urlscan.io logo urlscan.io
SecurityTrails logo

www.onecup.cards Open in urlscan Pro
46.101.199.46  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.onecup.cards/
Effective URL: https://www.onecup.cards/
Submission: On June 14 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 9 domains to perform 26 HTTP transactions. The main IP is 46.101.199.46, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is www.onecup.cards.
TLS certificate: Issued by R3 on May 12th 2024. Valid for: 3 months.
This is the only time www.onecup.cards was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
14 46.101.199.46 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
1 46.4.97.23 24940 (HETZNER-AS)
2 142.250.184.228 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.224.189.18 16509 (AMAZON-02)
1 104.16.225.240 13335 (CLOUDFLAR...)
2 18.245.46.20 16509 (AMAZON-02)
1 34.197.106.52 14618 (AMAZON-AES)
26 11
14    46.101.199.46 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
www.onecup.cards
api.digitalwallet.cards
cdn.digitalwallet.cards
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    46.4.97.23 (Berlin, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.23.97.4.46.clients.your-server.de
sentry.digitalwallet.cards
2    142.250.184.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f4.1e100.net
www.google.com
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    13.224.189.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-18.fra2.r.cloudfront.net
widget.intercom.io
1    104.16.225.240 (None, )

ASN13335 (CLOUDFLARENET, US)
static.getclicky.com
2    18.245.46.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-20.fra56.r.cloudfront.net
js.intercomcdn.com
1    34.197.106.52 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-106-52.compute-1.amazonaws.com
api-iam.intercom.io
Apex Domain
Subdomains		 Transfer
10 digitalwallet.cards
sentry.digitalwallet.cards
api.digitalwallet.cards
cdn.digitalwallet.cards
187 KB
5 onecup.cards
www.onecup.cards
999 KB
2 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 4041
291 KB
2 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 2974
api-iam.intercom.io — Cisco Umbrella Rank: 3059
6 KB
2 gstatic.com
www.gstatic.com
fonts.gstatic.com
230 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 5
975 B
1 getclicky.com
static.getclicky.com — Cisco Umbrella Rank: 14011
6 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 79
66 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 77
1 KB
26 9
Domain Requested by
5 api.digitalwallet.cards www.onecup.cards
5 www.onecup.cards www.onecup.cards
4 cdn.digitalwallet.cards
2 js.intercomcdn.com widget.intercom.io
2 www.google.com www.onecup.cards
www.gstatic.com
1 api-iam.intercom.io js.intercomcdn.com
1 static.getclicky.com www.googletagmanager.com
1 widget.intercom.io www.onecup.cards
1 www.googletagmanager.com www.onecup.cards
1 fonts.gstatic.com fonts.googleapis.com
1 www.gstatic.com www.google.com
1 sentry.digitalwallet.cards www.onecup.cards
1 fonts.googleapis.com www.onecup.cards
26 13

This site contains links to these domains. Also see Links.

Domain
policies.google.com
Subject Issuer Validity Valid
www.onecup.cards
R3		 2024-05-12 -
2024-08-10		 3 months crt.sh
upload.video.google.com
WR2		 2024-05-27 -
2024-08-19		 3 months crt.sh
sentry.digitalwallet.cards
R3		 2024-05-03 -
2024-08-01		 3 months crt.sh
api.digitalwallet.cards
R3		 2024-05-12 -
2024-08-10		 3 months crt.sh
*.google.com
WR2		 2024-05-27 -
2024-08-19		 3 months crt.sh
cdn.digitalwallet.cards
R3		 2024-05-12 -
2024-08-10		 3 months crt.sh
*.gstatic.com
WR2		 2024-05-27 -
2024-08-19		 3 months crt.sh
*.google-analytics.com
WR2		 2024-05-27 -
2024-08-19		 3 months crt.sh
*.intercom.com
Amazon RSA 2048 M03		 2024-01-15 -
2025-02-11		 a year crt.sh
*.getclicky.com
E1		 2024-05-28 -
2024-08-26		 3 months crt.sh
*.intercomcdn.com
Amazon RSA 2048 M02		 2023-12-01 -
2024-12-29		 a year crt.sh

This page contains 3 frames:

Primary Page: https://www.onecup.cards/
Frame ID: 07A7356E52512FFE96E27C70C49BFB8D
Requests: 21 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeXu2wlAAAAANr1r306zDdg2XPFiKAgWZ8A7aia&co=aHR0cHM6Ly93d3cub25lY3VwLmNhcmRzOjQ0Mw..&hl=de&v=TqxSU0dsOd2Q9IbI7CpFnJLD&size=invisible&cb=rhpzzqc2ryw2
Frame ID: 08661AACB84A5695A94E5AEB9E00AA62
Requests: 1 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.1da3b676.js
Frame ID: 0477274E465B369E35CCE256116D591E
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

OneCup digital loyalty cards

Page URL History Show full URLs

  1. http://www.onecup.cards/ HTTP 307
    https://www.onecup.cards/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • static\.getclicky\.com
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

26
Requests

100 %
HTTPS

36 %
IPv6

9
Domains

13
Subdomains

11
IPs

3
Countries

1787 kB
Transfer

6467 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.onecup.cards/ HTTP 307
    https://www.onecup.cards/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.onecup.cards/
Redirect Chain
  • http://www.onecup.cards/
  • https://www.onecup.cards/
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.onecup.cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
ed6dcf7298670bb741df28a27eb25ee3000a0a3e51c632e5b15284b810ecaa3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 14 Jun 2024 17:44:41 GMT
etag
W/"fe3-xeAcMbhHotlDiKiIfn1YMCj/aK4"
server
nginx/1.23.3
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-powered-by
Express
x-request-id
66e71a96ed8eeaee77081f5e876bef20

Redirect headers

Location
https://www.onecup.cards/
Non-Authoritative-Reason
HttpsUpgrades
css2
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Manrope:wght@400;500;600;700&display=swap
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cf2ab5373d03bee179eee3ee596ca3bed03495fe249dbf477e30fee924851ade
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Fri, 14 Jun 2024 17:44:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 14 Jun 2024 17:44:26 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 14 Jun 2024 17:44:41 GMT
env.js
www.onecup.cards/env/ 		704 B
791 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.onecup.cards/env/env.js
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
9cc03a4889b0bdfcc2bf5a2fb0fa06fb51e32f1522dda7a195b47f3500fa9761
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:41 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 12 Jun 2024 16:30:54 GMT
server
nginx/1.23.3
x-powered-by
Express
etag
W/"2c0-1900d49bd45"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
x-request-id
879cd0db9e6081abe13c91cac2b4ef3e
index-DBMzoBbQ.js
www.onecup.cards/assets/ 		4 MB
943 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.onecup.cards/assets/index-DBMzoBbQ.js
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
441bda8a0f2223252e959eb0585ae4f2f606be6e21e6125bdcac2baf189d3719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Origin
https://www.onecup.cards
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:41 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 12 Jun 2024 16:30:54 GMT
server
nginx/1.23.3
x-powered-by
Express
etag
W/"3bf64d-1900d49bd45"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
x-request-id
c079c43d309d0f8fb0ab336de0e44197
index-_ZlUfl6v.css
www.onecup.cards/assets/ 		311 KB
53 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.onecup.cards/assets/index-_ZlUfl6v.css
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
a3d252943e7fdbcab6e4d41b719a321468a60fd0473240767d2417d02b3fcbae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Origin
https://www.onecup.cards
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:41 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 12 Jun 2024 16:30:54 GMT
server
nginx/1.23.3
x-powered-by
Express
etag
W/"4dcf3-1900d49bd41"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
x-request-id
0fb8a1237305d83a411f124f71b3d42a
/
sentry.digitalwallet.cards/api/3/envelope/ 		2 B
256 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sentry.digitalwallet.cards/api/3/envelope/?sentry_key=4ab6748efb38a3bb6e3c0a3e46db5fd0&sentry_version=7&sentry_client=sentry.javascript.react%2F8.4.0
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/assets/index-DBMzoBbQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.4.97.23 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.23.97.4.46.clients.your-server.de
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 14 Jun 2024 17:44:42 GMT
server
nginx
vary
origin, access-control-request-method, access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
content-length
2
common.json
api.digitalwallet.cards/i18n/en/ 		232 KB
56 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.digitalwallet.cards/i18n/en/common.json
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/assets/index-DBMzoBbQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 /
Resource Hash
80e2237735fc823cefd8337c03e73fe37cf5d6f08183335d470ae9d4cb69288f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:42 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Fri, 14 Jun 2024 15:47:12 GMT
server
nginx/1.23.3
etag
W/"666c6600-3a064"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-request-id
7998d7585f9ccfdd6e225a048d485581
common.json
api.digitalwallet.cards/i18n/en/ 		232 KB
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.digitalwallet.cards/i18n/en/common.json
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/assets/index-DBMzoBbQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 /
Resource Hash
80e2237735fc823cefd8337c03e73fe37cf5d6f08183335d470ae9d4cb69288f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:42 GMT
content-encoding
gzip
last-modified
Fri, 14 Jun 2024 15:47:12 GMT
server
nginx/1.23.3
etag
W/"666c6600-3a064"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-request-id
7998d7585f9ccfdd6e225a048d485581
api.js
www.google.com/recaptcha/ 		1 KB
975 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LeXu2wlAAAAANr1r306zDdg2XPFiKAgWZ8A7aia
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/assets/index-DBMzoBbQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f4.1e100.net
Software
GSE /
Resource Hash
7650b1e3dd7b71396416cedcf71553929fcae294bf3d93d2b9033f66a9d77deb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Fri, 14 Jun 2024 17:44:42 GMT
faviconPng
cdn.digitalwallet.cards/products/78/themes/78/ 		53 KB
54 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.digitalwallet.cards/products/78/themes/78/faviconPng
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 /
Resource Hash
3e9f50f0dd55fee24fba3f9e095cb72f6dad7715361e47eb7dc36f0e1dec9adf
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload, max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:42 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload, max-age=31536000
x-envoy-upstream-healthchecked-cluster
content-length
54164
x-request-id
ec607203554aff636c88ad9ba4754e5c
last-modified
Tue, 07 Nov 2023 13:31:53 GMT
server
nginx/1.23.3
etag
"8aa0e860f034dc953a5efe2dd678c4e6"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
x-rgw-object-type
Normal
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
faviconSvg
cdn.digitalwallet.cards/products/78/themes/78/ 		7 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.digitalwallet.cards/products/78/themes/78/faviconSvg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 /
Resource Hash
d0be82f959ab0cca6fbad0262facf522caf3ca48d1d7b0dc1e9f862d55ef5e8f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload, max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:42 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload, max-age=31536000
content-encoding
gzip
last-modified
Tue, 07 Nov 2023 13:20:29 GMT
server
nginx/1.23.3
etag
W/"ee66f18ca9cb8e946708ca4ab130b57c"
x-envoy-upstream-healthchecked-cluster
vary
Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
x-rgw-object-type
Normal
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-request-id
1cba5a516205762ac08ebac5130d44d8
recaptcha__de.js
www.gstatic.com/recaptcha/releases/TqxSU0dsOd2Q9IbI7CpFnJLD/ 		518 KB
206 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/TqxSU0dsOd2Q9IbI7CpFnJLD/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LeXu2wlAAAAANr1r306zDdg2XPFiKAgWZ8A7aia
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d865eecf3e86c11ab224434aecb84384c87cd8e52f5f0d5fb2f9b5291eab8578
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Origin
https://www.onecup.cards
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 16:30:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4464
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
210217
x-xss-protection
0
last-modified
Mon, 10 Jun 2024 16:44:59 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 14 Jun 2025 16:30:18 GMT
anchor
www.google.com/recaptcha/api2/ Frame 0866 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeXu2wlAAAAANr1r306zDdg2XPFiKAgWZ8A7aia&co=aHR0cHM6Ly93d3cub25lY3VwLmNhcmRzOjQ0Mw..&hl=de&v=TqxSU0dsOd2Q9IbI7CpFnJLD&size=invisible&cb=rhpzzqc2ryw2
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TqxSU0dsOd2Q9IbI7CpFnJLD/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-QlAAArs1AzDT-QyCfO-wlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.onecup.cards/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-QlAAArs1AzDT-QyCfO-wlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 14 Jun 2024 17:44:42 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
xn7gYHE41ni1AdIRggexSg.woff2
fonts.gstatic.com/s/manrope/v15/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Manrope:wght@400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
14be4114dcfde74652f19f9ffae8c9bb50707e9e88bd2b1fcd86fb50224109e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://www.onecup.cards
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 13 Jun 2024 11:51:55 GMT
x-content-type-options
nosniff
age
107567
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24376
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:22:16 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 13 Jun 2025 11:51:55 GMT
brief
api.digitalwallet.cards/external_services/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.digitalwallet.cards/external_services/brief
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / PHP/8.1.28
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
ngrok-skip-browser-warning,x-app-cookie,x-app-name,x-app-version,x-lang,x-timezone,x-timezone-offset
Access-Control-Request-Method
GET
Origin
https://www.onecup.cards
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type, authorization, card-token, x-shopify-token, ngrok-skip-browser-warning, x-app-name, x-app-version, x-app-cookie, x-lang, x-timezone, x-timezone-offset
access-control-allow-methods
GET, OPTIONS, POST, PUT, PATCH, DELETE
access-control-allow-origin
https://www.onecup.cards
access-control-max-age
3600
cache-control
no-cache, private
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 14 Jun 2024 17:44:42 GMT
server
nginx/1.23.3
strict-transport-security
max-age=31536000
vary
Accept-Encoding Origin
x-powered-by
PHP/8.1.28
x-request-id
53fa35b4cc492e116b354870e4fede32
brief
api.digitalwallet.cards/external_services/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.digitalwallet.cards/external_services/brief
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/assets/index-DBMzoBbQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / PHP/8.1.28
Resource Hash
0abc593a42ba4e631ce45c0f072fe39899e8cbedb2a571e75e52e5344119a5cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
ngrok-skip-browser-warning
test
X-Timezone
Europe/Berlin
X-Timezone-Offset
7200
X-App-Version
release-2024-6-12-2
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
application/vnd.api+json
X-App-Name
front
Referer
https://www.onecup.cards/
X-App-Cookie
{}
X-Lang
en
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:43 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
x-powered-by
PHP/8.1.28
x-request-id
fae2f35f32be88972b2bfe7c9c8c51fd
server
nginx/1.23.3
etag
W/"fe66a2f50ef452856564ad9557593dd1"
vary
Accept-Encoding, Accept
x-frame-options
deny
content-type
application/vnd.api+json; charset=utf-8
access-control-allow-origin
https://www.onecup.cards
access-control-expose-headers
link, x-navbar-data-url, x-redirect-url, x-request-id
cache-control
no-cache, private
access-control-allow-credentials
true
link
<http://api.digitalwallet.cards/docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation"
gtm.js
www.googletagmanager.com/ 		181 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PWFWQRZ&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e5960e12e24e86ce9ccd42d2672b85110039040c5b048ea20e98460d99d3c3bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:43 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
67131
x-xss-protection
0
last-modified
Fri, 14 Jun 2024 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 14 Jun 2024 17:44:43 GMT
brief
api.digitalwallet.cards/external_services/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.digitalwallet.cards/external_services/brief
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/assets/index-DBMzoBbQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / PHP/8.1.28
Resource Hash
0abc593a42ba4e631ce45c0f072fe39899e8cbedb2a571e75e52e5344119a5cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
ngrok-skip-browser-warning
test
X-Timezone
Europe/Berlin
X-Timezone-Offset
7200
X-App-Version
release-2024-6-12-2
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
application/vnd.api+json
X-App-Name
front
Referer
https://www.onecup.cards/
X-App-Cookie
{}
X-Lang
en
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:43 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
x-powered-by
PHP/8.1.28
x-request-id
400c5268218596083cbb63c30a51f552
server
nginx/1.23.3
etag
W/"fe66a2f50ef452856564ad9557593dd1"
vary
Accept-Encoding, Accept
x-frame-options
deny
content-type
application/vnd.api+json; charset=utf-8
access-control-allow-origin
https://www.onecup.cards
access-control-expose-headers
link, x-navbar-data-url, x-redirect-url, x-request-id
cache-control
no-cache, private
access-control-allow-credentials
true
link
<http://api.digitalwallet.cards/docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation"
login
cdn.digitalwallet.cards/products/78/themes/78/ 		68 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.digitalwallet.cards/products/78/themes/78/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 /
Resource Hash
f1d58c8a6d9dc094e38b2bd2be8b72601eec8b983ec8af9b12628805027e4e49
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload, max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:43 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload, max-age=31536000
x-envoy-upstream-healthchecked-cluster
content-length
69907
x-request-id
0bdc6a63483bdea6ed02faec2458f6df
last-modified
Tue, 21 May 2024 15:09:56 GMT
server
nginx/1.23.3
etag
"91ee180e55988dd06bbe55dec55884c9"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
x-rgw-object-type
Normal
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
logoLight
cdn.digitalwallet.cards/products/78/themes/78/ 		6 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.digitalwallet.cards/products/78/themes/78/logoLight
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 /
Resource Hash
ec3d2221bda856cb13056aec953c34949b9e3c6503163e83b6919e6990beb8f0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload, max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:43 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload, max-age=31536000
content-encoding
gzip
last-modified
Thu, 09 Nov 2023 06:17:35 GMT
server
nginx/1.23.3
etag
W/"c4110fa472234b555400de7ce27c8ac6"
x-envoy-upstream-healthchecked-cluster
vary
Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
x-rgw-object-type
Normal
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-request-id
96dbf078c09e310cbe7a1ebf8b20d78a
eye-closed.svg
www.onecup.cards/assets/icons/ 		929 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.onecup.cards/assets/icons/eye-closed.svg
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/assets/index-DBMzoBbQ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
abd6be2fc1db820666857f618d2705cf4fa6c72aeb9abae14287728a4549a851
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer
https://www.onecup.cards/
baggage
sentry-environment=production,sentry-release=release-2024-6-12-2,sentry-public_key=4ab6748efb38a3bb6e3c0a3e46db5fd0,sentry-trace_id=5cea1f2c49d0491f9cf57e549a7d1e89,sentry-sample_rate=0.1,sentry-sampled=false
sentry-trace
5cea1f2c49d0491f9cf57e549a7d1e89-89845b390bded7ed-0
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:43 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 12 Jun 2024 16:30:54 GMT
server
nginx/1.23.3
x-powered-by
Express
etag
W/"3a1-1900d49bd21"
content-type
image/svg+xml
cache-control
public, max-age=0
accept-ranges
bytes
content-length
929
x-request-id
029cbdc1c1cb6e14e0c572a9fd20afa2
hjjzvkyn
widget.intercom.io/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/hjjzvkyn
Requested by
Host: www.onecup.cards
URL: https://www.onecup.cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-18.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
40600cf3e9966cb58afc33122e3b042009299791cbe35463d5a708ba333c381b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
nwnOB8BcvWH8I.7euSIK0fZqHzmE9Tlm
content-encoding
gzip
via
1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
date
Fri, 14 Jun 2024 17:43:34 GMT
x-amz-cf-pop
FRA2-C1
age
87
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2669
last-modified
Fri, 14 Jun 2024 14:25:00 GMT
server
AmazonS3
etag
"83ba69de9790cb2f516e40cb3a3bd5e2"
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300, s-maxage=300, public
accept-ranges
bytes
x-amz-cf-id
oCitM5G_rnZ5Mn7sgHyV6d7PJiPKCSM_qfAfyNmSMx-IQ028yqJPCQ==
js
static.getclicky.com/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.getclicky.com/js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWFWQRZ&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.225.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1ff344c29dfe132c4d5663981d939562a86bed8413984f812c02a6a3bae80a4

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.onecup.cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 17:44:43 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 12 Jun 2024 00:23:26 GMT
server
cloudflare
age
235244
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=604800
cf-ray
893c2147c85eabe4-CPH
alt-svc
h3=":443"; ma=86400
x-proxy-cache
HIT
frame-modern.1da3b676.js
js.intercomcdn.com/ Frame 0477 		459 KB
138 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.1da3b676.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/hjjzvkyn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-20.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3150eace2db56ff82154cda75c909919006d0e8e0aa7493a673d3e0869bfc473
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
JpHV0ADJDH0vjPHmOT85fDwrA_1rolFN
content-encoding
gzip
via
1.1 e3824a4cc698f190d3fa6fe687f1a600.cloudfront.net (CloudFront)
date
Fri, 14 Jun 2024 16:25:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
age
4780
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
141065
last-modified
Fri, 14 Jun 2024 14:22:01 GMT
server
AmazonS3
etag
"184fb816ef72607369e05da0fe9140d6"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
5P8siHNanPyeR8vHNASdonan1sViwq-wwuVIREEwRCoEzdRgYOUJfw==
vendor-modern.2795e86a.js
js.intercomcdn.com/ Frame 0477 		493 KB
153 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.2795e86a.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/hjjzvkyn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-20.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
122f5b6b103733cbbffdebcb4653ef8f53dbfba43ea82babf91e2c6c16ca9cee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
.qXZRSqwUtUUF.rI1D6IwFluDRcvX9MH
content-encoding
gzip
via
1.1 e3824a4cc698f190d3fa6fe687f1a600.cloudfront.net (CloudFront)
date
Fri, 14 Jun 2024 16:06:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
age
5868
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
155659
last-modified
Mon, 10 Jun 2024 10:04:03 GMT
server
AmazonS3
etag
"cdecb5e988d44aaaff78da70724bc53c"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
r4UJtV70aJ-aP9KxV4BrRQ3dlknSJDlkz6asWY2NiX0HKI1GTQ38cw==
ping
api-iam.intercom.io/messenger/web/ Frame 0477 		5 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.1da3b676.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.197.106.52 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-106-52.compute-1.amazonaws.com
Software
nginx /
Resource Hash
33e61c485af8dd7383cba99a056388f6514a72c3b70489008065be826fe303b6
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 14 Jun 2024 17:44:44 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-0ed33283259c804aa
status
200 OK
x-xss-protection
1; mode=block
x-request-id
00088hbbra0tl85vnocg
x-runtime
0.379734
server
nginx
etag
W/"33e61c485af8dd7383cba99a056388f6"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.onecup.cards
x-intercom-version
8ddbc11345afdf213ca0e3e32c67cab0da716020
access-control-expose-headers
x-request-id
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA

Verdicts & Comments Add Verdict or Comment

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 undefined| event object| fence object| sharedStorage object| ENV object| SERVER_DATA number| __mobxInstanceCount object| __mobxGlobals string| __reactRouterVersion function| saveAs function| IMask object| __localeData__ object| __SENTRY__ function| onRecaptchaLoadCallback object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_221212 object| dataLayer object| google_tag_manager object| google_tag_data boolean| isUserLoggedIn object| intercomSettings function| Intercom object| clicky_obj object| clicky object| clicky_custom undefined| test object| clicky_site_ids object| cs object| _cgen object| _cgen_custom function| __intercomAssignLocation function| __intercomReloadLocation

3 Cookies

Domain/Path Name / Value
.onecup.cards/ Name: intercom-id-hjjzvkyn
Value: 48422014-5389-4ece-b858-f9440ad75f55
.onecup.cards/ Name: intercom-session-hjjzvkyn
Value:
.onecup.cards/ Name: intercom-device-id-hjjzvkyn
Value: 0765b2e0-5747-4197-81f0-ea208d4d8b3d

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://www.onecup.cards/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
api.digitalwallet.cards
cdn.digitalwallet.cards
fonts.googleapis.com
fonts.gstatic.com
js.intercomcdn.com
sentry.digitalwallet.cards
static.getclicky.com
widget.intercom.io
www.google.com
www.googletagmanager.com
www.gstatic.com
www.onecup.cards
104.16.225.240
13.224.189.18
142.250.184.228
18.245.46.20
2a00:1450:4001:80b::2003
2a00:1450:4001:80e::2008
2a00:1450:4001:830::2003
2a00:1450:4001:830::200a
34.197.106.52
46.101.199.46
46.4.97.23
0abc593a42ba4e631ce45c0f072fe39899e8cbedb2a571e75e52e5344119a5cf
122f5b6b103733cbbffdebcb4653ef8f53dbfba43ea82babf91e2c6c16ca9cee
14be4114dcfde74652f19f9ffae8c9bb50707e9e88bd2b1fcd86fb50224109e7
3150eace2db56ff82154cda75c909919006d0e8e0aa7493a673d3e0869bfc473
33e61c485af8dd7383cba99a056388f6514a72c3b70489008065be826fe303b6
3e9f50f0dd55fee24fba3f9e095cb72f6dad7715361e47eb7dc36f0e1dec9adf
40600cf3e9966cb58afc33122e3b042009299791cbe35463d5a708ba333c381b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
441bda8a0f2223252e959eb0585ae4f2f606be6e21e6125bdcac2baf189d3719
7650b1e3dd7b71396416cedcf71553929fcae294bf3d93d2b9033f66a9d77deb
80e2237735fc823cefd8337c03e73fe37cf5d6f08183335d470ae9d4cb69288f
9cc03a4889b0bdfcc2bf5a2fb0fa06fb51e32f1522dda7a195b47f3500fa9761
a3d252943e7fdbcab6e4d41b719a321468a60fd0473240767d2417d02b3fcbae
abd6be2fc1db820666857f618d2705cf4fa6c72aeb9abae14287728a4549a851
b1ff344c29dfe132c4d5663981d939562a86bed8413984f812c02a6a3bae80a4
cf2ab5373d03bee179eee3ee596ca3bed03495fe249dbf477e30fee924851ade
d0be82f959ab0cca6fbad0262facf522caf3ca48d1d7b0dc1e9f862d55ef5e8f
d865eecf3e86c11ab224434aecb84384c87cd8e52f5f0d5fb2f9b5291eab8578
e5960e12e24e86ce9ccd42d2672b85110039040c5b048ea20e98460d99d3c3bb
ec3d2221bda856cb13056aec953c34949b9e3c6503163e83b6919e6990beb8f0
ed6dcf7298670bb741df28a27eb25ee3000a0a3e51c632e5b15284b810ecaa3a
f1d58c8a6d9dc094e38b2bd2be8b72601eec8b983ec8af9b12628805027e4e49