pentest-2025.devbox.boldin.com
44.239.41.206 Public Scan Open in urlscan Pro

Go To Rescan
Add Verdict Report

URL:
https://pentest-2025.devbox.boldin.com/ 1yr old
Submission: On May 28 via api (May 28th 2025, 6:42:04 am UTC) from US — Scanned from ES

Summary HTTP 128 Redirects Links 55 Behaviour Indicators

Summary

This website contacted 21 IPs in 2 countries across 12 domains to perform 128 HTTP transactions. The main IP is 44.239.41.206, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is pentest-2025.devbox.boldin.com. 1yr old
TLS certificate: Issued by Amazon RSA 2048 M03 on January 19th 2025. Valid for: 1yr.

This is the only time pentest-2025.devbox.boldin.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
35	44.239.41.206 44.239.41.206	16509 (AMAZON-02) (AMAZON-02)
2	54.190.253.51 54.190.253.51	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
4	18.66.122.78 18.66.122.78	16509 (AMAZON-02) (AMAZON-02)
1 15	2400:52e0:1e0... 2400:52e0:1e00::1080:1	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
1	172.217.16.195 172.217.16.195	15169 (GOOGLE) (GOOGLE)
17	2400:52e0:1e0... 2400:52e0:1e00::1082:1	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
2	18.66.122.116 18.66.122.116	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:1546	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.245.86.4 18.245.86.4	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	3.171.214.73 3.171.214.73	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	18.173.205.67 18.173.205.67	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7ec6	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148b	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	18.66.122.49 18.66.122.49	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::ac43:547	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:350... 2a02:26f0:3500:89a::523	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
128	21

35 44.239.41.206 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-41-206.us-west-2.compute.amazonaws.com

pentest-2025.devbox.boldin.com 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
staging.boldin.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 54.190.253.51 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-190-253-51.us-west-2.compute.amazonaws.com

widgets.staging.boldin.com 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 18.66.122.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-78.fra60.r.cloudfront.net

consent.trustarc.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

15 2400:52e0:1e00::1080:1 (Germany) 1 redirects

ASN60068 (CDN77 Datacamp Limited, GB)

cdn.shortpixel.ai 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.217.16.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f195.1e100.net

fonts.gstatic.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

17 2400:52e0:1e00::1082:1 (Germany)

ASN60068 (CDN77 Datacamp Limited, GB)

a.omappapi.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 18.66.122.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-116.fra60.r.cloudfront.net

consent-reporting.trustarc.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2606:4700:10::6816:1546 (United States)

ASN13335 (CLOUDFLARENET, US)

app.growsurf.com 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 18.245.86.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-4.fra60.r.cloudfront.net

cdn.amplitude.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2606:4700::6812:209 (United States)

ASN13335 (CLOUDFLARENET, US)

api.omappapi.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

16 3.171.214.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-171-214-73.fra50.r.cloudfront.net

consent-pref.trustarc.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 18.173.205.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-205-67.fra56.r.cloudfront.net

consent-st.trustarc.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2a02:26f0:480:f::213:7ec6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

use.typekit.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2a02:26f0:3500:16::215:148b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

p.typekit.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 18.66.122.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-49.fra60.r.cloudfront.net

consent.trustarc.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2606:4700:10::ac43:547 (United States)

ASN13335 (CLOUDFLARENET, US)

api.growsurf.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 2a02:26f0:3500:89a::523 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

res.cloudinary.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
37	boldin.com pentest-2025.devbox.boldin.com 1yr old widgets.staging.boldin.com 1yr old staging.boldin.com 2yr old	487 KB
24	trustarc.com consent.trustarc.com — Cisco Umbrella Rank: 4790 8yr old consent-reporting.trustarc.com — Cisco Umbrella Rank: 48502 3yr old consent-pref.trustarc.com — Cisco Umbrella Rank: 20556 8yr old consent-st.trustarc.com — Cisco Umbrella Rank: 57019 8yr old	615 KB
18	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 10235 6yr old api.omappapi.com — Cisco Umbrella Rank: 10851 6yr old	84 KB
15	shortpixel.ai 1 redirects cdn.shortpixel.ai — Cisco Umbrella Rank: 82882 8yr old	116 KB
3	cloudinary.com res.cloudinary.com — Cisco Umbrella Rank: 4246 9yr old	27 KB
2	typekit.net use.typekit.net — Cisco Umbrella Rank: 1029 13yr old p.typekit.net — Cisco Umbrella Rank: 1335 13yr old	1 KB
2	amplitude.com cdn.amplitude.com — Cisco Umbrella Rank: 4335 8yr old	79 KB
2	growsurf.com app.growsurf.com — Cisco Umbrella Rank: 299946 5yr old api.growsurf.com — Cisco Umbrella Rank: 287639 6yr old	241 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 100 56yr old	225 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1949 5yr old
1	gstatic.com fonts.gstatic.com 9yr old	23 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 107 56yr old	955 B
128	12

	Domain	Requested by
30	staging.boldin.com	pentest-2025.devbox.boldin.com staging.boldin.com
17	a.omappapi.com	pentest-2025.devbox.boldin.com a.omappapi.com
16	consent-pref.trustarc.com	consent.trustarc.com consent-pref.trustarc.com pentest-2025.devbox.boldin.com
15	cdn.shortpixel.ai	1 redirects pentest-2025.devbox.boldin.com
5	consent.trustarc.com	pentest-2025.devbox.boldin.com consent.trustarc.com
5	pentest-2025.devbox.boldin.com	widgets.staging.boldin.com staging.boldin.com cdn.amplitude.com
3	res.cloudinary.com
2	cdn.amplitude.com	www.googletagmanager.com cdn.amplitude.com
2	consent-reporting.trustarc.com	consent.trustarc.com
2	www.googletagmanager.com	pentest-2025.devbox.boldin.com www.googletagmanager.com
2	widgets.staging.boldin.com	pentest-2025.devbox.boldin.com
1	api.growsurf.com	app.growsurf.com
1	p.typekit.net	use.typekit.net
1	use.typekit.net
1	consent-st.trustarc.com	consent-pref.trustarc.com
1	region1.google-analytics.com	www.googletagmanager.com
1	api.omappapi.com	a.omappapi.com
1	app.growsurf.com	staging.boldin.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	pentest-2025.devbox.boldin.com
128	20

This site contains links to these domains. Also see Links.

Domain
staging.boldin.com
www.facebook.com
www.instagram.com
www.linkedin.com
www.reddit.com
help.boldin.com
developers.boldin.com
boldin.com
grow.surf
growsurf.com
www.boldin.com
trustarc.com

Subject Issuer	Validity	Valid
*.devbox.boldin.com Amazon RSA 2048 M03	`2025-01-19` - `2026-02-17`	1yr	crt.sh
*.staging.boldin.com Amazon RSA 2048 M03	`2025-01-15` - `2026-02-13`	1yr	crt.sh
staging.boldin.com Amazon RSA 2048 M02	`2025-01-15` - `2026-02-13`	1yr	crt.sh
upload.video.google.com WE2	`2025-05-12` - `2025-08-04`	3mo	crt.sh
*.google-analytics.com WE2	`2025-05-12` - `2025-08-04`	3mo	crt.sh
*.trustarc.com Amazon RSA 2048 M03	`2025-02-14` - `2026-03-14`	1yr	crt.sh
cdn.shortpixel.ai R11	`2025-05-07` - `2025-08-05`	3mo	crt.sh
*.gstatic.com WE2	`2025-05-12` - `2025-08-04`	3mo	crt.sh
a.omappapi.com R11	`2025-04-30` - `2025-07-29`	3mo	crt.sh
growsurf.com WE1	`2025-05-26` - `2025-08-24`	3mo	crt.sh
cdn.amplitude.com Amazon RSA 2048 M03	`2024-11-14` - `2025-12-13`	1yr	crt.sh
omappapi.com WE1	`2025-04-08` - `2025-07-07`	3mo	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-12-10` - `2026-01-10`	1yr	crt.sh
*.cloudinary.com Go Daddy Secure Certificate Authority - G2	`2024-12-18` - `2026-01-14`	1yr	crt.sh

This page contains 3 frames:

Primary Page: https://pentest-2025.devbox.boldin.com/
Frame ID: E1DB370AEA708DD20FF831F6CC106CA3
Requests: 145 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW
Frame ID: BD91985504993735E332C2DC568538F9
Requests: 14 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/deferredjs/4750377C9CFFDC101B08462CB9BFC324/7.cache.js
Frame ID: 541610DCA7AD0C70F5ADA7C0282D5547
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Retirement Planning Tool | Boldin

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (UI frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Amplitude (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.amplitude\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Slick (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

jQuery (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

128
Requests

83 %
HTTPS

55 %
IPv6

12
Domains

20
Subdomains

21
IPs

2
Countries

1899 kB
Transfer

5552 kB
Size

11
Cookies

55 Outgoing links

These are links going to different origins than the main page.

URL: https://staging.boldin.com/retirement/newretirement-communities/
Title: Communities

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/podcast/
Title: Podcast

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/pricing/
Title: Pricing

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/planning/retirement-planning/
Title: Retirement Planning

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/income/retirement-income/
Title: Retirement Income

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/retirement-savings-and-investments/
Title: Savings and Investments

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/income/social-security/
Title: Social Security

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/insurance/medicare-and-health-insurance/
Title: Medicare and Health Insurance

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/happy-life/aging-well/
Title: Aging Well

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/income/retirement-jobs/
Title: Retirement Jobs

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/housing-and-home-equity/
Title: Housing and Home Equity

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/reverse-mortgages/
Title: Reverse Mortgages

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/retirement-budget/
Title: Budgeting

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/insurance/annuities/
Title: Annuities

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/happy-life/celebrating-retirement/
Title: Happy Retirement

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/debt-and-debt-management/
Title: Debt

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/planning/retirement-financial-advisors/
Title: Financial Advisors

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/happy-life/family-and-relationships/
Title: Family and Relationships

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/insurance/long-term-care/
Title: Long Term Care

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/income/pensions/
Title: Pensions

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/topic/planning/estate-planning/
Title: Estate Planning

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/?page_id=34839
Title: Enterprise

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/planner
Title: Get Started

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/stories/
Title: Customer Stories

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/classes/
Title: Classes

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/coaching/
Title: Coaching

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/financial-advisor/
Title: Financial Advisor

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/fire-calculator/
Title: FIRE Retirement Calculator

Search URL Search Domain Scan URL

URL: https://www.facebook.com/groups/newretirement
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/boldin.money/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/newretirement/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/Boldin/
Title: Reddit

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/planner-signup/
Title: Get started for free

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/how-it-works/
Title: How It Works

Search URL Search Domain Scan URL

URL: https://help.boldin.com/en/
Title: Support

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/enterprise/employers/
Title: Employers

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/enterprise/plan-providers/
Title: Plan Providers

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/enterprise/financial-insititutions/
Title: Financial Institutions

Search URL Search Domain Scan URL

URL: https://developers.boldin.com/
Title: Developers

Search URL Search Domain Scan URL

URL: https://boldin.com/auth/newsletter/subscribe
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/newretirement

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/notice-to-california-residents/
Title: Do Not Sell

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/terms-of-use/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/wp-content/uploads/2025/05/FormCRS_Boldin-Advisors_20250513.pdf
Title: Form CRS

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/fulfillment-policy/
Title: Fulfillment Policy

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/security/
Title: Security

Search URL Search Domain Scan URL

URL: https://staging.boldin.com/retirement/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://boldin.com/
Title: Boldin.com

Search URL Search Domain Scan URL

URL: https://grow.surf/qpb08r
Title: here

Search URL Search Domain Scan URL

URL: https://grow.surf/qpb08r/terms
Title: here

Search URL Search Domain Scan URL

URL: https://growsurf.com/powered-by-growsurf?utm_source=GrowSurf%20User%20Website&utm_medium=GrowSurf%20Window&utm_campaign=https://pentest-2025.devbox.boldin.com/&company_name=Boldin&company_logo_image_url=https://res.cloudinary.com/growsurf-prod/image/upload/v1740338775/production/trq5r00h52o1d5ww00pn.png&goal=B2C_SUBSCRIPTIONS
Title: Powered by GrowSurf

Search URL Search Domain Scan URL

URL: https://www.boldin.com/retirement/planner-signup/

Search URL Search Domain Scan URL

URL: https://www.boldin.com/retirement/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://trustarc.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 109

https://cdn.shortpixel.ai/spai/q_lossless+w_650+to_auto+ret_img/consent.trustarc.com/v2/asset/transparent.png HTTP 302
https://consent.trustarc.com/v2/asset/transparent.png

128 HTTP transactions
35 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
pentest-2025.devbox.boldin.com/ 166 KB
26 KB 2904ms
2468ms Document
text/html 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: c863182566bca2c4d04a7dcd65d6e09f468548d28c78ed2eb02b1103755df0fa

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=0
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 28 May 2025 06:42:06 GMT
expires: Wed, 28 May 2025 06:42:05 GMT
link: <https://staging.boldin.com/retirement/wp-json/>; rel="https://api.w.org/", <https://staging.boldin.com/retirement/wp-json/wp/v2/pages/9004111222000083>; rel="alternate"; title="JSON"; type="application/json", <https://staging.boldin.com/retirement/?p=9004111222000083>; rel=shortlink
server: istio-envoy
vary: Accept-Encoding,Accept-Encoding
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront)
x-amz-cf-id: Dv8fLCdnyUblPYgsr46a4YHI9Zff-oXOdLeuKer3ha28DXcf68AJjA==
x-amz-cf-pop: HIO50-C1
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 2263

GET
H2 200 arrival.js Show response
widgets.staging.boldin.com/analytics/ 1 KB
1 KB 763ms
302ms Script
application/javascript 54.190.253.51
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://widgets.staging.boldin.com/analytics/arrival.js
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.190.253.51 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-190-253-51.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 64c7b0bdb117f09fecb3a53a3858076e70b4087a2ef128ac6eb3d322357da9a5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

x-amz-id-2: geAYF/PWvvzIN4gvQFskCP5t6JgUZEhBgpvcp0yTzIVU6MyrUMduZyNyhC9bxi2A5beS0FUWTGYGNIyg5lE8QGlaEnMcSX+YYCT2CKBH9xQ=
vary: Accept-Encoding
cache-control: public,max-age=60
content-encoding: br
x-amz-version-id: ES61pXXMApUtNVqrrr_KdwJJe9DsJLWC
x-envoy-upstream-service-time: 99
x-amz-request-id: HAASZMJ70FF9Q0AD
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: application/javascript
last-modified: Wed, 22 Jan 2025 10:49:27 GMT
server: istio-envoy
x-amz-server-side-encryption: AES256

GET
H2 200 style.min.css
staging.boldin.com/retirement/wp-includes/css/dist/block-library/ 114 KB
16 KB 1139ms
717ms Stylesheet
text/css 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-includes/css/dist/block-library/style.min.css?ver=6.8.1
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 597ddfdee7171750c16ec5aafd392cf992e9c53386d6bb6061d48e30334f09e9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 157
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css
last-modified: Fri, 16 May 2025 13:53:38 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 widget-options.css
staging.boldin.com/retirement/wp-content/plugins/extended-widget-options/assets/css/ 19 KB
2 KB 947ms
526ms Stylesheet
text/css 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/plugins/extended-widget-options/assets/css/widget-options.css?ver=5.1.6
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 8d2da5818f01a062e766c4b566dd24da1092177864aa742abee685030dbfb2d1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 267
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css
last-modified: Fri, 06 Sep 2024 19:11:29 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 animate.min.css
staging.boldin.com/retirement/wp-content/plugins/extended-widget-options/assets/css/ 52 KB
5 KB 754ms
333ms Stylesheet
text/css 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/plugins/extended-widget-options/assets/css/animate.min.css?ver=5.1.6
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 037efc03a832f8e893398640d009e128ab56af0da95b9e115f000dff0004dd15

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 135
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css
last-modified: Fri, 06 Sep 2024 19:11:29 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 makeway-migrator-public.css
staging.boldin.com/retirement/wp-content/plugins/makeway-migrator/public/css/ 98 B
301 B 946ms
525ms Stylesheet
text/css 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/plugins/makeway-migrator/public/css/makeway-migrator-public.css?ver=1.0.0
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 223
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css
last-modified: Thu, 03 Apr 2025 17:03:56 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 chap-titan-framework-chap-child-1-css.css
staging.boldin.com/retirement/wp-content/uploads/ 2 KB
882 B 831ms
411ms Stylesheet
text/css 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/uploads/chap-titan-framework-chap-child-1-css.css?ver=67ff69de5797c
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: a263fc5e9f5b99d8a6bcd9827977cdccd18b915dc34abb188dfe5ce99c31b289

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 204
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css
last-modified: Thu, 20 Mar 2025 15:22:33 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 css
fonts.googleapis.com/ 3 KB
955 B 215ms
74ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato%3A700%2C400%2C400italic%2C700italic&subset=latin%2Clatin-ext&display=swap&ver=6.8.1

Requested by

Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

638e0a9696a1287622b2881fce4aa2450101d9f7e29cb7811fb4c737a4e7e8e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 28 May 2025 06:42:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Wed, 28 May 2025 06:42:07 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 ytprefs.min.css
staging.boldin.com/retirement/wp-content/plugins/youtube-embed-plus/styles/ 8 KB
2 KB 830ms
410ms Stylesheet
text/css 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.2.2
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 8d51db7b43089d7781f8353156f0ef89e35cafff0a986f2c3d78e4644a545554

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 203
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css
last-modified: Fri, 16 May 2025 13:53:38 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 chap-semantic-ui.css
staging.boldin.com/retirement/wp-content/uploads/chap/ 426 KB
71 KB 1015ms
596ms Stylesheet
text/css 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/uploads/chap/chap-semantic-ui.css?ver=626857843384c
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: c72be99e9ae8f9307cc0bd669cacd0134a0eb76e6193d30a1ec2ec47674dc99a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 270
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css
last-modified: Fri, 06 Sep 2024 19:11:50 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 main-fab3bad5f3.css
staging.boldin.com/retirement/wp-content/themes/chap/dist/styles/ 1 KB
820 B 831ms
411ms Stylesheet
text/css 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap/dist/styles/main-fab3bad5f3.css?ver=1.23.7
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: c8f569cc4bade9d23372db2859fe09b40d7fcc9dac53f2464a8504cd85152cda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 204
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css
last-modified: Thu, 12 Sep 2024 09:16:10 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 style.css
staging.boldin.com/retirement/wp-content/themes/chap-child/ 2 KB
1 KB 1022ms
603ms Stylesheet
text/css 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/style.css?ver=1.37.4
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 3e91130c1f7b739f1b9904f63deb3e129ce5daed5df76459dce452b07f26db26

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 89
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css
last-modified: Fri, 25 Apr 2025 14:14:03 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 globals.min.css
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/ 492 KB
93 KB 1206ms
787ms Stylesheet
text/css 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/globals.min.css?ver=1.37.4
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 2c300f7fbb0cb05fe4fdb8660a9d8b852ce905b590cd102b03522b754dfc9fd0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 173
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css
last-modified: Fri, 16 May 2025 13:53:38 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 modules.min.css
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/ 84 KB
14 KB 1023ms
604ms Stylesheet
text/css 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/modules.min.css?ver=1.37.4
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 3569ab4b5bbeab89254333c6dce0f1308637797a64ab8b4b37e582c19c58f134

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 290
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: text/css
last-modified: Thu, 17 Apr 2025 15:25:13 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 jquery.min.js Show response
staging.boldin.com/retirement/wp-includes/js/jquery/ 86 KB
32 KB 1216ms
797ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 256
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Fri, 06 Sep 2024 19:11:53 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 jquery-migrate.min.js Show response
staging.boldin.com/retirement/wp-includes/js/jquery/ 13 KB
5 KB 1205ms
787ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 153
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: application/javascript
last-modified: Fri, 06 Sep 2024 19:11:53 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 makeway-migrator-public.js Show response
staging.boldin.com/retirement/wp-content/plugins/makeway-migrator/public/js/ 838 B
712 B 1215ms
796ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/plugins/makeway-migrator/public/js/makeway-migrator-public.js?ver=1.0.0
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 211
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Thu, 03 Apr 2025 17:03:57 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 ytprefs.min.js Show response
staging.boldin.com/retirement/wp-content/plugins/youtube-embed-plus/scripts/ 14 KB
5 KB 944ms
526ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.2.2
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: a8a601f7a37c4e3e18f2960f2c09ba71a676fa30ea0af33cd714194b1b03ef2e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 78
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: application/javascript
last-modified: Tue, 18 Mar 2025 12:32:02 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 slick.min.js Show response
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/slick/ 42 KB
11 KB 1019ms
601ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/slick/slick.min.js?ver=1.37.4
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 86
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:07 GMT
content-type: application/javascript
last-modified: Tue, 18 Mar 2025 16:35:30 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 gsap.min.js Show response
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/gsap/ 64 KB
27 KB 1215ms
798ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/gsap/gsap.min.js?ver=1.37.4
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 1b765b0cbd95391f6db0b565988eeb70ea68aa77bb9f8f7c8a880d96474c2aa8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 257
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Tue, 18 Mar 2025 16:35:30 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 ScrollTrigger.min.js Show response
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/gsap/ 37 KB
16 KB 1215ms
798ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/gsap/ScrollTrigger.min.js?ver=1.37.4
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 0eeea0ae57626a80aca153481285c67bf51f2d451d4b8a04bc7daf2e209f0f31

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 271
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Tue, 18 Mar 2025 16:35:30 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 bootstrap.bundle.min.js Show response
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/bootstrap/ 77 KB
24 KB 1214ms
797ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/bootstrap/bootstrap.bundle.min.js?ver=1.37.4
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 268
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Tue, 18 Mar 2025 16:35:30 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 js-cookie.min.js Show response
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/ 2 KB
1 KB 1211ms
794ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/js-cookie.min.js?ver=1.37.4
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 195
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Tue, 18 Mar 2025 16:35:30 GMT
server: istio-envoy
vary: Accept-Encoding

GET lottie-player.min.js
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/ 0
0

GET
H2 200 main.js Show response
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/ 18 KB
5 KB 1214ms
797ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/main.js?ver=1.37.4
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 72ec2c4a2bc954cc801cdb7723559de5a8869de85d6d4e490f832b7bf292eaf1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 267
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Tue, 18 Mar 2025 16:32:18 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 not-deferred.js Show response
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/ 4 KB
2 KB 1210ms
794ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/not-deferred.js?ver=1.37.4
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 20e01daf732a7cd038143d398122fb14fc135de7ac333134f94ade846155b18b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 204
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Fri, 16 May 2025 14:38:14 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 300 KB
99 KB 239ms
100ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5ZFKFP

Requested by

Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

865a55dd4a27092212bb881fac29149c493975b6cc823e6f6253e9ad7ff2bfa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
expires: Wed, 28 May 2025 06:42:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 28 May 2025 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
content-length: 100816
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 vldvdr Show response
consent.trustarc.com/v2/notice/ 74 KB
22 KB 223ms
97ms Script
text/javascript 18.66.122.78
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent.trustarc.com/v2/notice/vldvdr

Requested by

Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-78.fra60.r.cloudfront.net

Software

Resource Hash

4294128650becbd557a2e1945bd896d174e814d1266db304ad00e95e4fa7f692

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=3600
content-encoding: gzip
via: 1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-id: xl4_ydMQf1XyAIyaUgXWDlGE3rmH5RiiN2RQ-ldVEvYZ7P-_hOywUw==
date: Wed, 28 May 2025 06:42:08 GMT
content-type: text/javascript;charset=utf-8
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA60-P2

GET
H2 200 jquery.widgetopts.min.js Show response
staging.boldin.com/retirement/wp-content/plugins/extended-widget-options/assets/js/ 6 KB
2 KB 265ms
263ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/plugins/extended-widget-options/assets/js/jquery.widgetopts.min.js?ver=5.1.6
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 0c2364cd562fa20bc1e4bcfe0120ad9e74004c4f46b62a0d26b29b822f65d2e3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 67
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Fri, 06 Sep 2024 19:11:29 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 gsui-public.js Show response
staging.boldin.com/retirement/wp-content/plugins/gutenberg-sui/dist/ 2 KB
1023 B 1029ms
796ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/plugins/gutenberg-sui/dist/gsui-public.js?ver=1.0.31
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 7425d6291737b6ea9c4a5b40b2fa8cff5a05ef73eecbb85f71c8ac669dca5883

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 208
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Fri, 06 Sep 2024 19:11:30 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 chap-modular-sui.min.js Show response
staging.boldin.com/retirement/wp-content/uploads/chap/ 143 KB
41 KB 1030ms
797ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/uploads/chap/chap-modular-sui.min.js?ver=62056e6cb9af6
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 906369c889f40c870be400e809e16c79f372b73ab519c585772f18ff90c4d323

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 256
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Fri, 06 Sep 2024 19:11:50 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 main-f91ab31933.js Show response
staging.boldin.com/retirement/wp-content/themes/chap/dist/scripts/ 39 KB
14 KB 1031ms
798ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap/dist/scripts/main-f91ab31933.js?ver=1.23.7
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 8db703106bd75d00682d95b9524522d33832274083c6cbbb19ddc976c333c664

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 271
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Thu, 12 Sep 2024 09:16:10 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 instant-page.js Show response
staging.boldin.com/retirement/wp-content/themes/chap/dist/scripts/ 2 KB
1 KB 1029ms
797ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap/dist/scripts/instant-page.js?ver=3.0.0
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 502cdc942d155c058011c8bbeec1327ade55e8b4b77dd7e263a2079f361b60cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 216
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Thu, 12 Sep 2024 09:16:10 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 fitvids.min.js Show response
staging.boldin.com/retirement/wp-content/plugins/youtube-embed-plus/scripts/ 3 KB
1 KB 1028ms
796ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.2.2
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 7d3e02e79c7eb9eacf2ccca9c0145e458eafaeabace4592339c3811a837bed06

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 206
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Tue, 18 Mar 2025 12:32:02 GMT
server: istio-envoy
vary: Accept-Encoding

GET
H2 200 index.js Show response
widgets.staging.boldin.com/nr-web-components/ 143 KB
49 KB 738ms
346ms Script
application/javascript 54.190.253.51
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://widgets.staging.boldin.com/nr-web-components/index.js
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.190.253.51 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-190-253-51.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: d3a452d944c4d01a53a12446c0cd1bf000a7c39f09f9ff4078b2b2fc1d030d44

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://pentest-2025.devbox.boldin.com
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

access-control-max-age: 0
content-encoding: br
x-amz-version-id: M_3kBEnYMy.8UReUStCPRsJGRXm4N5YD
access-control-allow-methods: GET, HEAD
date: Wed, 28 May 2025 06:42:07 GMT
content-type: application/javascript
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 27 Jan 2025 02:16:23 GMT
x-amz-id-2: 90BudsR6/5LrFj07wcymoEw+8kkreZBAN9tdcQhwttDs9SK9C15xUIoZWgu1M6oWIzPngFbCHMx5dTtrI1LGFf9Ev9FFy2z4PejcsBTM7To=
cache-control: public,max-age=60
x-envoy-upstream-service-time: 143
x-amz-request-id: HAAVVN0JDV994K0N
accept-ranges: bytes
access-control-allow-origin: *
server: istio-envoy
x-amz-server-side-encryption: AES256

GET
H2 200 helper.min.js Show response
staging.boldin.com/retirement/wp-content/plugins/optinmonster/assets/dist/js/ 2 KB
1 KB 1026ms
794ms Script
application/javascript 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://staging.boldin.com/retirement/wp-content/plugins/optinmonster/assets/dist/js/helper.min.js?ver=2.16.19
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: a67748caf04244e16b3434fce2e110af93332848b04bd86b659132505286609a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 198
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/javascript
last-modified: Tue, 18 Mar 2025 12:25:43 GMT
server: istio-envoy
vary: Accept-Encoding

POST
H2 200 arrival Show response
pentest-2025.devbox.boldin.com/rails/ 21 B
3 KB 317ms
315ms Fetch
application/json 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://pentest-2025.devbox.boldin.com/rails/arrival

Requested by

Host: widgets.staging.boldin.com
URL: https://widgets.staging.boldin.com/analytics/arrival.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-41-206.us-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

4461a5153a423005ed2769a3d02f720dff3253eb0a5f8083a5438e8820dd4565

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .crazyegg.com .cloudflareinsights.com ajax.cloudflare.com .newretirement.com .boldin.com boldin.com .nationwide.com nationwide.com .googletagmanager.com .google.com .google-analytics.com .partner-newretirement.com onelink-edge.com .onelink-edge.com .googleapis.com .gstatic.com .doubleclick.net .googleoptimize.com .googleadservices.com .googlesyndication.com .ensighten.com ensighten.com .apple.com .outbrain.com .bing.com .shortpixel.ai .taboola.com .facebook.com .facebook.net .trustarc.com .pinterest.com .pinimg.com .oribi.io .dowjoneson.com .demdex.net .hotjar.com .yahoo.com .woopra.com sentry.io .sentry.io .jsdelivr.net .intercom.io .intercomcdn.com .jspm.io .tiqcdn.com .liadm.com .lidstatic.com .useberry.com .amplitude.com .truste.com .vimeo.com .yoast.com yoast.com .hotjar.io .leadid.com .plaid.com tsdtocl.com .scorecardresearch.com .cxense.com .cloudflare.com .imrworldwide.com .parsely.com .cloudfront.net .wsj.net .licdn.com .redditstatic.com .polyfill.io .sentry-cdn.com .youtube.com chargedesk.com .simplecast.com simplecast.com .thrivecart.com .clnmde.com .intercom-sheets.com .pagespeed-mod.com .ads-twitter.com .media.net .criteo.com .trendmicro.com .killadsapi.com .akamaihd.net .piano.io .tinypass.com .impactcdn.com .meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com .fullstory.com .siteintercept.qualtrics.com .qualtrics.com .js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com .nextdoor.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .crazyegg.com .cloudflareinsights.com ajax.cloudflare.com .newretirement.com .boldin.com boldin.com .nationwide.com nationwide.com .googletagmanager.com .google.com .google-analytics.com .partner-newretirement.com onelink-edge.com .onelink-edge.com .googleapis.com .gstatic.com .doubleclick.net .googleoptimize.com .googleadservices.com .googlesyndication.com .ensighten.com ensighten.com .apple.com .outbrain.com .bing.com .shortpixel.ai .taboola.com .facebook.com .facebook.net .trustarc.com .pinterest.com .pinimg.com .oribi.io .dowjoneson.com .demdex.net .hotjar.com .yahoo.com .woopra.com sentry.io .sentry.io .jsdelivr.net .intercom.io .intercomcdn.com .jspm.io .tiqcdn.com .liadm.com .lidstatic.com .useberry.com .amplitude.com .truste.com .vimeo.com .yoast.com yoast.com .hotjar.io .leadid.com .plaid.com tsdtocl.com .scorecardresearch.com .cxense.com .cloudflare.com .imrworldwide.com .parsely.com .cloudfront.net .wsj.net .licdn.com .redditstatic.com .polyfill.io .sentry-cdn.com .youtube.com chargedesk.com .simplecast.com simplecast.com .thrivecart.com .clnmde.com .intercom-sheets.com .pagespeed-mod.com .ads-twitter.com .media.net .criteo.com .trendmicro.com .killadsapi.com .akamaihd.net .piano.io .tinypass.com .impactcdn.com .meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com .fullstory.com .siteintercept.qualtrics.com .qualtrics.com .js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com .nextdoor.com data:; font-src * data:; img-src * data:; media-src * data:; connect-src api.stripe.com * data: blob: wss://.hotjar.com wss://.intercom.io
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

access-control-max-age: 7200
x-request-id: a812132e-e967-9780-8f1e-ced27cb8d264
access-control-expose-headers
etag: W/"4461a5153a423005ed2769a3d02f720d"
x-permitted-cross-domain-policies: none
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
x-content-type-options: nosniff
date: Wed, 28 May 2025 06:42:08 GMT
content-type: application/json; charset=utf-8
vary: Accept, Origin
x-runtime: 0.101763
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubdomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crazyegg.com *.cloudflareinsights.com ajax.cloudflare.com *.newretirement.com *.boldin.com boldin.com *.nationwide.com nationwide.com *.googletagmanager.com *.google.com *.google-analytics.com *.partner-newretirement.com onelink-edge.com *.onelink-edge.com *.googleapis.com *.gstatic.com *.doubleclick.net *.googleoptimize.com *.googleadservices.com *.googlesyndication.com *.ensighten.com ensighten.com *.apple.com *.outbrain.com *.bing.com *.shortpixel.ai *.taboola.com *.facebook.com *.facebook.net *.trustarc.com *.pinterest.com *.pinimg.com *.oribi.io *.dowjoneson.com *.demdex.net *.hotjar.com *.yahoo.com *.woopra.com sentry.io *.sentry.io *.jsdelivr.net *.intercom.io *.intercomcdn.com *.jspm.io *.tiqcdn.com *.liadm.com *.lidstatic.com *.useberry.com *.amplitude.com *.truste.com *.vimeo.com *.yoast.com yoast.com *.hotjar.io *.leadid.com *.plaid.com tsdtocl.com *.scorecardresearch.com *.cxense.com *.cloudflare.com *.imrworldwide.com *.parsely.com *.cloudfront.net *.wsj.net *.licdn.com *.redditstatic.com *.polyfill.io *.sentry-cdn.com *.youtube.com chargedesk.com *.simplecast.com simplecast.com *.thrivecart.com *.clnmde.com *.intercom-sheets.com *.pagespeed-mod.com *.ads-twitter.com *.media.net *.criteo.com *.trendmicro.com *.killadsapi.com *.akamaihd.net *.piano.io *.tinypass.com *.impactcdn.com *.meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com *.fullstory.com *.siteintercept.qualtrics.com *.qualtrics.com *.js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com *.nextdoor.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crazyegg.com *.cloudflareinsights.com ajax.cloudflare.com *.newretirement.com *.boldin.com boldin.com *.nationwide.com nationwide.com *.googletagmanager.com *.google.com *.google-analytics.com *.partner-newretirement.com onelink-edge.com *.onelink-edge.com *.googleapis.com *.gstatic.com *.doubleclick.net *.googleoptimize.com *.googleadservices.com *.googlesyndication.com *.ensighten.com ensighten.com *.apple.com *.outbrain.com *.bing.com *.shortpixel.ai *.taboola.com *.facebook.com *.facebook.net *.trustarc.com *.pinterest.com *.pinimg.com *.oribi.io *.dowjoneson.com *.demdex.net *.hotjar.com *.yahoo.com *.woopra.com sentry.io *.sentry.io *.jsdelivr.net *.intercom.io *.intercomcdn.com *.jspm.io *.tiqcdn.com *.liadm.com *.lidstatic.com *.useberry.com *.amplitude.com *.truste.com *.vimeo.com *.yoast.com yoast.com *.hotjar.io *.leadid.com *.plaid.com tsdtocl.com *.scorecardresearch.com *.cxense.com *.cloudflare.com *.imrworldwide.com *.parsely.com *.cloudfront.net *.wsj.net *.licdn.com *.redditstatic.com *.polyfill.io *.sentry-cdn.com *.youtube.com chargedesk.com *.simplecast.com simplecast.com *.thrivecart.com *.clnmde.com *.intercom-sheets.com *.pagespeed-mod.com *.ads-twitter.com *.media.net *.criteo.com *.trendmicro.com *.killadsapi.com *.akamaihd.net *.piano.io *.tinypass.com *.impactcdn.com *.meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com *.fullstory.com *.siteintercept.qualtrics.com *.qualtrics.com *.js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com *.nextdoor.com data:; font-src * data:; img-src * data:; media-src * data:; connect-src api.stripe.com * data: blob: wss://*.hotjar.com wss://*.intercom.io
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 111
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
content-length: 21
x-xss-protection: 0, 0
server: istio-envoy

GET
H2 200 spai-lib-bg.1.1.min.js Show response
cdn.shortpixel.ai/assets/js/bundles/ 42 KB
16 KB 315ms
126ms Script
application/x-javascript 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://cdn.shortpixel.ai/assets/js/bundles/spai-lib-bg.1.1.min.js?v=3.10.3
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 04b7e0b3d4a80a1741d2f598c036331368799f81a580b7f036d7fab871b3b6ae

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "67cedd3c-a83d"
x-sp-owner: true
date: Wed, 28 May 2025 06:42:08 GMT
last-modified: Mon, 10 Mar 2025 12:38:20 GMT
content-type: application/x-javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/17/2025 14:49:10
cache-control: public, max-age=2592000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 53b681d04f73a35518583a6a75ab79c8
cdn-pullzone: 257218
cdn-proxyver: 1.27
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
DATA 200
OK truncated
/ 256 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bca1da40cd008dbc69a51ed519dfbd6a1d4c69db302d2ec71eb935b76a516360

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 255 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eea1eafdd8cb8518971e8744a5cb64093e4dec1bfaac6dc9e9bcd7d7ade53079

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 234 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 03d1149447914d8ea3545ce26a7851c48d8871c4c5676f2d6c205d5cecf98997

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 232 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ac650f5067b0c5a12e8e29507c4bd7a1c07fa38e926f674065c55e658b990615

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 233 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bca774218120c0b83efb5c31dee5632bfb5db40d53a987c8c0151eb4cf56e25e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 229 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d0d49cf58ee9a69991a7caafb4ff4b472c779c2f7ebaa5e2550ea965412cf20

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 227 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9757d7f22015ad64a0dfa01835ec7be303889082777d231e75479622580eb4b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 232 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ececb8c95bdb3614cc879e2b4da8e71bc113eb1962e84f9ea3ab1893060d4fb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 261 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af7bf801a33a5350fea1e2446eae072ba25c59e506ecb0635550e7a721a4382f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 240 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f5e7e9abef5c233b99bfa523d611911788dc5f8f89d525dfd1457b47bf9de30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 256 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ebd820b9126a875fcc3b911207c29bc778a327f40af530b4bd3f0d81ef5e9dd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 242 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f5b93df3b045487b5aa4633c23b5f2a47d0731afcdb31dda554f737009fbe5fc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 234 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 054c67275e6868850e92f7c1d6bba717c93e302280d356001b5cdc6bfa4a77fb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 244 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3915133d6cc3355b8a8e524b41dfa1f3e3e747368b10a23441086b7f84bd888b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 240 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dca8e42f9b98b1dd4d2e11834f12d5b7b77ba9db9f5dc107089e68adba4d3285

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 241 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 885a3c241b54418bafed7e93cc17a24318766107e3ec0d1c7cbf59131a107c63

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 236 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d4dd6f50d32ea26c327f2545516e356d1c4149cea40b279bd077ca2d005918d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 238 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 214768c45acf7f8b6dfca76f9457b5d3860dab5b602ed9dadb1909092e2981bc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 250 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b643ab5c7f093f16916350eed3b5a78764e63dc465329047b6cccbe083dcfa4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 238 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc08cf3659632404e286ca81f5bef0bcbb16597cb3eac3aa7dd65c0ad53033c3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 256 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91355cd32a4bc123de2ad6a03d1d2c123e79e4eaf4131dea80810fa6a91b458a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 235 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4326e7c8366d9a9b133891cded91134ae71d156ba5dfc887447d7a3f400fe1b4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 255 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0d3899c7a03abb299fb50419a85df421c5d14bd25853ed84a5cd311879a145a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 230 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 664bfc35f51c6b9e721f675fbc1ca2f6d76d53ca4d9f6c0b967027ac4f364de4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 251 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 338c194d17af2422ab2888d3d11b1d99ca3ece8e4790a7450d09da11269bc377

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 235 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 92d57782af61b287d4b020285ea07f01bc07e3ad4fff06d2a16b2b4e7dbca10e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 261 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1fcf24cde3f3fa11e1963b9e64651b1b4a5d8d3387fabe6fb7f91174ce0d764

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 233 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd320c3812bb55f6fb5865df9f9495478b6d4025bd65f8c0843d876bf318b959

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 287 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f8c36b987774657e309837f00e80c68364325d4f33d171dc8d8ff17de4a3ffd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 234 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2026c6308cabfb0cf7c0b80244e777ce4fb51d894f126ad6e2208d62fb9cb339

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 287 B
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e04d599d302481bb299329e87def5ce34aee3f61da02a9a03a7dc08035854d64

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7877b11c0edba8db419a8ab7993a1d9265340d1860609a0b538c9d03329fb676

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 pre-footer-texture.svg
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/img/ 7 KB
2 KB 265ms
264ms Image
image/svg+xml 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/img/pre-footer-texture.svg
Requested by: Host: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/globals.min.css?ver=1.37.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-41-206.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 84e51d66c07e0a41e7ccad242ecffda22c24f009618de102eaa0c3bb882d0405

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/globals.min.css?ver=1.37.4

Response headers

cache-control: public, max-age=31536000
content-encoding: br
x-envoy-upstream-service-time: 68
accept-ranges: bytes
date: Wed, 28 May 2025 06:42:09 GMT
content-type: image/svg+xml
last-modified: Wed, 26 Mar 2025 16:18:13 GMT
server: istio-envoy
vary: Accept-Encoding

GET ESKlarheitGrotesk-Bd.woff2
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET
DATA 200
OK truncated
/ 1 KB
1 KB Font
application/font-woff

General

Check archive.org

Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c8c9990ea184492949540f619fb05fa38602f3ad6ae0dfe8fb18acb230a69dc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://pentest-2025.devbox.boldin.com
Referer

Response headers

Content-Type: application/font-woff;charset=utf-8

GET fa-regular-400.woff2
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/ 0
0

GET ESKlarheitGrotesk-Md.woff2
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET ESKlarheitGrotesk-Bk.woff2
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET fa-solid-900.woff2
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/ 0
0

GET ESKlarheitGrotesk-Rg.woff2
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET ESKlarheitGrotesk-Smbd.woff2
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET fa-brands-400.woff2
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/ 0
0

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 132ms
61ms Font
font/woff2 172.217.16.195
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A700%2C400%2C400italic%2C700italic&subset=latin%2Clatin-ext&display=swap&ver=6.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f195.1e100.net

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://pentest-2025.devbox.boldin.com
Referer: https://fonts.googleapis.com/

Response headers

age: 76638
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 27 May 2026 09:24:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 27 May 2025 09:24:50 GMT
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23580
x-xss-protection: 0
server: sffe

GET ESKlarheitPlakat-Xbd.woff2
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET Spectral-Italic.woff2
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 40 KB
16 KB 274ms
121ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 5ea48fa7f9946cbba590901776dbb5182cef29c5ca3d6ce8a29bc419e895ebc3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "6824ef6e-9fce"
cdn-fileserver: 383
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-680
last-modified: Wed, 14 May 2025 19:30:54 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/15/2025 10:18:47
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 43c1b8b59305ae2b3f033f7c2ff2bebc
cdn-pullzone: 293267
cdn-proxyver: 1.27
access-control-allow-origin: *
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 log
consent-reporting.trustarc.com/api/user-action/ 43 B
0 245ms
91ms Fetch
image/gif 18.66.122.116
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-reporting.trustarc.com/api/user-action/log?action=impression&domain=vldvdr&behavior=expressed&country=es&language=en&rand=0.41471297611640334&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/v2/notice/vldvdr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-116.fra60.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-expose-headers: *
pragma: no-cache
via: 1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 43
x-amz-cf-id: 7rPJ9ONt3h-7XNFbKSI9Euuqr16ZoXABXypHyNLymTNfT7BuOHG_5A==
date: Wed, 28 May 2025 06:42:09 GMT
content-type: image/gif
x-amz-cf-pop: FRA60-P2

GET
H2 200 getnonemptyindexes Show response
consent.trustarc.com/v2/consentcategories/ 0
315 B 226ms
101ms XHR
text/plain 18.66.122.78
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent.trustarc.com/v2/consentcategories/getnonemptyindexes?cmId=vldvdr&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&category=

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/v2/notice/vldvdr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-78.fra60.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-expose-headers: *
via: 1.1 a4233498d2bd44dbd411d60d86f8334e.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amz-cf-id: _s3ycmfC7iwPdVSrj-XTgcu02nUq-ccax9kj0RrCFU99O4eJKY1_0A==
date: Wed, 28 May 2025 06:42:09 GMT
content-type: text/plain;charset=iso-8859-1
x-amz-cf-pop: FRA60-P2

POST
H2 200 eventtrack
pentest-2025.devbox.boldin.com/rails/api/v1/ 0
3 KB 231ms
230ms Ping
application/json 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://pentest-2025.devbox.boldin.com/rails/api/v1/eventtrack

Requested by

Host: widgets.staging.boldin.com
URL: https://widgets.staging.boldin.com/nr-web-components/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-41-206.us-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .crazyegg.com .cloudflareinsights.com ajax.cloudflare.com .newretirement.com .boldin.com boldin.com .nationwide.com nationwide.com .googletagmanager.com .google.com .google-analytics.com .partner-newretirement.com onelink-edge.com .onelink-edge.com .googleapis.com .gstatic.com .doubleclick.net .googleoptimize.com .googleadservices.com .googlesyndication.com .ensighten.com ensighten.com .apple.com .outbrain.com .bing.com .shortpixel.ai .taboola.com .facebook.com .facebook.net .trustarc.com .pinterest.com .pinimg.com .oribi.io .dowjoneson.com .demdex.net .hotjar.com .yahoo.com .woopra.com sentry.io .sentry.io .jsdelivr.net .intercom.io .intercomcdn.com .jspm.io .tiqcdn.com .liadm.com .lidstatic.com .useberry.com .amplitude.com .truste.com .vimeo.com .yoast.com yoast.com .hotjar.io .leadid.com .plaid.com tsdtocl.com .scorecardresearch.com .cxense.com .cloudflare.com .imrworldwide.com .parsely.com .cloudfront.net .wsj.net .licdn.com .redditstatic.com .polyfill.io .sentry-cdn.com .youtube.com chargedesk.com .simplecast.com simplecast.com .thrivecart.com .clnmde.com .intercom-sheets.com .pagespeed-mod.com .ads-twitter.com .media.net .criteo.com .trendmicro.com .killadsapi.com .akamaihd.net .piano.io .tinypass.com .impactcdn.com .meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com .fullstory.com .siteintercept.qualtrics.com .qualtrics.com .js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com .nextdoor.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .crazyegg.com .cloudflareinsights.com ajax.cloudflare.com .newretirement.com .boldin.com boldin.com .nationwide.com nationwide.com .googletagmanager.com .google.com .google-analytics.com .partner-newretirement.com onelink-edge.com .onelink-edge.com .googleapis.com .gstatic.com .doubleclick.net .googleoptimize.com .googleadservices.com .googlesyndication.com .ensighten.com ensighten.com .apple.com .outbrain.com .bing.com .shortpixel.ai .taboola.com .facebook.com .facebook.net .trustarc.com .pinterest.com .pinimg.com .oribi.io .dowjoneson.com .demdex.net .hotjar.com .yahoo.com .woopra.com sentry.io .sentry.io .jsdelivr.net .intercom.io .intercomcdn.com .jspm.io .tiqcdn.com .liadm.com .lidstatic.com .useberry.com .amplitude.com .truste.com .vimeo.com .yoast.com yoast.com .hotjar.io .leadid.com .plaid.com tsdtocl.com .scorecardresearch.com .cxense.com .cloudflare.com .imrworldwide.com .parsely.com .cloudfront.net .wsj.net .licdn.com .redditstatic.com .polyfill.io .sentry-cdn.com .youtube.com chargedesk.com .simplecast.com simplecast.com .thrivecart.com .clnmde.com .intercom-sheets.com .pagespeed-mod.com .ads-twitter.com .media.net .criteo.com .trendmicro.com .killadsapi.com .akamaihd.net .piano.io .tinypass.com .impactcdn.com .meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com .fullstory.com .siteintercept.qualtrics.com .qualtrics.com .js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com .nextdoor.com data:; font-src * data:; img-src * data:; media-src * data:; connect-src api.stripe.com * data: blob: wss://.hotjar.com wss://.intercom.io
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

access-control-max-age: 7200
x-request-id: 0947219d-6557-9c43-ab7f-22d8704ce740
access-control-expose-headers
x-permitted-cross-domain-policies: none
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
x-content-type-options: nosniff
date: Wed, 28 May 2025 06:42:09 GMT
content-type: application/json
vary: Origin
x-runtime: 0.021788
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubdomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crazyegg.com *.cloudflareinsights.com ajax.cloudflare.com *.newretirement.com *.boldin.com boldin.com *.nationwide.com nationwide.com *.googletagmanager.com *.google.com *.google-analytics.com *.partner-newretirement.com onelink-edge.com *.onelink-edge.com *.googleapis.com *.gstatic.com *.doubleclick.net *.googleoptimize.com *.googleadservices.com *.googlesyndication.com *.ensighten.com ensighten.com *.apple.com *.outbrain.com *.bing.com *.shortpixel.ai *.taboola.com *.facebook.com *.facebook.net *.trustarc.com *.pinterest.com *.pinimg.com *.oribi.io *.dowjoneson.com *.demdex.net *.hotjar.com *.yahoo.com *.woopra.com sentry.io *.sentry.io *.jsdelivr.net *.intercom.io *.intercomcdn.com *.jspm.io *.tiqcdn.com *.liadm.com *.lidstatic.com *.useberry.com *.amplitude.com *.truste.com *.vimeo.com *.yoast.com yoast.com *.hotjar.io *.leadid.com *.plaid.com tsdtocl.com *.scorecardresearch.com *.cxense.com *.cloudflare.com *.imrworldwide.com *.parsely.com *.cloudfront.net *.wsj.net *.licdn.com *.redditstatic.com *.polyfill.io *.sentry-cdn.com *.youtube.com chargedesk.com *.simplecast.com simplecast.com *.thrivecart.com *.clnmde.com *.intercom-sheets.com *.pagespeed-mod.com *.ads-twitter.com *.media.net *.criteo.com *.trendmicro.com *.killadsapi.com *.akamaihd.net *.piano.io *.tinypass.com *.impactcdn.com *.meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com *.fullstory.com *.siteintercept.qualtrics.com *.qualtrics.com *.js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com *.nextdoor.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crazyegg.com *.cloudflareinsights.com ajax.cloudflare.com *.newretirement.com *.boldin.com boldin.com *.nationwide.com nationwide.com *.googletagmanager.com *.google.com *.google-analytics.com *.partner-newretirement.com onelink-edge.com *.onelink-edge.com *.googleapis.com *.gstatic.com *.doubleclick.net *.googleoptimize.com *.googleadservices.com *.googlesyndication.com *.ensighten.com ensighten.com *.apple.com *.outbrain.com *.bing.com *.shortpixel.ai *.taboola.com *.facebook.com *.facebook.net *.trustarc.com *.pinterest.com *.pinimg.com *.oribi.io *.dowjoneson.com *.demdex.net *.hotjar.com *.yahoo.com *.woopra.com sentry.io *.sentry.io *.jsdelivr.net *.intercom.io *.intercomcdn.com *.jspm.io *.tiqcdn.com *.liadm.com *.lidstatic.com *.useberry.com *.amplitude.com *.truste.com *.vimeo.com *.yoast.com yoast.com *.hotjar.io *.leadid.com *.plaid.com tsdtocl.com *.scorecardresearch.com *.cxense.com *.cloudflare.com *.imrworldwide.com *.parsely.com *.cloudfront.net *.wsj.net *.licdn.com *.redditstatic.com *.polyfill.io *.sentry-cdn.com *.youtube.com chargedesk.com *.simplecast.com simplecast.com *.thrivecart.com *.clnmde.com *.intercom-sheets.com *.pagespeed-mod.com *.ads-twitter.com *.media.net *.criteo.com *.trendmicro.com *.killadsapi.com *.akamaihd.net *.piano.io *.tinypass.com *.impactcdn.com *.meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com *.fullstory.com *.siteintercept.qualtrics.com *.qualtrics.com *.js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com *.nextdoor.com data:; font-src * data:; img-src * data:; media-src * data:; connect-src api.stripe.com * data: blob: wss://*.hotjar.com wss://*.intercom.io
cache-control: no-cache
x-envoy-upstream-service-time: 31
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
content-length: 0
x-xss-protection: 0, 0
server: istio-envoy

GET
H2 200 me Show response
pentest-2025.devbox.boldin.com/rails/api/v1/ 6 KB
5 KB 265ms
264ms Fetch
application/json 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://pentest-2025.devbox.boldin.com/rails/api/v1/me

Requested by

Host: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/not-deferred.js?ver=1.37.4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-41-206.us-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

3eca73bc6b3bae0091545db637cb028b957c9a228ec17177425a51a782d4fe47

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .crazyegg.com .cloudflareinsights.com ajax.cloudflare.com .newretirement.com .boldin.com boldin.com .nationwide.com nationwide.com .googletagmanager.com .google.com .google-analytics.com .partner-newretirement.com onelink-edge.com .onelink-edge.com .googleapis.com .gstatic.com .doubleclick.net .googleoptimize.com .googleadservices.com .googlesyndication.com .ensighten.com ensighten.com .apple.com .outbrain.com .bing.com .shortpixel.ai .taboola.com .facebook.com .facebook.net .trustarc.com .pinterest.com .pinimg.com .oribi.io .dowjoneson.com .demdex.net .hotjar.com .yahoo.com .woopra.com sentry.io .sentry.io .jsdelivr.net .intercom.io .intercomcdn.com .jspm.io .tiqcdn.com .liadm.com .lidstatic.com .useberry.com .amplitude.com .truste.com .vimeo.com .yoast.com yoast.com .hotjar.io .leadid.com .plaid.com tsdtocl.com .scorecardresearch.com .cxense.com .cloudflare.com .imrworldwide.com .parsely.com .cloudfront.net .wsj.net .licdn.com .redditstatic.com .polyfill.io .sentry-cdn.com .youtube.com chargedesk.com .simplecast.com simplecast.com .thrivecart.com .clnmde.com .intercom-sheets.com .pagespeed-mod.com .ads-twitter.com .media.net .criteo.com .trendmicro.com .killadsapi.com .akamaihd.net .piano.io .tinypass.com .impactcdn.com .meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com .fullstory.com .siteintercept.qualtrics.com .qualtrics.com .js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com .nextdoor.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .crazyegg.com .cloudflareinsights.com ajax.cloudflare.com .newretirement.com .boldin.com boldin.com .nationwide.com nationwide.com .googletagmanager.com .google.com .google-analytics.com .partner-newretirement.com onelink-edge.com .onelink-edge.com .googleapis.com .gstatic.com .doubleclick.net .googleoptimize.com .googleadservices.com .googlesyndication.com .ensighten.com ensighten.com .apple.com .outbrain.com .bing.com .shortpixel.ai .taboola.com .facebook.com .facebook.net .trustarc.com .pinterest.com .pinimg.com .oribi.io .dowjoneson.com .demdex.net .hotjar.com .yahoo.com .woopra.com sentry.io .sentry.io .jsdelivr.net .intercom.io .intercomcdn.com .jspm.io .tiqcdn.com .liadm.com .lidstatic.com .useberry.com .amplitude.com .truste.com .vimeo.com .yoast.com yoast.com .hotjar.io .leadid.com .plaid.com tsdtocl.com .scorecardresearch.com .cxense.com .cloudflare.com .imrworldwide.com .parsely.com .cloudfront.net .wsj.net .licdn.com .redditstatic.com .polyfill.io .sentry-cdn.com .youtube.com chargedesk.com .simplecast.com simplecast.com .thrivecart.com .clnmde.com .intercom-sheets.com .pagespeed-mod.com .ads-twitter.com .media.net .criteo.com .trendmicro.com .killadsapi.com .akamaihd.net .piano.io .tinypass.com .impactcdn.com .meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com .fullstory.com .siteintercept.qualtrics.com .qualtrics.com .js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com .nextdoor.com data:; font-src * data:; img-src * data:; media-src * data:; connect-src api.stripe.com * data: blob: wss://.hotjar.com wss://.intercom.io
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

x-request-id: ef6f1cdd-ec4a-9c87-b2db-5a1b55eee140
content-encoding: br
etag: W/"3eca73bc6b3bae0091545db637cb028b"
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Wed, 28 May 2025 06:42:09 GMT
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
x-runtime: 0.058808
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubdomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crazyegg.com *.cloudflareinsights.com ajax.cloudflare.com *.newretirement.com *.boldin.com boldin.com *.nationwide.com nationwide.com *.googletagmanager.com *.google.com *.google-analytics.com *.partner-newretirement.com onelink-edge.com *.onelink-edge.com *.googleapis.com *.gstatic.com *.doubleclick.net *.googleoptimize.com *.googleadservices.com *.googlesyndication.com *.ensighten.com ensighten.com *.apple.com *.outbrain.com *.bing.com *.shortpixel.ai *.taboola.com *.facebook.com *.facebook.net *.trustarc.com *.pinterest.com *.pinimg.com *.oribi.io *.dowjoneson.com *.demdex.net *.hotjar.com *.yahoo.com *.woopra.com sentry.io *.sentry.io *.jsdelivr.net *.intercom.io *.intercomcdn.com *.jspm.io *.tiqcdn.com *.liadm.com *.lidstatic.com *.useberry.com *.amplitude.com *.truste.com *.vimeo.com *.yoast.com yoast.com *.hotjar.io *.leadid.com *.plaid.com tsdtocl.com *.scorecardresearch.com *.cxense.com *.cloudflare.com *.imrworldwide.com *.parsely.com *.cloudfront.net *.wsj.net *.licdn.com *.redditstatic.com *.polyfill.io *.sentry-cdn.com *.youtube.com chargedesk.com *.simplecast.com simplecast.com *.thrivecart.com *.clnmde.com *.intercom-sheets.com *.pagespeed-mod.com *.ads-twitter.com *.media.net *.criteo.com *.trendmicro.com *.killadsapi.com *.akamaihd.net *.piano.io *.tinypass.com *.impactcdn.com *.meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com *.fullstory.com *.siteintercept.qualtrics.com *.qualtrics.com *.js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com *.nextdoor.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crazyegg.com *.cloudflareinsights.com ajax.cloudflare.com *.newretirement.com *.boldin.com boldin.com *.nationwide.com nationwide.com *.googletagmanager.com *.google.com *.google-analytics.com *.partner-newretirement.com onelink-edge.com *.onelink-edge.com *.googleapis.com *.gstatic.com *.doubleclick.net *.googleoptimize.com *.googleadservices.com *.googlesyndication.com *.ensighten.com ensighten.com *.apple.com *.outbrain.com *.bing.com *.shortpixel.ai *.taboola.com *.facebook.com *.facebook.net *.trustarc.com *.pinterest.com *.pinimg.com *.oribi.io *.dowjoneson.com *.demdex.net *.hotjar.com *.yahoo.com *.woopra.com sentry.io *.sentry.io *.jsdelivr.net *.intercom.io *.intercomcdn.com *.jspm.io *.tiqcdn.com *.liadm.com *.lidstatic.com *.useberry.com *.amplitude.com *.truste.com *.vimeo.com *.yoast.com yoast.com *.hotjar.io *.leadid.com *.plaid.com tsdtocl.com *.scorecardresearch.com *.cxense.com *.cloudflare.com *.imrworldwide.com *.parsely.com *.cloudfront.net *.wsj.net *.licdn.com *.redditstatic.com *.polyfill.io *.sentry-cdn.com *.youtube.com chargedesk.com *.simplecast.com simplecast.com *.thrivecart.com *.clnmde.com *.intercom-sheets.com *.pagespeed-mod.com *.ads-twitter.com *.media.net *.criteo.com *.trendmicro.com *.killadsapi.com *.akamaihd.net *.piano.io *.tinypass.com *.impactcdn.com *.meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com *.fullstory.com *.siteintercept.qualtrics.com *.qualtrics.com *.js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com *.nextdoor.com data:; font-src * data:; img-src * data:; media-src * data:; connect-src api.stripe.com * data: blob: wss://*.hotjar.com wss://*.intercom.io
cache-control: no-store
x-envoy-upstream-service-time: 64
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 0, 0
server: istio-envoy

GET
H2 200 growsurf.js Show response
app.growsurf.com/ 1 MB
218 KB 598ms
513ms Script
application/javascript 2606:4700:10::6816:1546
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://app.growsurf.com/growsurf.js?v=2.0.0

Requested by

Host: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/not-deferred.js?ver=1.37.4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1546 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e173ca2e7383a258ec49ddf798124108dd41eee6bdc43ccda21daa8c22a3c75

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

content-encoding: br
cf-cache-status: REVALIDATED
etag: W/"2c4c9-1971164d7d8"
x-content-type-options: nosniff
date: Wed, 28 May 2025 06:42:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 27 May 2025 10:58:31 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: public, max-age=14400
x-dns-prefetch-control: off
x-download-options: noopen
cf-ray: 946bc5376e72037f-MAD
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 373 KB
126 KB 100ms
99ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-NK76HYXXWR&cx=c&gtm=45He55q0v71429535za200&tag_exp=101509157~103116026~103130498~103130500~103200004~103233427~103252644~103252646~104481633~104481635

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5ZFKFP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

84f38bf44452885032965e4375663286f1b4cadb04f268e41fea087df9da9147

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

content-encoding: br
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
expires: Wed, 28 May 2025 06:42:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 28 May 2025 06:42:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
content-length: 128305
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics-browser-gtm-wrapper-3.13.0.js.br Show response
cdn.amplitude.com/libs/ 155 KB
42 KB 213ms
69ms Script
application/javascript 18.245.86.4
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.amplitude.com/libs/analytics-browser-gtm-wrapper-3.13.0.js.br
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5ZFKFP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.86.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-86-4.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 97465e856393cd65189a9c8bfd9076e5e6ef91d8de256765b44bc02b0024f7d7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

content-encoding: br
etag: "e6845c2679dd2227738bd48374a950e4"
x-amz-version-id: lct9ZdR_aWsWheZIQ6fXYCw_io5Tbbx2
age: 3162972
x-cache: Hit from cloudfront
x-amz-cf-id: uKjciWMV8xUCSdT-z-SavKZvvrONQafwqR6zcNvbc_ZXV-Qvi0AUeg==
date: Mon, 21 Apr 2025 16:05:58 GMT
content-type: application/javascript
last-modified: Fri, 21 Mar 2025 19:27:06 GMT
cache-control: max-age=31536000
via: 1.1 a84e87b6b82308dbc0e331c3e28c23c6.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 42343
x-amz-cf-pop: FRA60-P6
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 boldin-logo.svg
cdn.shortpixel.ai/spai/w_115+ret_img/staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/img/ 4 KB
3 KB 106ms
102ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_115+ret_img/staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/img/boldin-logo.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: cd33fa7b4cf8df9be8487d34a622b675d5d323a133844cb1b8f5f8b0e9b1a114

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: 10b5cd8499759f34d5271f78ef0b3c93
xtag-sp-debug: SLT: 0.014
expires: Mon, 25 May 2026 19:06:39 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Sun, 25 May 2025 20:06:39 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/img/boldin-logo.svg>; rel="canonical"
cache-control: max-age=31321470, s-maxage=390270
cdn-requestpullsuccess: True
cdn-requesttime: 0
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: cf00fb14b30137ca8ec2c5ed2a9e7bae
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1081
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
H2 200 Build-a-plan.svg
cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/ 2 KB
2 KB 116ms
112ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/Build-a-plan.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 931d34f4ea2b86de12d3f0887636d571fd01d83b910eebece6f0930ed2f6ef10

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: 2713e529e53850b354c4866c6a174583
xtag-sp-debug: SLT: 0.015
expires: Mon, 25 May 2026 19:06:34 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Sun, 25 May 2025 20:06:34 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2024/08/Build-a-plan.svg>; rel="canonical"
cache-control: max-age=31321465, s-maxage=390265
cdn-requestpullsuccess: True
cdn-requesttime: 0
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: fac4e2652ce813627112778e4d05f14f
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
H2 200 Lightbulb1.svg
cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/ 3 KB
2 KB 96ms
92ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/Lightbulb1.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: b086776ef880e8153fe3c5f43aea15479ed994d028e22e1b9479ce5d00b5260a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: c256ed9da1599df90813c1b21dfedcff
xtag-sp-debug: SLT: 0.014
expires: Sat, 23 May 2026 14:35:51 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Fri, 23 May 2025 15:35:51 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2024/08/Lightbulb1.svg>; rel="canonical"
cache-control: max-age=31132422, s-maxage=201222
cdn-requestpullsuccess: True
cdn-requesttime: 0
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: dc261e7363e8075df33924a6a4b5c40b
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
H2 200 Feather-Pen.svg
cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/ 2 KB
2 KB 104ms
100ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/Feather-Pen.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: e4bdd4192d3795f4c706e5787699979970851525c57c2e28382dfd43361d5c85

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: 88148dc8da8240084a1da8e2207fe793
xtag-sp-debug: SLT: 0.013
expires: Mon, 25 May 2026 19:06:34 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Sun, 25 May 2025 20:06:34 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2024/08/Feather-Pen.svg>; rel="canonical"
cache-control: max-age=31321465, s-maxage=390265
cdn-requestpullsuccess: True
cdn-requesttime: 0
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 075ea48fdd585aaad7f20492cb26dceb
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
H2 200 Podcast.svg
cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/ 4 KB
2 KB 104ms
100ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/Podcast.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: e77c98fdeaf2c1493aada4da0c86e3ded64b6e8d645079f07a46c9ac9b5b3cdf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: 6b18a6dd4d83fb32ecfbb1be8658ed4f
xtag-sp-debug: SLT: 0.012
expires: Mon, 25 May 2026 19:06:39 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Sun, 25 May 2025 20:06:39 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2024/08/Podcast.svg>; rel="canonical"
cache-control: max-age=31321470, s-maxage=390270
cdn-requestpullsuccess: True
cdn-requesttime: 0
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 122c76a3770b9ebbd9c3bd106bf8712d
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
H2 200 Book1.svg
cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/ 2 KB
2 KB 112ms
109ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/Book1.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 23ae4184510d32079830999c4d79db4782b8e48af8a39e98cbbc31f5dd2428d3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: 24b14242dc8b442a13ffd37350fce20b
xtag-sp-debug: SLT: 0.013
expires: Mon, 25 May 2026 19:06:39 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Sun, 25 May 2025 20:06:39 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2024/08/Book1.svg>; rel="canonical"
cache-control: max-age=31321470, s-maxage=390270
cdn-requestpullsuccess: True
cdn-requesttime: 0
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 64bbb05668022937f4e8c75ba7b47074
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
H2 200 Community1.svg
cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/ 3 KB
2 KB 111ms
108ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_35+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/Community1.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 2a0a01ccd0ee13c0547f4bfb910cb351b55bc51f9710c5ade4e24c539a899868

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: 330aa1fac8c2bb69ced1ebe9dd894b37
xtag-sp-debug: SLT: 0.015
expires: Mon, 25 May 2026 19:06:34 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Sun, 25 May 2025 20:06:34 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2024/08/Community1.svg>; rel="canonical"
cache-control: max-age=31321465, s-maxage=390265
cdn-requestpullsuccess: True
cdn-requesttime: 0
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 7691604724e22af9142ee80e51f573d2
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
H2 200 homepage-hero-skeleton-2025-UI.svg
cdn.shortpixel.ai/spai/w_1920+ret_img/staging.boldin.com/retirement/wp-content/uploads/2025/05/ 235 KB
77 KB 129ms
126ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_1920+ret_img/staging.boldin.com/retirement/wp-content/uploads/2025/05/homepage-hero-skeleton-2025-UI.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 7d0897a537becb8e65a38d1c14db6a35839ab61c88385b1bdde327b7391004c9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: f753e1bebbd1b881112d971f0d99054a
xtag-sp-debug: SLT: 0.019
expires: Sat, 16 May 2026 19:13:35 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Fri, 16 May 2025 20:13:35 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2025/05/homepage-hero-skeleton-2025-UI.svg>; rel="canonical"
cache-control: max-age=30544286, s-maxage=86400
cdn-requestpullsuccess: True
cdn-requesttime: 0
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 05ac4266e5dca63be7dc998c69ff4216
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
H2 200 landmark-regular-1.svg
cdn.shortpixel.ai/spai/w_24+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/ 1009 B
1 KB 108ms
105ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_24+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/landmark-regular-1.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: b76f4f702cf556cd0e6fd75931e3acc1e7dde84676dc9be2726605d0ff6bd88c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: 55ff4baffd4d6e5593fc7e58890d1043
xtag-sp-debug: SLT: 0.016
expires: Sat, 23 May 2026 14:35:51 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Fri, 23 May 2025 15:35:51 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2024/08/landmark-regular-1.svg>; rel="canonical"
cache-control: max-age=31132422, s-maxage=201222
cdn-requestpullsuccess: True
cdn-requesttime: 0
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 48b235064e424c8154faab2aceea7335
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
H2 200 hand-holding-circle-dollar-regular.svg
cdn.shortpixel.ai/spai/w_24+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/ 3 KB
2 KB 105ms
102ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_24+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/hand-holding-circle-dollar-regular.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: e92874161a0ba5a25d47638557ee032b861d3dd3b9ee1e7fb476190ee22dce60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: ceec5e241fd1da8ae398f69882199b67
xtag-sp-debug: SLT: 0.014
expires: Sat, 23 May 2026 14:35:51 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Fri, 23 May 2025 15:35:51 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2024/08/hand-holding-circle-dollar-regular.svg>; rel="canonical"
cache-control: max-age=31132422, s-maxage=201222
cdn-requestpullsuccess: True
cdn-requesttime: 0
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 172dfbbdb59a9579cae22addac8db3ac
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1081
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
H2 200 sign-hanging-regular.svg
cdn.shortpixel.ai/spai/w_24+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/ 852 B
1 KB 224ms
221ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_24+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/sign-hanging-regular.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 9fd6169752fa4cec8f519b8bfbb4b13115169e8a900e5c36cfb2116f20d81675

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: 5a41cb7230a486b1397e941f741b034e
xtag-sp-debug: SLT: 0.014
expires: Sat, 23 May 2026 14:35:51 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Fri, 23 May 2025 15:35:51 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2024/08/sign-hanging-regular.svg>; rel="canonical"
cache-control: max-age=31132422, s-maxage=201222
cdn-requestpullsuccess: True
cdn-requesttime: 1
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 3efbc48e2e70e71ab34b44f11328bc43
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET
H2 200 bomb-regular.svg
cdn.shortpixel.ai/spai/w_24+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/ 4 KB
3 KB 223ms
221ms Image
image/svg+xml 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://cdn.shortpixel.ai/spai/w_24+ret_img/staging.boldin.com/retirement/wp-content/uploads/2024/08/bomb-regular.svg
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 61680c0e4342e576bddce4803b699ae67ae6f8ee46302b0e142762c97127b04f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: 6fd1b2b2a8fbc9eb8c95c86f2d24a50b
xtag-sp-debug: SLT: 0.011
expires: Wed, 27 May 2026 23:43:34 GMT
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Wed, 28 May 2025 00:43:34 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2024/08/bomb-regular.svg>; rel="canonical"
cache-control: max-age=31510885, s-maxage=579685
cdn-requestpullsuccess: True
cdn-requesttime: 1
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 0e3e2970f086ed6a6f9f6ed0e42b0f5f
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-cachedat: 05/28/2025 06:42:09
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

GET ESKlarheitGrotesk-Rg.woff
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET ESKlarheitGrotesk-Md.woff
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 76ms
76ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: a3b83e66f59ca39e59c82184ff0552d17d975e1011de6e165537b21d64e254c0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "6824c672-2644"
cdn-fileserver: 861
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-1024
last-modified: Wed, 14 May 2025 16:36:02 GMT
content-type: text/css
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/17/2025 14:45:55
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: ef4c3f0c608227ae8f137e74ad2a1ff7
cdn-pullzone: 293267
cdn-proxyver: 1.27
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 rj1ywy2wgtjxmzphy2rd Show response
api.omappapi.com/v2/embed/365117/ 4 KB
2 KB 340ms
248ms XHR
application/json 2606:4700::6812:209
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://api.omappapi.com/v2/embed/365117/rj1ywy2wgtjxmzphy2rd
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 638ad82c92a92dbcad10050cae4712a9a00e876d91d7b63df6327b90e62b8664

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

x-user-agent: standard--
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"107ca68bc34e51f3d7bf12db3ca3d497"
expires: Wed, 28 May 2025 06:42:39 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: kCp1tTr6TAd7qfioJEZmQUCjS981x_2fTF11QMLlab69MPC5Jj3Esw==
date: Wed, 28 May 2025 06:42:09 GMT
x-cache-config: 0 0
content-type: application/json
last-modified: Fri, 23 May 2025 19:27:25 GMT
vary: Accept-Encoding, User-Agent
access-control-allow-headers: X-CSRF-Token
x-cache-status: MISS
cache-control: public, max-age=30, stale-while-revalidate=1800
x-optinmonster-campaign: rj1ywy2wgtjxmzphy2rd
via: 1.1 e77c613ef2a801c045989c19ada587c6.cloudfront.net (CloudFront)
cf-ray: 946bc537fc6de08c-MAD
access-control-allow-origin: *
x-amz-cf-pop: MAD53-P2
server: cloudflare

GET
H2 200 / Show response
consent-pref.trustarc.com/self-service-cm/ Frame BD91 6 KB
3 KB 224ms
95ms Document
text/html 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/v2/notice/vldvdr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

bec11020747c5ba91ce3ab2bfb2af0e79f852f63f7d245571828adf24f138e35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://pentest-2025.devbox.boldin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-type: text/html
date: Wed, 28 May 2025 06:42:09 GMT
expect-ct: max-age=86400; enforce;
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
x-amz-cf-id: M4i3fgwyIDfoE7mcXAYqV49jvJsspjFCEYfKv5XKOJHL7NdXZ1SADw==
x-amz-cf-pop: FRA50-P1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

GET
H2 200 noticemsg
consent-reporting.trustarc.com/api/user-action/ 43 B
0 95ms
94ms Fetch
image/gif 18.66.122.116
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-reporting.trustarc.com/api/user-action/noticemsg?action=consent&domain=vldvdr&behavior=expressed&country=es&language=en&rand=0.14815647553884692&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/v2/notice/vldvdr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-116.fra60.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-expose-headers: *
pragma: no-cache
via: 1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 43
x-amz-cf-id: Ox9KFNX3oeJHUiDFolxqY7jtS1hhtILrVw0CPuEYn1dtVPKlcLRWXA==
date: Wed, 28 May 2025 06:42:09 GMT
content-type: image/gif
x-amz-cf-pop: FRA60-P2

GET
H2 200 transparent.png
consent.trustarc.com/v2/asset/ 95 B
460 B 63ms
63ms Image
image/png 18.66.122.78
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://consent.trustarc.com/v2/asset/transparent.png

Requested by

Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-78.fra60.r.cloudfront.net

Software

Resource Hash

d1f997e9d36cab74d9b7c82335b21734e1c74b284d17a8b3df2aa3f4661d2f6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000
pragma: public
age: 695
via: 1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
content-length: 95
x-amz-cf-id: _ORGTpKiMU90mKKlXaXHb_m8wpGQh2eANqOhpGN8aHW04LgwQny3kg==
date: Wed, 28 May 2025 06:30:38 GMT
content-type: image/png
last-modified: Thu, 24 May 2018 00:46:39 GMT
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA60-P2

GET
H2

200

transparent.png
consent.trustarc.com/v2/asset/
Redirect Chain

https://cdn.shortpixel.ai/spai/q_lossless+w_650+to_auto+ret_img/consent.trustarc.com/v2/asset/transparent.png
https://consent.trustarc.com/v2/asset/transparent.png

95 B
0

0ms
0ms

Image
image/png

18.66.122.78
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://consent.trustarc.com/v2/asset/transparent.png
Requested by: Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/
Protocol: H2
Server: 18.66.122.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-78.fra60.r.cloudfront.net
Software: /
Resource Hash: d1f997e9d36cab74d9b7c82335b21734e1c74b284d17a8b3df2aa3f4661d2f6c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: max-age=2592000
pragma: public
age: 695
via: 1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
content-length: 95
x-amz-cf-id: _ORGTpKiMU90mKKlXaXHb_m8wpGQh2eANqOhpGN8aHW04LgwQny3kg==
date: Wed, 28 May 2025 06:30:38 GMT
content-type: image/png
last-modified: Thu, 24 May 2018 00:46:39 GMT
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA60-P2

Redirect headers

x-robots-tag: noindex
cdn-status: 302
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
xtag-sp-ver: 2-ns61
date: Wed, 28 May 2025 06:42:09 GMT
content-type: text/html; charset=UTF-8
cdn-cachedat: 05/28/2025 00:35:13
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 302
link: <https://consent.trustarc.com/v2/asset/transparent.png>; rel="canonical"
cache-control: public, max-age=43200
location: https://consent.trustarc.com/v2/asset/transparent.png
cdn-requestpullsuccess: True
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 9846887832997d5a291dcf406349630d
cdn-pullzone: 257218
cdn-tag: 0; Domain: consent.trustarc.com; 302
cdn-proxyver: 1.28
cdn-requesttime: 0
access-control-allow-origin: *
content-length: 0
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 151ms
55ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-NK76HYXXWR&gtm=45je55q0v873197920z871429535za200zb71429535&_p=1748414527098&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~104481633~104481635&ptag_exp=101509157~103116026~103130498~103130500~103200004~103233427~103252644~103252646~104481633~104481635&cid=736465312.1748414529&ul=es-es&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1748414529&sct=1&seg=0&dl=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&dt=Retirement%20Planning%20Tool%20%7C%20Boldin&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=5167
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NK76HYXXWR&cx=c&gtm=45He55q0v71429535za200&tag_exp=101509157~103116026~103130498~103130500~103200004~103233427~103252644~103252646~104481633~104481635
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:100:0
report-to: {"group":"ascnsrsggc:100:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:100:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://pentest-2025.devbox.boldin.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:100:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 28 May 2025 06:42:09 GMT
content-type: text/plain
server: Golfe2

GET fa-brands-400.ttf
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/ 0
0

GET ESKlarheitGrotesk-Bk.woff
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET Spectral-Italic.woff
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET fa-regular-400.ttf
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/ 0
0

GET ESKlarheitGrotesk-Bd.woff
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET fa-solid-900.ttf
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/ 0
0

GET ESKlarheitGrotesk-Smbd.woff
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET ESKlarheitPlakat-Xbd.woff
staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ 0
0

GET
H2 200 analytics-browser-gtm-2.12.0-min.js.gz Show response
cdn.amplitude.com/libs/ 131 KB
37 KB 787ms
665ms Script
application/javascript 18.245.86.4
AMAZON-02

General

Check archive.org

Download Go to

Full URL: https://cdn.amplitude.com/libs/analytics-browser-gtm-2.12.0-min.js.gz
Requested by: Host: cdn.amplitude.com
URL: https://cdn.amplitude.com/libs/analytics-browser-gtm-wrapper-3.13.0.js.br
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.86.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-86-4.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ef8ac7ce0af19d8c88970dafcd193fc7497a9ca607f3c66c529f8e047b71484

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://pentest-2025.devbox.boldin.com
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "ba7a5e7d051aa2cbf234eaa7a7b71fc5"
x-amz-version-id: eOCa38W.bHZ7bm7hR1e7xGomAtNjf3.K
access-control-allow-methods: GET, HEAD
x-cache: Miss from cloudfront
x-amz-cf-id: GyOzHkWMLdQVXCr2qYd_OStGIQGjLtl5IJmhEatIDftGnoW1LJ5H9w==
date: Wed, 28 May 2025 06:42:11 GMT
content-type: application/javascript
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Fri, 14 Mar 2025 16:40:56 GMT
cache-control: max-age=31536000
via: 1.1 d2d6641f7f4e620ab86172e07bc2a884.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 36935
x-amz-cf-pop: FRA60-P6
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 SourceSansPro-Regular.ttf
consent-pref.trustarc.com/self-service-cm/font/ Frame BD91 242 KB
243 KB 73ms
72ms Font
text/plain 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-pref.trustarc.com/self-service-cm/font/SourceSansPro-Regular.ttf

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

e0acaced3f5686390c4c2ed8d3b447c725660252d1a20a71fdab5110a435c463

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Origin: https://consent-pref.trustarc.com
Referer: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Response headers

access-control-expose-headers: *
age: 2799
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: MSoEkUR1n1w_l8FlvP0R-IDWcF6ew0RojuOHdFdoSDRAdDztqMioAw==
date: Wed, 28 May 2025 05:55:30 GMT
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
access-control-allow-origin: *
content-length: 248132
x-xss-protection: 1
x-amz-cf-pop: FRA50-P1

GET
H2 200 defaultconsentmanager.nocache.js Show response
consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/ Frame BD91 7 KB
7 KB 246ms
246ms Script
text/javascript 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/defaultconsentmanager.nocache.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

e6cee816910bcc5702234500355d7ad0795c4d7183ec5e128bd0ee21ef5830cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Miss from cloudfront
content-length: 6755
x-amz-cf-id: 9mvaXi5Xhq0YcnumKxKRpJ4WdlqjYd0qtVNlAIPKH5_hr6Qt0pJyTQ==
date: Wed, 28 May 2025 06:42:09 GMT
x-xss-protection: 1
content-type: text/javascript
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 get Show response
consent-st.trustarc.com/ Frame BD91 20 KB
5 KB 193ms
61ms Script
text/javascript 18.173.205.67
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-st.trustarc.com/get?name=combined_static_cm_minified.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.205.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-205-67.fra56.r.cloudfront.net

Software

Resource Hash

f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://consent-pref.trustarc.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
pragma: public
age: 83792
via: 1.1 8a7cd2920ac4cbceb2a8f9a130562a4c.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
content-length: 4594
x-amz-cf-id: pTdirrIvAoN3XOI6GLEgTgGKF82PMj3kjkW6CwRUy3UGfcc8LdUiMw==
date: Tue, 27 May 2025 07:25:37 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA56-P12

GET
H2 200 loading.gif
consent-pref.trustarc.com/self-service-cm/images/ Frame BD91 3 KB
3 KB 236ms
236ms Image
image/gif 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://consent-pref.trustarc.com/self-service-cm/images/loading.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
age: 2048
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
content-length: 2608
x-amz-cf-id: uToRjx2BQy_f55HmU16steTV7A9Bjtq1otZnJ7xzKEm8le-JCQjlTA==
date: Wed, 28 May 2025 06:08:01 GMT
x-xss-protection: 1
content-type: image/gif
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 5.788742de.min.js Show response
a.omappapi.com/app/js/ 12 KB
5 KB 62ms
61ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/5.788742de.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: a73c17e3231cf0637a52dee50bfe943f025a1bb057cfb8fe96904b3fff365e38

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "68123c59-316d"
cdn-fileserver: 750
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-599
last-modified: Wed, 30 Apr 2025 15:06:01 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/27/2025 22:20:04
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: e03c8f8ec6597301c5a452ec8b93a46a
cdn-pullzone: 293267
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 4.d1c04c20.min.js Show response
a.omappapi.com/app/js/ 44 KB
15 KB 104ms
104ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/4.d1c04c20.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 634c460b8b7055cc4ce5ea5fa28d3c8af0e5191455293885f6f077d72a91dfb1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "681a1952-b149"
cdn-fileserver: 599
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-1024
last-modified: Tue, 06 May 2025 14:14:42 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/21/2025 23:23:28
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 57f31f069f4604513c649e906ec2b223
cdn-pullzone: 293267
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 19.0cf9cbf0.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 71ms
70ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/19.0cf9cbf0.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: a84dc5c9b76f5e9332680ec037238890db4119ae0097512348d6e65038de9850

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "68123c50-c4a"
cdn-fileserver: 588
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-639
last-modified: Wed, 30 Apr 2025 15:05:52 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/12/2025 04:59:59
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 21cddd584bce5f803afbe4837afd6fc5
cdn-pullzone: 293267
cdn-proxyver: 1.27
access-control-allow-origin: *
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 4750377C9CFFDC101B08462CB9BFC324.cache.js Show response
consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/ Frame BD91 64 KB
65 KB 66ms
66ms Script
text/javascript 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/4750377C9CFFDC101B08462CB9BFC324.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/defaultconsentmanager.nocache.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

e6a861455a9fd4442dd3cc44223a38c7c812d79124924fa4d95199a26dc5c472

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
age: 8515
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
content-length: 65782
x-amz-cf-id: 9arS9hP2OmEZ1Op3So97GibzCdEXXhmReKDRRBl7ovOH9kej8eeoCA==
date: Wed, 28 May 2025 04:20:16 GMT
x-xss-protection: 1
content-type: text/javascript
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 18.5c2054c5.min.js Show response
a.omappapi.com/app/js/ 4 KB
2 KB 64ms
62ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/18.5c2054c5.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 3d7792e52bf827be5a47fa2e21e12125fd096452b0d7b0a54570a4fb89d7d59e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "68123c7e-ef6"
cdn-fileserver: 588
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-676
last-modified: Wed, 30 Apr 2025 15:06:38 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/11/2025 14:14:28
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: d23d83ade89dbe79a64e4fc8dc441841
cdn-pullzone: 293267
cdn-proxyver: 1.27
access-control-allow-origin: *
cdn-edgestorageid: 1081
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 26.564270cb.min.js Show response
a.omappapi.com/app/js/ 6 KB
3 KB 66ms
65ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/26.564270cb.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: fe088b133eca60fc5128bef43607fc2572162059246ae5e9d6642579b32dc64a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "68123c50-174f"
cdn-fileserver: 588
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-1019
last-modified: Wed, 30 Apr 2025 15:05:52 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/22/2025 21:53:46
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 94341455614f084493098e6872d0a09a
cdn-pullzone: 293267
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 32.1dfbe809.min.js Show response
a.omappapi.com/app/js/ 34 KB
10 KB 143ms
142ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/32.1dfbe809.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 37eb41c7ff52de47bf054723d1d1ae9a82909d6f8ec5dec29075fb2b332cc7ff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "21b4fab0eab3664ed619e2f0475ca183"
date: Wed, 28 May 2025 06:42:09 GMT
last-modified: Wed, 30 Apr 2025 15:05:43 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: NfNIE4Sp+C9Y/bV29hNgpfCHx3NXWDVWr6B8cFUIJNWXGT9c9qOCBG+wXlm1NXRexLxDFlaN+00=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: cffb92640cda3ddec4b0c0c47fb60e38
cdn-pullzone: 293267
cdn-proxyver: 1.27
x-amz-request-id: 84F752CW52VFMH9K
access-control-allow-origin: *
cdn-cachedat: 04/30/2025 15:05:52
cdn-edgestorageid: 1080
perma-cache: MISS
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 9.8114229b.min.js Show response
a.omappapi.com/app/js/ 31 KB
10 KB 83ms
82ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/9.8114229b.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: b9865d4a3e5e2c685cbe3889593e301c4f4f3ff6a30f874b4ae6f7234369ede4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "6824c666-7afb"
cdn-fileserver: 383
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-679
last-modified: Wed, 14 May 2025 16:35:50 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/14/2025 16:35:50
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 673472a16be5ba46686dc14b16c53788
cdn-pullzone: 293267
cdn-proxyver: 1.27
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 0.bc80f3cc.min.js Show response
a.omappapi.com/app/js/ 7 KB
3 KB 70ms
70ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/0.bc80f3cc.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 3b0eaa7d30bdbecadb6eeeae6db148ce63166091c731fc8e73ec393bf3ee9a46

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "68123c58-1b20"
cdn-fileserver: 818
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-1019
last-modified: Wed, 30 Apr 2025 15:06:00 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/22/2025 09:00:29
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 47fdc0eeb374ee8690e9b03731c02101
cdn-pullzone: 293267
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 8.d971824c.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 68ms
68ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/8.d971824c.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: c6550a08183e3175408f7364bfef7ca3b3e39eeb61fcb5106856612faabb8067

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "68123c55-631"
cdn-fileserver: 588
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-638
last-modified: Wed, 30 Apr 2025 15:05:57 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/18/2025 19:44:11
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 36511c9c1b5e9fae94f6f600826f3d4b
cdn-pullzone: 293267
cdn-proxyver: 1.27
access-control-allow-origin: *
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 10.f6edef2f.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 70ms
70ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/10.f6edef2f.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 4dd85258e1efc99b46030ebd386363e3d9168c41d293841fbd83686f2f32c9d8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "68123c58-6f3"
cdn-fileserver: 588
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-679
last-modified: Wed, 30 Apr 2025 15:06:00 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/24/2025 09:24:39
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: ce22b28a67210099f3b1dde7ba4105e9
cdn-pullzone: 293267
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-edgestorageid: 1081
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 27.8fd4488d.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 138ms
137ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/27.8fd4488d.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 99181b596d5d1bd87b6fe850dd3f42e77c01b84b96e143b3068f6e9434ccd3a0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "68123c95-b31"
cdn-fileserver: 861
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-1018
last-modified: Wed, 30 Apr 2025 15:07:01 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/17/2025 14:46:20
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 85cdc84d8deb0b7c498863a515a645ce
cdn-pullzone: 293267
cdn-proxyver: 1.27
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 25.f56ea0b0.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 138ms
137ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/25.f56ea0b0.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: e4731df96e08573584c3f76150ab48d5fdf8cf80f8a69e5cddf3da745ab4adab

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "68123c50-4e1"
cdn-fileserver: 588
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-633
last-modified: Wed, 30 Apr 2025 15:05:52 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/20/2025 18:13:07
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 33e9cad8518e9704d07c36b8902b5cfa
cdn-pullzone: 293267
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 15.933b9be1.min.js Show response
a.omappapi.com/app/js/ 830 B
1 KB 138ms
137ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/15.933b9be1.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 59166db62689ec9860784171e33e4e68223f0541359823d9e4731f7440fde9a9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "68123c57-33e"
cdn-fileserver: 818
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-599
last-modified: Wed, 30 Apr 2025 15:05:59 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/17/2025 14:49:04
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 23fd97cb09595992db8ec3e3dfef931c
cdn-pullzone: 293267
cdn-proxyver: 1.27
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 1.599c5014.min.js Show response
a.omappapi.com/app/js/ 6 KB
3 KB 138ms
138ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/1.599c5014.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: a863b0c3bae2a97c3ea2078e01363f3f1333444cbecbbec06585233c953c626c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "681a195a-19d8"
cdn-fileserver: 588
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-1019
last-modified: Tue, 06 May 2025 14:14:50 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/19/2025 10:21:52
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 039cc62e07eca41515c7a9ca4f79e436
cdn-pullzone: 293267
cdn-proxyver: 1.27
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 20.01b17732.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 139ms
138ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://a.omappapi.com/app/js/20.01b17732.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: e4b701d9d5f50b62f38453963f3c601efc929b61948281b5b427026c0276a91e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: zstd
etag: "68123c50-65a"
cdn-fileserver: 862
date: Wed, 28 May 2025 06:42:09 GMT
cdn-storageserver: DE-51
last-modified: Wed, 30 Apr 2025 15:05:52 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 05/27/2025 10:56:05
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 329f9cf4bd6218a55ffa3177359adde2
cdn-pullzone: 293267
cdn-proxyver: 1.28
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1082
cdn-requestcountrycode: ES

GET
H2 200 dbq5jeg.css
use.typekit.net/ 4 KB
1 KB 282ms
70ms Stylesheet
text/css 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL

https://use.typekit.net/dbq5jeg.css

Requested by

Host:
URL: about:client

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

nginx /

Resource Hash

b85ad549706ab76bb593118c5ef34988cebf272bb7bf1f4efc749035d830a348

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-encoding: gzip
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 774
date: Wed, 28 May 2025 06:42:10 GMT
akamai-grn: 0.a17d1302.1748414530.48b773dd
content-type: text/css;charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H2 200 7.cache.js Show response
consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/deferredjs/4750377C9CFFDC101B08462CB9BFC324/ Frame 5416 211 KB
212 KB 66ms
66ms Script
text/javascript 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/deferredjs/4750377C9CFFDC101B08462CB9BFC324/7.cache.js

Requested by

Host:
URL: defaultconsentmanager-0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

fdfc42cc0389c28a6c1e868eedf9263b05ffe0a6ec167205f7b5061095f076b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
age: 12253
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
content-length: 216147
x-amz-cf-id: KuvHvDQuVZIX9LwjZOLu3mpLtOFNXecXSRyaoH5S84g5GRaNHZnsmQ==
date: Wed, 28 May 2025 03:17:56 GMT
x-xss-protection: 1
content-type: text/javascript
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 1.cache.js Show response
consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/deferredjs/4750377C9CFFDC101B08462CB9BFC324/ Frame 5416 4 KB
5 KB 65ms
65ms Script
text/javascript 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/deferredjs/4750377C9CFFDC101B08462CB9BFC324/1.cache.js

Requested by

Host:
URL: defaultconsentmanager-0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

a64a62332e70f5483544966ce12a1c45a337c191c2339c70f584e70ea9390135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
age: 20010
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
content-length: 4537
x-amz-cf-id: t2FBc9v6wLQphgdf1YPvfJ7vzJu-1GraoRNj1-r25o2TJaYJ_YNMrQ==
date: Wed, 28 May 2025 01:08:40 GMT
x-xss-protection: 1
content-type: text/javascript
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 full-configuration Show response
consent-pref.trustarc.com/self-service-cm/trustarc/pro-cm/v2/ Frame BD91 7 KB
3 KB 101ms
100ms XHR
application/json 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-pref.trustarc.com/self-service-cm/trustarc/pro-cm/v2/full-configuration?cmid=vldvdr&referer=https://pentest-2025.devbox.boldin.com&locale=en&country=es&state=&fullURL=https://pentest-2025.devbox.boldin.com/

Requested by

Host:
URL: defaultconsentmanager-7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

f46d9c3cd9ed78b26fb5b116a7dc6e3a34e2f2a9924c918f92d472bfc76105de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Content-Type: text/plain; charset=utf-8
Referer: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Miss from cloudfront
content-length: 2694
x-amz-cf-id: TVLOqK55Rd6OQ1LsyRH7SkEf7RvRMUQcQglc_Il_yHo9vBaXdgSBtw==
date: Wed, 28 May 2025 06:42:10 GMT
x-xss-protection: 1
content-type: application/json
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 2.cache.js Show response
consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/deferredjs/4750377C9CFFDC101B08462CB9BFC324/ Frame 5416 1 KB
2 KB 65ms
64ms Script
text/javascript 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/deferredjs/4750377C9CFFDC101B08462CB9BFC324/2.cache.js

Requested by

Host:
URL: defaultconsentmanager-0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

7d8c278825347184fbfa05cb798744cd65cc3f367b47a5c39bb88854c0e92b5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
age: 4317
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
content-length: 1109
x-amz-cf-id: Kz-SvLlqdNhlzlifZLZPm02MdLB40FFfWRsCq-4Fb6eDvyOLeMW3Vg==
date: Wed, 28 May 2025 05:30:18 GMT
x-xss-protection: 1
content-type: text/javascript
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 253ms
59ms Stylesheet
text/css 2a02:26f0:3500:16::215:148b
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=dbq5jeg&ht=tk&f=39512.39518.39519.39521.39523&a=952416&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/dbq5jeg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://use.typekit.net/

Response headers

cache-control: public, max-age=604800
etag: "674c5a4a-5"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5
date: Wed, 28 May 2025 06:42:10 GMT
content-type: text/css
last-modified: Sun, 01 Dec 2024 12:44:58 GMT
server: nginx

GET
H2 200 iab-style.css
consent-pref.trustarc.com/self-service-cm/ Frame BD91 22 KB
4 KB 65ms
64ms Stylesheet
text/css 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-pref.trustarc.com/self-service-cm/iab-style.css

Requested by

Host:
URL: defaultconsentmanager-7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

34f3a1b37ce4842c72da7413f6c6593166ae340080159cfc2c490f36cb299201

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
age: 2675
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
x-amz-cf-id: AsZOIOK3rKMrd9F_6Y3Z9w_IBv4iP0SbDUU6QWKGvuNkhAsvkJrO0A==
date: Wed, 28 May 2025 05:57:35 GMT
x-xss-protection: 1
content-type: text/css
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 3.cache.js Show response
consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/deferredjs/4750377C9CFFDC101B08462CB9BFC324/ Frame 5416 16 KB
16 KB 66ms
65ms Script
text/javascript 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://consent-pref.trustarc.com/self-service-cm/defaultconsentmanager/deferredjs/4750377C9CFFDC101B08462CB9BFC324/3.cache.js

Requested by

Host:
URL: defaultconsentmanager-0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

786b9cd46a6761aaf37e85ccddc1583883866eefbc1c21a91109b143c6142aeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
age: 13822
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
content-length: 16313
x-amz-cf-id: 4_5Tl0vE9z4UtC3_ctgat0dqdhD9Pt_oTjgk3xUy7Nu45YPDshUb4A==
date: Wed, 28 May 2025 02:51:48 GMT
x-xss-protection: 1
content-type: text/javascript
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 11:55:43.706vldvdr_logo.png
consent.trustarc.com/v2/asset/ Frame BD91 4 KB
5 KB 271ms
143ms Image
image/png 18.66.122.49
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://consent.trustarc.com/v2/asset/11:55:43.706vldvdr_logo.png

Requested by

Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-49.fra60.r.cloudfront.net

Software

Resource Hash

33e5367eb512f0b603ff8e5205d6f6115111ab22625679c93c4a2331f2e2928e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://consent-pref.trustarc.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000
pragma: public
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
x-cache: RefreshHit from cloudfront
content-length: 4565
x-amz-cf-id: AJr87-k5qpun2OnkzDBR3V-WUcmlM6Lmqfcu2Tppy0gt0efLfLZxTg==
date: Wed, 28 May 2025 06:42:10 GMT
content-type: image/png
last-modified: Fri, 13 Sep 2024 11:55:43 GMT
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA60-P2

GET
H2 200 ic-arrow.svg
consent-pref.trustarc.com/self-service-cm/images/ Frame BD91 2 KB
1 KB 63ms
63ms Image
image/svg+xml 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://consent-pref.trustarc.com/self-service-cm/images/ic-arrow.svg

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/self-service-cm/iab-style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

2f56c5b960040ac11e348966ab765d296ac0fbcadd45e079400968769d5afb67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://consent-pref.trustarc.com/self-service-cm/iab-style.css

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
age: 3126
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
x-amz-cf-id: StXsIT025YyJ4xOGbcAmtznfD4lfbyahCSbKufEOCdQPZlj43Jvinw==
date: Wed, 28 May 2025 05:50:36 GMT
x-xss-protection: 1
content-type: image/svg+xml
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 ic-error.svg
consent-pref.trustarc.com/self-service-cm/images/ Frame BD91 1 KB
1 KB 65ms
63ms Image
image/svg+xml 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://consent-pref.trustarc.com/self-service-cm/images/ic-error.svg

Requested by

Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

ce304176f6309332f5c5312840ad7f58b835d447d9eee91af685748a6cd0e125

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
age: 2000
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
x-amz-cf-id: tcd3HZ-WeX4wpF-Rh3TpIEx0lzqcdPxKtflF_FjBrcMTx4mYVROwvg==
date: Wed, 28 May 2025 06:08:56 GMT
x-xss-protection: 1
content-type: image/svg+xml
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 ic-close-white.svg
consent-pref.trustarc.com/self-service-cm/images/ Frame BD91 2 KB
1 KB 66ms
65ms Image
image/svg+xml 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://consent-pref.trustarc.com/self-service-cm/images/ic-close-white.svg

Requested by

Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

3a394668479430e588f7b04251de326787c92244f991ad9040d1bb69cb148d53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
age: 2000
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
x-amz-cf-id: Md-Oz920LwyWg1Gwu2l9406rukhrk_QT8y4nPXPtlVyxOMCe5-vDEA==
date: Wed, 28 May 2025 06:09:03 GMT
x-xss-protection: 1
content-type: image/svg+xml
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 warning-icon.png
consent-pref.trustarc.com/self-service-cm/images/ Frame BD91 14 KB
14 KB 67ms
66ms Image
image/png 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://consent-pref.trustarc.com/self-service-cm/images/warning-icon.png

Requested by

Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

5deca72a12b1bd5958b6914a8cacd1b44d97f25387695937923dd265cd5c9ee0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
age: 3209
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
content-length: 14311
x-amz-cf-id: 3FxzHwbbmaLrlzYTIuTYloSM88wUWByFaU-s2DafShLH9lm1Zgoc8g==
date: Wed, 28 May 2025 05:48:41 GMT
x-xss-protection: 1
content-type: image/png
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 trustarc-logo-xs.svg
consent-pref.trustarc.com/self-service-cm/images/ Frame BD91 3 KB
2 KB 67ms
66ms Image
image/svg+xml 3.171.214.73
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://consent-pref.trustarc.com/self-service-cm/images/trustarc-logo-xs.svg

Requested by

Host: pentest-2025.devbox.boldin.com
URL: https://pentest-2025.devbox.boldin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.214.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-214-73.fra50.r.cloudfront.net

Software

Resource Hash

fad03d5343f00671f67d8e92a6c1e243f4b45e4f7a09d11c6d170665ae52d03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
age: 2000
expect-ct: max-age=86400; enforce;
x-content-type-options: nosniff
via: 1.1 5a8bfbe7786714f24cc15f923ceb6b18.cloudfront.net (CloudFront)
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-cache: Hit from cloudfront
x-amz-cf-id: K33HlbTwzqU0hm-q09U776Te8pdGNyRHjrqWPKhTrU2ngt8IpHiFYA==
date: Wed, 28 May 2025 06:08:56 GMT
x-xss-protection: 1
content-type: image/svg+xml
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-P1

GET
H2 200 qpb08r Show response
api.growsurf.com/api/v2/client/auth/ 62 KB
23 KB 634ms
545ms XHR
application/json 2606:4700:10::ac43:547
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://api.growsurf.com/api/v2/client/auth/qpb08r?unique=true

Requested by

Host: app.growsurf.com
URL: https://app.growsurf.com/growsurf.js?v=2.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:547 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20a822ecc19e0a57aa990530937ad76027c8d11ddfc4ecbd0b012211bdc08982

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

x-request-id: a4bf9b6469ca867d24d3f5ca0d4bd996
access-control-expose-headers: X-GRSF-UUID-TOKEN
content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"f681-xvZWtc044bTBjbTT78lzk389EZY"
x-content-type-options: nosniff
date: Wed, 28 May 2025 06:42:11 GMT
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15724800; includeSubDomains
x-dns-prefetch-control: off
x-ratelimit-reset: 1748414591
x-download-options: noopen
x-ratelimit-remaining: 99
cf-ray: 946bc5402feaeca5-MAD
access-control-allow-origin: *
x-grsf-uuid-token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1dWlkIjoiNGYzN2Y3NzItZmU4Mi00NmRhLWE3MmEtMzVhNmJiZWJkZDExIiwiaWF0IjoxNzQ4NDE0NTMxLCJleHAiOjE3NTIwMTQ1MzF9._ch1Mu3lA1ohT_wkB2IAXbHg1yoWBNxSCXwQJKze0mk
x-xss-protection: 1; mode=block
x-ratelimit-limit: 100
server: cloudflare

GET
H2 200 cropped-Favicon-32x32.png
cdn.shortpixel.ai/spai/q_lossless+ret_img+to_auto/staging.boldin.com/retirement/wp-content/uploads/2024/09/ 737 B
2 KB 117ms
116ms Other
image/avif 2400:52e0:1e00::1080:1
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://cdn.shortpixel.ai/spai/q_lossless+ret_img+to_auto/staging.boldin.com/retirement/wp-content/uploads/2024/09/cropped-Favicon-32x32.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 3e70a1f790ecf9780e1e14bdaa03faa1097a98f9f6e330e7e160b3f5bed71746

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
etag: a51601937447f8c4237fe61f4c515d51
xtag-sp-debug: SLT: 0.02
expires: Sat, 23 May 2026 19:11:56 GMT
date: Wed, 28 May 2025 06:42:10 GMT
content-type: image/avif
last-modified: Fri, 23 May 2025 20:11:56 GMT
cdn-cachedat: 05/28/2025 06:42:10
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
link: <https://staging.boldin.com/retirement/wp-content/uploads/2024/09/cropped-Favicon-32x32.png>; rel="canonical"
cache-control: max-age=31148986, s-maxage=217786
cdn-requestpullsuccess: True
cdn-requesttime: 0
pragma: cache
cdn-uid: ceac3dab-9909-4315-8d54-a27751b54dd0
cdn-requestid: 77bf8112314c28591030ba4d3259ff98
cdn-pullzone: 257218
cdn-tag: 609953; Domain: staging.boldin.com; 200
cdn-proxyver: 1.28
access-control-allow-origin: *
content-length: 737
cdn-edgestorageid: 1081
server: BunnyCDN-DE1-1080
cdn-requestcountrycode: ES

POST
H2 200 aet Show response
pentest-2025.devbox.boldin.com/rails/api/v1/ 0
3 KB 235ms
234ms Fetch
application/json 44.239.41.206
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://pentest-2025.devbox.boldin.com/rails/api/v1/aet

Requested by

Host: cdn.amplitude.com
URL: https://cdn.amplitude.com/libs/analytics-browser-gtm-2.12.0-min.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.239.41.206 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-41-206.us-west-2.compute.amazonaws.com

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .crazyegg.com .cloudflareinsights.com ajax.cloudflare.com .newretirement.com .boldin.com boldin.com .nationwide.com nationwide.com .googletagmanager.com .google.com .google-analytics.com .partner-newretirement.com onelink-edge.com .onelink-edge.com .googleapis.com .gstatic.com .doubleclick.net .googleoptimize.com .googleadservices.com .googlesyndication.com .ensighten.com ensighten.com .apple.com .outbrain.com .bing.com .shortpixel.ai .taboola.com .facebook.com .facebook.net .trustarc.com .pinterest.com .pinimg.com .oribi.io .dowjoneson.com .demdex.net .hotjar.com .yahoo.com .woopra.com sentry.io .sentry.io .jsdelivr.net .intercom.io .intercomcdn.com .jspm.io .tiqcdn.com .liadm.com .lidstatic.com .useberry.com .amplitude.com .truste.com .vimeo.com .yoast.com yoast.com .hotjar.io .leadid.com .plaid.com tsdtocl.com .scorecardresearch.com .cxense.com .cloudflare.com .imrworldwide.com .parsely.com .cloudfront.net .wsj.net .licdn.com .redditstatic.com .polyfill.io .sentry-cdn.com .youtube.com chargedesk.com .simplecast.com simplecast.com .thrivecart.com .clnmde.com .intercom-sheets.com .pagespeed-mod.com .ads-twitter.com .media.net .criteo.com .trendmicro.com .killadsapi.com .akamaihd.net .piano.io .tinypass.com .impactcdn.com .meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com .fullstory.com .siteintercept.qualtrics.com .qualtrics.com .js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com .nextdoor.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .crazyegg.com .cloudflareinsights.com ajax.cloudflare.com .newretirement.com .boldin.com boldin.com .nationwide.com nationwide.com .googletagmanager.com .google.com .google-analytics.com .partner-newretirement.com onelink-edge.com .onelink-edge.com .googleapis.com .gstatic.com .doubleclick.net .googleoptimize.com .googleadservices.com .googlesyndication.com .ensighten.com ensighten.com .apple.com .outbrain.com .bing.com .shortpixel.ai .taboola.com .facebook.com .facebook.net .trustarc.com .pinterest.com .pinimg.com .oribi.io .dowjoneson.com .demdex.net .hotjar.com .yahoo.com .woopra.com sentry.io .sentry.io .jsdelivr.net .intercom.io .intercomcdn.com .jspm.io .tiqcdn.com .liadm.com .lidstatic.com .useberry.com .amplitude.com .truste.com .vimeo.com .yoast.com yoast.com .hotjar.io .leadid.com .plaid.com tsdtocl.com .scorecardresearch.com .cxense.com .cloudflare.com .imrworldwide.com .parsely.com .cloudfront.net .wsj.net .licdn.com .redditstatic.com .polyfill.io .sentry-cdn.com .youtube.com chargedesk.com .simplecast.com simplecast.com .thrivecart.com .clnmde.com .intercom-sheets.com .pagespeed-mod.com .ads-twitter.com .media.net .criteo.com .trendmicro.com .killadsapi.com .akamaihd.net .piano.io .tinypass.com .impactcdn.com .meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com .fullstory.com .siteintercept.qualtrics.com .qualtrics.com .js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com .nextdoor.com data:; font-src * data:; img-src * data:; media-src * data:; connect-src api.stripe.com * data: blob: wss://.hotjar.com wss://.intercom.io
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 0

Request headers

Referer: https://pentest-2025.devbox.boldin.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/json

Response headers

access-control-max-age: 7200
x-request-id: 2dfe5361-bc9f-9370-8e87-4520baa5e090
access-control-expose-headers
x-permitted-cross-domain-policies: none
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
x-content-type-options: nosniff
date: Wed, 28 May 2025 06:42:11 GMT
content-type: application/json
vary: Origin
x-runtime: 0.031596
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubdomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crazyegg.com *.cloudflareinsights.com ajax.cloudflare.com *.newretirement.com *.boldin.com boldin.com *.nationwide.com nationwide.com *.googletagmanager.com *.google.com *.google-analytics.com *.partner-newretirement.com onelink-edge.com *.onelink-edge.com *.googleapis.com *.gstatic.com *.doubleclick.net *.googleoptimize.com *.googleadservices.com *.googlesyndication.com *.ensighten.com ensighten.com *.apple.com *.outbrain.com *.bing.com *.shortpixel.ai *.taboola.com *.facebook.com *.facebook.net *.trustarc.com *.pinterest.com *.pinimg.com *.oribi.io *.dowjoneson.com *.demdex.net *.hotjar.com *.yahoo.com *.woopra.com sentry.io *.sentry.io *.jsdelivr.net *.intercom.io *.intercomcdn.com *.jspm.io *.tiqcdn.com *.liadm.com *.lidstatic.com *.useberry.com *.amplitude.com *.truste.com *.vimeo.com *.yoast.com yoast.com *.hotjar.io *.leadid.com *.plaid.com tsdtocl.com *.scorecardresearch.com *.cxense.com *.cloudflare.com *.imrworldwide.com *.parsely.com *.cloudfront.net *.wsj.net *.licdn.com *.redditstatic.com *.polyfill.io *.sentry-cdn.com *.youtube.com chargedesk.com *.simplecast.com simplecast.com *.thrivecart.com *.clnmde.com *.intercom-sheets.com *.pagespeed-mod.com *.ads-twitter.com *.media.net *.criteo.com *.trendmicro.com *.killadsapi.com *.akamaihd.net *.piano.io *.tinypass.com *.impactcdn.com *.meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com *.fullstory.com *.siteintercept.qualtrics.com *.qualtrics.com *.js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com *.nextdoor.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crazyegg.com *.cloudflareinsights.com ajax.cloudflare.com *.newretirement.com *.boldin.com boldin.com *.nationwide.com nationwide.com *.googletagmanager.com *.google.com *.google-analytics.com *.partner-newretirement.com onelink-edge.com *.onelink-edge.com *.googleapis.com *.gstatic.com *.doubleclick.net *.googleoptimize.com *.googleadservices.com *.googlesyndication.com *.ensighten.com ensighten.com *.apple.com *.outbrain.com *.bing.com *.shortpixel.ai *.taboola.com *.facebook.com *.facebook.net *.trustarc.com *.pinterest.com *.pinimg.com *.oribi.io *.dowjoneson.com *.demdex.net *.hotjar.com *.yahoo.com *.woopra.com sentry.io *.sentry.io *.jsdelivr.net *.intercom.io *.intercomcdn.com *.jspm.io *.tiqcdn.com *.liadm.com *.lidstatic.com *.useberry.com *.amplitude.com *.truste.com *.vimeo.com *.yoast.com yoast.com *.hotjar.io *.leadid.com *.plaid.com tsdtocl.com *.scorecardresearch.com *.cxense.com *.cloudflare.com *.imrworldwide.com *.parsely.com *.cloudfront.net *.wsj.net *.licdn.com *.redditstatic.com *.polyfill.io *.sentry-cdn.com *.youtube.com chargedesk.com *.simplecast.com simplecast.com *.thrivecart.com *.clnmde.com *.intercom-sheets.com *.pagespeed-mod.com *.ads-twitter.com *.media.net *.criteo.com *.trendmicro.com *.killadsapi.com *.akamaihd.net *.piano.io *.tinypass.com *.impactcdn.com *.meld.io newretirement.pxf.io www.ojrq.net intercom-sheets.com nexus.ensighten.com logs-01.loggly.com *.fullstory.com *.siteintercept.qualtrics.com *.qualtrics.com *.js.stripe.com js.stripe.com hooks.stripe.com api.stripe.com *.nextdoor.com data:; font-src * data:; img-src * data:; media-src * data:; connect-src api.stripe.com * data: blob: wss://*.hotjar.com wss://*.intercom.io
cache-control: no-cache
x-envoy-upstream-service-time: 36
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
content-length: 0
x-xss-protection: 0, 0
server: istio-envoy

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d2f595fe083b3b38a912739d9704074db0b40bc0a063aa51c13084fc4c04d94

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 w5dbrpesqi5c8lodca8h.png
res.cloudinary.com/growsurf-prod/image/upload/v1745444683/landing_pages/ 10 KB
11 KB 373ms
116ms Image
image/png 2a02:26f0:3500:89a::523
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://res.cloudinary.com/growsurf-prod/image/upload/v1745444683/landing_pages/w5dbrpesqi5c8lodca8h.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:3500:89a::523 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Cloudinary /

Resource Hash

5925cfa9c329c98fcdf172d832bef9bb4ce02627d1ae38950c5fabddda675d59

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

strict-transport-security: max-age=604800
x-request-id: 0e6947e27869430582dbc2cb53a3e372
cache-control: public, no-transform, immutable, max-age=2592000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options
timing-allow-origin: *
etag: "a35557f403b6a83f157b7dcbb907ad11"
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
server-timing: cld-akam;dur=7;start=2025-05-28T06:42:11.740Z;desc=hit,rtt;dur=60,content-info;desc="width=200,height=200,bytes=10496,format=\"png\",o=1,crt=1745444683,ef=(17)"
content-length: 10496
date: Wed, 28 May 2025 06:42:11 GMT
content-type: image/png
last-modified: Wed, 23 Apr 2025 21:44:44 GMT
server: Cloudinary

GET
H2 200 kqwvfbdod95ds72whv0w.png
res.cloudinary.com/growsurf-prod/image/upload/v1745444688/landing_pages/ 10 KB
10 KB 322ms
66ms Image
image/png 2a02:26f0:3500:89a::523
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://res.cloudinary.com/growsurf-prod/image/upload/v1745444688/landing_pages/kqwvfbdod95ds72whv0w.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:3500:89a::523 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Cloudinary /

Resource Hash

33feb7a1110494c3e0edc51ed33536f35f7c60e364016c1885b372d7dec5ffdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

strict-transport-security: max-age=604800
x-request-id: b5316dffdb4130810d3908ce7a65dd5a
cache-control: public, no-transform, immutable, max-age=2592000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options
timing-allow-origin: *
etag: "945b51458a664ac6e763b87785dae602"
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
server-timing: cld-akam;dur=6;start=2025-05-28T06:42:11.740Z;desc=hit,rtt;dur=60,content-info;desc="width=200,height=200,bytes=9885,format=\"png\",o=1,crt=1745444688,ef=(17)"
content-length: 9885
date: Wed, 28 May 2025 06:42:11 GMT
content-type: image/png
last-modified: Wed, 23 Apr 2025 21:44:50 GMT
server: Cloudinary

GET
H2 200 sja1ebx9fupdaxu9kxsa.png
res.cloudinary.com/growsurf-prod/image/upload/v1745444695/landing_pages/ 6 KB
6 KB 325ms
70ms Image
image/png 2a02:26f0:3500:89a::523
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://res.cloudinary.com/growsurf-prod/image/upload/v1745444695/landing_pages/sja1ebx9fupdaxu9kxsa.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:3500:89a::523 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Cloudinary /

Resource Hash

7649bfdf966a3c8c55149c3029b6703d7e4983f8d941db813177cc75d911272f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer: https://pentest-2025.devbox.boldin.com/

Response headers

strict-transport-security: max-age=604800
x-request-id: f5bbf3c276162521bdc5ee7da6e0ad75
cache-control: public, no-transform, immutable, max-age=2592000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options
timing-allow-origin: *
etag: "8cd1c671e948682a9b09f2ef8085e435"
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
server-timing: cld-akam;dur=6;start=2025-05-28T06:42:11.740Z;desc=hit,rtt;dur=60,content-info;desc="width=200,height=200,bytes=5918,format=\"png\",o=1,crt=1745444695,ef=(17)"
content-length: 5918
date: Wed, 28 May 2025 06:42:11 GMT
content-type: image/png
last-modified: Wed, 23 Apr 2025 21:44:56 GMT
server: Cloudinary

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68ad12406df2ea67007de38e390be5693e6d6f26e454b63da4709267917b0327

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/lottie-player.min.js?ver=1.37.4

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bd.woff2

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-regular-400.woff2

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Md.woff2

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bk.woff2

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-solid-900.woff2

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Rg.woff2

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Smbd.woff2

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-brands-400.woff2

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitPlakat-Xbd.woff2

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/Spectral-Italic.woff2

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Rg.woff

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Md.woff

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-brands-400.ttf

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bk.woff

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/Spectral-Italic.woff

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-regular-400.ttf

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bd.woff

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-solid-900.ttf

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Smbd.woff

Domain: staging.boldin.com
URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitPlakat-Xbd.woff

Verdicts & Comments Add Verdict or Comment

106 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pentest-2025.devbox.boldin.com/	1970-01-21 15:16:14	Name: UOG Value: 05217af9-d7d4-4afa-ab3b-8560ece792ec
pentest-2025.devbox.boldin.com/	1970-01-21 05:41:40	Name: SOG Value: 7940b435-422a-499f-8a2f-66523fafb3aa
.pentest-2025.devbox.boldin.com/	1970-01-21 05:40:16	Name: TAsessionID Value: afd3869c-71a5-428f-bab9-ec33ba2825c0\|NEW
.pentest-2025.devbox.boldin.com/	1969-12-31 23:59:59	Name: notice_behavior Value: expressed\|eu
pentest-2025.devbox.boldin.com/	1970-01-21 15:16:14	Name: _omappvp Value: K5PO9WYbuAAO2v4aR1KSEgrO7QDXvp6FwKVpsCas6ekFPuUmfFvun2ivpRFfwn1qa4dMeXxZELbnt8wU1Cey5HZWOGcCZEnu
pentest-2025.devbox.boldin.com/	1970-01-21 05:40:15	Name: _omappvs Value: 1748414529166
.boldin.com/	1970-01-21 15:16:14	Name: _ga_NK76HYXXWR Value: GS2.1.s1748414529$o1$g0$t1748414529$j60$l0$h0
.boldin.com/	1970-01-21 15:16:14	Name: _ga Value: GA1.1.736465312.1748414529
.boldin.com/	1970-01-21 14:25:50	Name: AMP_MKTG_351aa893ae Value: JTdCJTdE
.boldin.com/	1970-01-21 14:25:50	Name: AMP_351aa893ae Value: JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI4Y2Q3YTFlZS0wMzFkLTRhMTktYTEwZi0yNmY2Zjk3MmYxMGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzQ4NDE0NTMwMzQ0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTc0ODQxNDUzMDM2NiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMiUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMSU3RA==
.boldin.com/	1970-01-21 05:40:18	Name: qpb08r.grsf.uuid Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1dWlkIjoiNGYzN2Y3NzItZmU4Mi00NmRhLWE3MmEtMzVhNmJiZWJkZDExIiwiaWF0IjoxNzQ4NDE0NTMxLCJleHAiOjE3NTIwMTQ1MzF9._ch1Mu3lA1ohT_wkB2IAXbHg1yoWBNxSCXwQJKze0mk

44 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to script at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/lottie-player.min.js?ver=1.37.4' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/js/vendor/lottie-player.min.js?ver=1.37.4 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Rg.woff2' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Rg.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Md.woff2' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Md.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-brands-400.woff2' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-brands-400.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bk.woff2' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bk.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/Spectral-Italic.woff2' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/Spectral-Italic.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-regular-400.woff2' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-regular-400.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bd.woff2' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bd.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-solid-900.woff2' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-solid-900.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Smbd.woff2' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Smbd.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitPlakat-Xbd.woff2' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitPlakat-Xbd.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Rg.woff' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Rg.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Md.woff' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Md.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bk.woff' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bk.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bd.woff' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Bd.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/Spectral-Italic.woff' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/Spectral-Italic.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Smbd.woff' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitGrotesk-Smbd.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitPlakat-Xbd.woff' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/scss/fonts/ESKlarheitPlakat-Xbd.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-brands-400.ttf' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-brands-400.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-regular-400.ttf' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-regular-400.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://pentest-2025.devbox.boldin.com/ Message: Access to font at 'https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-solid-900.ttf' from origin 'https://pentest-2025.devbox.boldin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://staging.boldin.com/retirement/wp-content/themes/chap-child/new-assets/webfonts/fa-solid-900.ttf Message: Failed to load resource: net::ERR_FAILED
rendering	warning	URL: https://pentest-2025.devbox.boldin.com/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A0601C002C090000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
javascript	warning	URL: https://consent-pref.trustarc.com/self-service-cm/?site=vldvdr&country=es&behavior=expressed&locale=en&from=https://consent.trustarc.com/&referer=https://pentest-2025.devbox.boldin.com&fullURL=https%3A%2F%2Fpentest-2025.devbox.boldin.com%2F&gtm=true&session=afd3869c-71a5-428f-bab9-ec33ba2825c0&userType=NEW Message: The resource https://consent-pref.trustarc.com/self-service-cm/font/SourceSansPro-Regular.ttf was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
api.growsurf.com
api.omappapi.com
app.growsurf.com
cdn.amplitude.com
cdn.shortpixel.ai
consent-pref.trustarc.com
consent-reporting.trustarc.com
consent-st.trustarc.com
consent.trustarc.com
fonts.googleapis.com
fonts.gstatic.com
p.typekit.net
pentest-2025.devbox.boldin.com
region1.google-analytics.com
res.cloudinary.com
staging.boldin.com
use.typekit.net
widgets.staging.boldin.com
www.googletagmanager.com
staging.boldin.com
172.217.16.195
18.173.205.67
18.245.86.4
18.66.122.116
18.66.122.49
18.66.122.78
2001:4860:4802:34::36
2400:52e0:1e00::1080:1
2400:52e0:1e00::1082:1
2606:4700:10::6816:1546
2606:4700:10::ac43:547
2606:4700::6812:209
2a00:1450:4001:810::2008
2a00:1450:4001:828::200a
2a02:26f0:3500:16::215:148b
2a02:26f0:3500:89a::523
2a02:26f0:480:f::213:7ec6
3.171.214.73
44.239.41.206
54.190.253.51
037efc03a832f8e893398640d009e128ab56af0da95b9e115f000dff0004dd15
03d1149447914d8ea3545ce26a7851c48d8871c4c5676f2d6c205d5cecf98997
04b7e0b3d4a80a1741d2f598c036331368799f81a580b7f036d7fab871b3b6ae
054c67275e6868850e92f7c1d6bba717c93e302280d356001b5cdc6bfa4a77fb
0c2364cd562fa20bc1e4bcfe0120ad9e74004c4f46b62a0d26b29b822f65d2e3
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0eeea0ae57626a80aca153481285c67bf51f2d451d4b8a04bc7daf2e209f0f31
1b765b0cbd95391f6db0b565988eeb70ea68aa77bb9f8f7c8a880d96474c2aa8
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
2026c6308cabfb0cf7c0b80244e777ce4fb51d894f126ad6e2208d62fb9cb339
20a822ecc19e0a57aa990530937ad76027c8d11ddfc4ecbd0b012211bdc08982
20e01daf732a7cd038143d398122fb14fc135de7ac333134f94ade846155b18b
214768c45acf7f8b6dfca76f9457b5d3860dab5b602ed9dadb1909092e2981bc
23ae4184510d32079830999c4d79db4782b8e48af8a39e98cbbc31f5dd2428d3
2a0a01ccd0ee13c0547f4bfb910cb351b55bc51f9710c5ade4e24c539a899868
2c300f7fbb0cb05fe4fdb8660a9d8b852ce905b590cd102b03522b754dfc9fd0
2c8c9990ea184492949540f619fb05fa38602f3ad6ae0dfe8fb18acb230a69dc
2f56c5b960040ac11e348966ab765d296ac0fbcadd45e079400968769d5afb67
338c194d17af2422ab2888d3d11b1d99ca3ece8e4790a7450d09da11269bc377
33e5367eb512f0b603ff8e5205d6f6115111ab22625679c93c4a2331f2e2928e
33feb7a1110494c3e0edc51ed33536f35f7c60e364016c1885b372d7dec5ffdb
34f3a1b37ce4842c72da7413f6c6593166ae340080159cfc2c490f36cb299201
3569ab4b5bbeab89254333c6dce0f1308637797a64ab8b4b37e582c19c58f134
37eb41c7ff52de47bf054723d1d1ae9a82909d6f8ec5dec29075fb2b332cc7ff
3915133d6cc3355b8a8e524b41dfa1f3e3e747368b10a23441086b7f84bd888b
3a394668479430e588f7b04251de326787c92244f991ad9040d1bb69cb148d53
3b0eaa7d30bdbecadb6eeeae6db148ce63166091c731fc8e73ec393bf3ee9a46
3b643ab5c7f093f16916350eed3b5a78764e63dc465329047b6cccbe083dcfa4
3d7792e52bf827be5a47fa2e21e12125fd096452b0d7b0a54570a4fb89d7d59e
3e70a1f790ecf9780e1e14bdaa03faa1097a98f9f6e330e7e160b3f5bed71746
3e91130c1f7b739f1b9904f63deb3e129ce5daed5df76459dce452b07f26db26
3eca73bc6b3bae0091545db637cb028b957c9a228ec17177425a51a782d4fe47
4294128650becbd557a2e1945bd896d174e814d1266db304ad00e95e4fa7f692
4326e7c8366d9a9b133891cded91134ae71d156ba5dfc887447d7a3f400fe1b4
4461a5153a423005ed2769a3d02f720dff3253eb0a5f8083a5438e8820dd4565
4dd85258e1efc99b46030ebd386363e3d9168c41d293841fbd83686f2f32c9d8
4f8c36b987774657e309837f00e80c68364325d4f33d171dc8d8ff17de4a3ffd
502cdc942d155c058011c8bbeec1327ade55e8b4b77dd7e263a2079f361b60cd
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37
582cc085dd8fea044917d1efde838e77e845262fd025bbfe0339f808607c81f6
59166db62689ec9860784171e33e4e68223f0541359823d9e4731f7440fde9a9
5925cfa9c329c98fcdf172d832bef9bb4ce02627d1ae38950c5fabddda675d59
597ddfdee7171750c16ec5aafd392cf992e9c53386d6bb6061d48e30334f09e9
5deca72a12b1bd5958b6914a8cacd1b44d97f25387695937923dd265cd5c9ee0
5ea48fa7f9946cbba590901776dbb5182cef29c5ca3d6ce8a29bc419e895ebc3
5ebd820b9126a875fcc3b911207c29bc778a327f40af530b4bd3f0d81ef5e9dd
5f5e7e9abef5c233b99bfa523d611911788dc5f8f89d525dfd1457b47bf9de30
61680c0e4342e576bddce4803b699ae67ae6f8ee46302b0e142762c97127b04f
634c460b8b7055cc4ce5ea5fa28d3c8af0e5191455293885f6f077d72a91dfb1
638ad82c92a92dbcad10050cae4712a9a00e876d91d7b63df6327b90e62b8664
638e0a9696a1287622b2881fce4aa2450101d9f7e29cb7811fb4c737a4e7e8e0
64c7b0bdb117f09fecb3a53a3858076e70b4087a2ef128ac6eb3d322357da9a5
664bfc35f51c6b9e721f675fbc1ca2f6d76d53ca4d9f6c0b967027ac4f364de4
68ad12406df2ea67007de38e390be5693e6d6f26e454b63da4709267917b0327
6d2f595fe083b3b38a912739d9704074db0b40bc0a063aa51c13084fc4c04d94
6e173ca2e7383a258ec49ddf798124108dd41eee6bdc43ccda21daa8c22a3c75
6ef8ac7ce0af19d8c88970dafcd193fc7497a9ca607f3c66c529f8e047b71484
72ec2c4a2bc954cc801cdb7723559de5a8869de85d6d4e490f832b7bf292eaf1
7425d6291737b6ea9c4a5b40b2fa8cff5a05ef73eecbb85f71c8ac669dca5883
7649bfdf966a3c8c55149c3029b6703d7e4983f8d941db813177cc75d911272f
786b9cd46a6761aaf37e85ccddc1583883866eefbc1c21a91109b143c6142aeb
7877b11c0edba8db419a8ab7993a1d9265340d1860609a0b538c9d03329fb676
79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9
7d0897a537becb8e65a38d1c14db6a35839ab61c88385b1bdde327b7391004c9
7d3e02e79c7eb9eacf2ccca9c0145e458eafaeabace4592339c3811a837bed06
7d8c278825347184fbfa05cb798744cd65cc3f367b47a5c39bb88854c0e92b5e
7ececb8c95bdb3614cc879e2b4da8e71bc113eb1962e84f9ea3ab1893060d4fb
84e51d66c07e0a41e7ccad242ecffda22c24f009618de102eaa0c3bb882d0405
84f38bf44452885032965e4375663286f1b4cadb04f268e41fea087df9da9147
865a55dd4a27092212bb881fac29149c493975b6cc823e6f6253e9ad7ff2bfa3
885a3c241b54418bafed7e93cc17a24318766107e3ec0d1c7cbf59131a107c63
8d0d49cf58ee9a69991a7caafb4ff4b472c779c2f7ebaa5e2550ea965412cf20
8d2da5818f01a062e766c4b566dd24da1092177864aa742abee685030dbfb2d1
8d4dd6f50d32ea26c327f2545516e356d1c4149cea40b279bd077ca2d005918d
8d51db7b43089d7781f8353156f0ef89e35cafff0a986f2c3d78e4644a545554
8db703106bd75d00682d95b9524522d33832274083c6cbbb19ddc976c333c664
906369c889f40c870be400e809e16c79f372b73ab519c585772f18ff90c4d323
91355cd32a4bc123de2ad6a03d1d2c123e79e4eaf4131dea80810fa6a91b458a
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
92d57782af61b287d4b020285ea07f01bc07e3ad4fff06d2a16b2b4e7dbca10e
931d34f4ea2b86de12d3f0887636d571fd01d83b910eebece6f0930ed2f6ef10
97465e856393cd65189a9c8bfd9076e5e6ef91d8de256765b44bc02b0024f7d7
9757d7f22015ad64a0dfa01835ec7be303889082777d231e75479622580eb4b5
99181b596d5d1bd87b6fe850dd3f42e77c01b84b96e143b3068f6e9434ccd3a0
9fd6169752fa4cec8f519b8bfbb4b13115169e8a900e5c36cfb2116f20d81675
a263fc5e9f5b99d8a6bcd9827977cdccd18b915dc34abb188dfe5ce99c31b289
a3b83e66f59ca39e59c82184ff0552d17d975e1011de6e165537b21d64e254c0
a64a62332e70f5483544966ce12a1c45a337c191c2339c70f584e70ea9390135
a67748caf04244e16b3434fce2e110af93332848b04bd86b659132505286609a
a73c17e3231cf0637a52dee50bfe943f025a1bb057cfb8fe96904b3fff365e38
a84dc5c9b76f5e9332680ec037238890db4119ae0097512348d6e65038de9850
a863b0c3bae2a97c3ea2078e01363f3f1333444cbecbbec06585233c953c626c
a8a601f7a37c4e3e18f2960f2c09ba71a676fa30ea0af33cd714194b1b03ef2e
ac650f5067b0c5a12e8e29507c4bd7a1c07fa38e926f674065c55e658b990615
af7bf801a33a5350fea1e2446eae072ba25c59e506ecb0635550e7a721a4382f
b086776ef880e8153fe3c5f43aea15479ed994d028e22e1b9479ce5d00b5260a
b1fcf24cde3f3fa11e1963b9e64651b1b4a5d8d3387fabe6fb7f91174ce0d764
b76f4f702cf556cd0e6fd75931e3acc1e7dde84676dc9be2726605d0ff6bd88c
b85ad549706ab76bb593118c5ef34988cebf272bb7bf1f4efc749035d830a348
b9865d4a3e5e2c685cbe3889593e301c4f4f3ff6a30f874b4ae6f7234369ede4
bca1da40cd008dbc69a51ed519dfbd6a1d4c69db302d2ec71eb935b76a516360
bca774218120c0b83efb5c31dee5632bfb5db40d53a987c8c0151eb4cf56e25e
bd320c3812bb55f6fb5865df9f9495478b6d4025bd65f8c0843d876bf318b959
bec11020747c5ba91ce3ab2bfb2af0e79f852f63f7d245571828adf24f138e35
c6550a08183e3175408f7364bfef7ca3b3e39eeb61fcb5106856612faabb8067
c72be99e9ae8f9307cc0bd669cacd0134a0eb76e6193d30a1ec2ec47674dc99a
c863182566bca2c4d04a7dcd65d6e09f468548d28c78ed2eb02b1103755df0fa
c8f569cc4bade9d23372db2859fe09b40d7fcc9dac53f2464a8504cd85152cda
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cd33fa7b4cf8df9be8487d34a622b675d5d323a133844cb1b8f5f8b0e9b1a114
ce304176f6309332f5c5312840ad7f58b835d447d9eee91af685748a6cd0e125
d0d3899c7a03abb299fb50419a85df421c5d14bd25853ed84a5cd311879a145a
d1f997e9d36cab74d9b7c82335b21734e1c74b284d17a8b3df2aa3f4661d2f6c
d3a452d944c4d01a53a12446c0cd1bf000a7c39f09f9ff4078b2b2fc1d030d44
dca8e42f9b98b1dd4d2e11834f12d5b7b77ba9db9f5dc107089e68adba4d3285
e04d599d302481bb299329e87def5ce34aee3f61da02a9a03a7dc08035854d64
e0acaced3f5686390c4c2ed8d3b447c725660252d1a20a71fdab5110a435c463
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4731df96e08573584c3f76150ab48d5fdf8cf80f8a69e5cddf3da745ab4adab
e4b701d9d5f50b62f38453963f3c601efc929b61948281b5b427026c0276a91e
e4bdd4192d3795f4c706e5787699979970851525c57c2e28382dfd43361d5c85
e6a861455a9fd4442dd3cc44223a38c7c812d79124924fa4d95199a26dc5c472
e6cee816910bcc5702234500355d7ad0795c4d7183ec5e128bd0ee21ef5830cf
e77c98fdeaf2c1493aada4da0c86e3ded64b6e8d645079f07a46c9ac9b5b3cdf
e92874161a0ba5a25d47638557ee032b861d3dd3b9ee1e7fb476190ee22dce60
eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244
eea1eafdd8cb8518971e8744a5cb64093e4dec1bfaac6dc9e9bcd7d7ade53079
f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880
f46d9c3cd9ed78b26fb5b116a7dc6e3a34e2f2a9924c918f92d472bfc76105de
f5b93df3b045487b5aa4633c23b5f2a47d0731afcdb31dda554f737009fbe5fc
fad03d5343f00671f67d8e92a6c1e243f4b45e4f7a09d11c6d170665ae52d03e
fc08cf3659632404e286ca81f5bef0bcbb16597cb3eac3aa7dd65c0ad53033c3
fdfc42cc0389c28a6c1e868eedf9263b05ffe0a6ec167205f7b5061095f076b3
fe088b133eca60fc5128bef43607fc2572162059246ae5e9d6642579b32dc64a

pentest-2025.devbox.boldin.com 44.239.41.206 Public Scan Open in urlscan Pro

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

128 Requests

83 %HTTPS

55 %IPv6

12 Domains

20 Subdomains

21 IPs

2 Countries

1899 kBTransfer

5552 kBSize

11 Cookies

55 Outgoing links

Redirected requests

128 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 35 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pentest-2025.devbox.boldin.com
44.239.41.206 Public Scan Open in urlscan Pro

Screenshot
Live screenshot

Full Image

128
Requests

83 %
HTTPS

55 %
IPv6

12
Domains

20
Subdomains

21
IPs

2
Countries

1899 kB
Transfer

5552 kB
Size

11
Cookies

128 HTTP transactions
35 data transactions