/pendo.js
Requested by
Host: exp.afc.uat1.testafl.com
URL: https://exp.afc.uat1.testafl.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.213.229 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
229.213.36.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
46aa761bde98999111407d494cca8f716fce7e1f5f5d28af761b909fe015a6b2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 00:24:39 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubDomains
x-guploader-uploadid
ACJd0NoKPMDDLceART_97v1quwWrZreh-z5VPkgGo_gEQtgS43dHdBh50PSvnVK81A8SdyjXtL97eOwlPQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
155679
last-modified
Thu, 20 Jun 2024 18:18:54 GMT
server
UploadServer
etag
"565e1175fb958e75eaf527e3ddd52ead"
vary
Accept-Encoding
x-goog-generation
1718907534544838
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-goog-hash
crc32c=wy8isw==, md5=Vl4RdfuVjnXq9Sfj3dUurQ==
access-control-expose-headers
*
cache-control
public,max-age=450
x-goog-stored-content-length
155679
accept-ranges
bytes
favicon.svg
exp.afc.uat1.testafl.com/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://exp.afc.uat1.testafl.com/favicon.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.31.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-31-105.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3d798a484371fe20dd8a0b26eb14904502c52cf159ce37a636603a79961abc7b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; always
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 00:24:42 GMT
x-amz-version-id
MiXO.KIdaOxwBLBH8HWBCAi.dlrqTWOx
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; always
content-encoding
br
content-security-policy
default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:;
via
1.1 a4079c0a5989b4b7af98433fdd07f680.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
referrer-policy
no-referrer
last-modified
Fri, 21 Jun 2024 13:19:50 GMT
server
AmazonS3
etag
W/"fc8d7eed37be04ef3221d4ad5dcda0e1"
x-frame-options
SAMEORIGIN
allow
GET; HEAD
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public
vary
Accept-Encoding
x-amz-cf-id
6MCHcgmuTfFAMyx-m9Kk6Gk8T3xJ9gSODN6cATuiV36Q5HHpECyh4Q==
react.production.min.js
cdn.jsdelivr.net/npm/react@17.0.2/umd/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/react@17.0.2/umd/react.production.min.js
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
229bbf4d0e7488209564152c6723497f1ac3934136ca1684233d2fa88fa4146f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://exp.afc.uat1.testafl.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 24 Jun 2024 00:24:41 GMT
x-content-type-options
nosniff
content-encoding
br
age
2157484
x-jsd-version
17.0.2
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
4810
x-served-by
cache-fra-etou8220140-FRA
x-jsd-version-type
version
etag
W/"2cb0-bAUYnMLQi7KnYJwALwZ1ycZw02I"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
pulselive-experience-platform-web.js
exp.afc.uat1.testafl.com/ 		166 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://exp.afc.uat1.testafl.com/pulselive-experience-platform-web.js?ver=1700210879920
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.31.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-31-105.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7235a03516592d5c51ae56a6e5a046535bffded3782d28e89aacf1fd1098748f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; always
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 00:24:42 GMT
x-amz-version-id
cskcNTf.9sHThHjLaIboOB9QQkvCk5yz
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; always
content-encoding
br
content-security-policy
default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:;
via
1.1 a4079c0a5989b4b7af98433fdd07f680.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
referrer-policy
no-referrer
last-modified
Fri, 21 Jun 2024 13:19:50 GMT
server
AmazonS3
etag
W/"e33931cb5c43f66af8d0bf3565068886"
x-frame-options
SAMEORIGIN
allow
GET; HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public
vary
Accept-Encoding
x-amz-cf-id
PFPOWk8ovzOxs5PT_EzvDjhUEpARu6_7WO7nL9Q4xndKX1jGy8ccYw==
single-spa.min.js
cdn.jsdelivr.net/npm/single-spa@5.9.4/lib/system/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/single-spa@5.9.4/lib/system/single-spa.min.js
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fda24b7112d59c7417df5bd735ebc7c4bf22c68fc6403497f35dd5245ef04371
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://exp.afc.uat1.testafl.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 24 Jun 2024 00:24:43 GMT
x-content-type-options
nosniff
content-encoding
br
age
1668580
x-jsd-version
5.9.4
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
6770
x-served-by
cache-fra-etou8220140-FRA
x-jsd-version-type
version
etag
W/"5059-2wiyzGMvQ5lqQS+Z7/KQHjyi1Ac"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| runtime object| regeneratorRuntime object| importMapOverrides object| System function| Keycloak object| pendo object| React

0 Cookies

3 Console Messages

Source Level URL
Text
security error URL: https://exp.afc.uat1.testafl.com/
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: '*.'. It will be ignored.
network error URL: https://exp-resources.afl.uat1.testafl.com/core/import-map.json
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://exp-resources.afl.uat1.testafl.com/exp/import-map.json
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:;
Strict-Transport-Security max-age=31536000; includeSubDomains; always
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN