urlscan.io logo urlscan.io
SecurityTrails logo

thedoughnutproject.bottle.com Open in urlscan Pro
3.220.57.224  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://thedoughnutproject.bottle.com/
Effective URL: https://thedoughnutproject.bottle.com/
Submission: On January 19 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 2 countries across 8 domains to perform 30 HTTP transactions. The main IP is 3.220.57.224, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is thedoughnutproject.bottle.com.
TLS certificate: Issued by R3 on January 13th 2024. Valid for: 3 months.
This is the only time thedoughnutproject.bottle.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 52.20.78.240 14618 (AMAZON-AES)
6 3.220.57.224 14618 (AMAZON-AES)
5 151.101.128.176 54113 (FASTLY)
1 2a03:2880:f08... 32934 (FACEBOOK)
1 18.66.248.117 16509 (AMAZON-02)
1 18.173.233.11 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
8 2a09:8280:1::... 40509 (FLY)
1 2a00:1450:400... 15169 (GOOGLE)
3 54.186.23.98 16509 (AMAZON-02)
1 44.240.143.252 16509 (AMAZON-02)
2 2606:4700::68... 13335 (CLOUDFLAR...)
30 11
1    52.20.78.240 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-78-240.compute-1.amazonaws.com
thedoughnutproject.bottle.com
6    3.220.57.224 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-57-224.compute-1.amazonaws.com
thedoughnutproject.bottle.com
5    151.101.128.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
m.stripe.network
1    2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    18.66.248.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-117.dus51.r.cloudfront.net
static.hotjar.com
1    18.173.233.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-233-11.dus51.r.cloudfront.net
script.hotjar.com
1    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    2a09:8280:1::15:3041 (United States)

ASN40509 (FLY, US)
api.bottle.com
1    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
3    54.186.23.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-186-23-98.stripe.com
q.stripe.com
1    44.240.143.252 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-143-252.us-west-2.compute.amazonaws.com
m.stripe.com
2    2606:4700::6813:a641 (United States)

ASN13335 (CLOUDFLARENET, US)
res.cloudinary.com
Apex Domain
Subdomains		 Transfer
15 bottle.com
thedoughnutproject.bottle.com
api.bottle.com
323 KB
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1227
q.stripe.com — Cisco Umbrella Rank: 7010
m.stripe.com — Cisco Umbrella Rank: 1188
167 KB
2 cloudinary.com
res.cloudinary.com — Cisco Umbrella Rank: 2467
137 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1315
16 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 681
script.hotjar.com — Cisco Umbrella Rank: 996
59 KB
1 gstatic.com
fonts.gstatic.com
46 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28
2 KB
1 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 174
57 KB
30 8
Domain Requested by
8 api.bottle.com thedoughnutproject.bottle.com
7 thedoughnutproject.bottle.com 1 redirects thedoughnutproject.bottle.com
3 q.stripe.com thedoughnutproject.bottle.com
3 js.stripe.com thedoughnutproject.bottle.com
js.stripe.com
2 res.cloudinary.com
2 m.stripe.network js.stripe.com
m.stripe.network
1 m.stripe.com m.stripe.network
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com thedoughnutproject.bottle.com
1 script.hotjar.com static.hotjar.com
1 static.hotjar.com thedoughnutproject.bottle.com
1 connect.facebook.net thedoughnutproject.bottle.com
30 12

This site contains links to these domains. Also see Links.

Domain
bottle.com
Subject Issuer Validity Valid
thedoughnutproject.bottle.com
R3		 2024-01-13 -
2024-04-12		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-01-02 -
2024-04-04		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-10-29 -
2024-01-27		 3 months crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
api.bottle.com
R3		 2024-01-14 -
2024-04-13		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-12-20 -
2024-03-21		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-22 -
2024-03-21		 3 months crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2		 2023-12-14 -
2024-06-22		 6 months crt.sh

This page contains 3 frames:

Primary Page: https://thedoughnutproject.bottle.com/
Frame ID: 0B6FB0BE61C869F49B749301D381D6BA
Requests: 18 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: F90E849A1844A206B07F938C8B9214B0
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 3B17748E5A3DD9FF7F728B0B3D5E514C
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Thedoughnutproject Checkout

Page URL History Show full URLs

  1. http://thedoughnutproject.bottle.com/ HTTP 301
    https://thedoughnutproject.bottle.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 80%
Detected patterns
  • <img[^>]+\.cloudinary\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Page Statistics

30
Requests

100 %
HTTPS

42 %
IPv6

8
Domains

12
Subdomains

11
IPs

2
Countries

806 kB
Transfer

2614 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://thedoughnutproject.bottle.com/ HTTP 301
    https://thedoughnutproject.bottle.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
thedoughnutproject.bottle.com/
Redirect Chain
  • http://thedoughnutproject.bottle.com/
  • https://thedoughnutproject.bottle.com/
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://thedoughnutproject.bottle.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-57-224.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
f9a9afd8a9167ba8f8603421b5afe4c710c3efb57c5fc1833e5e4d0df8d6e290

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
public, max-age=0
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 19 Jan 2024 19:19:16 GMT
Etag
W/"c15-18d1e3ea330"
Last-Modified
Thu, 18 Jan 2024 20:23:58 GMT
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D
Server
Cowboy
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
1.1 vegur
X-Powered-By
Express

Redirect headers

Connection
keep-alive
Content-Length
132
Content-Type
text/html; charset=utf-8
Date
Fri, 19 Jan 2024 19:19:15 GMT
Location
https://thedoughnutproject.bottle.com/
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705691955&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=UkSEA8BCKlvB32L%2BAOCr%2Fh6PoQQrDWdO%2F72RbOYZYtE%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705691955&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=UkSEA8BCKlvB32L%2BAOCr%2Fh6PoQQrDWdO%2F72RbOYZYtE%3D
Server
Cowboy
Vary
Accept
Via
1.1 vegur
X-Powered-By
Express
chunk-vendors.693f9bd6.js
thedoughnutproject.bottle.com/js/ 		713 KB
202 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://thedoughnutproject.bottle.com/js/chunk-vendors.693f9bd6.js
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-57-224.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
d1ebc3060f6dd686435575ec6ac1f6959f6bc63750fe55b478532399d530c1f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Fri, 19 Jan 2024 19:19:16 GMT
Content-Encoding
gzip
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Powered-By
Express
Transfer-Encoding
chunked
Connection
keep-alive
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D
Last-Modified
Thu, 18 Jan 2024 20:23:58 GMT
Server
Cowboy
Etag
W/"b24aa-18d1e3ea330"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D"}]}
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Accept-Ranges
bytes
app.8fcdbd2a.js
thedoughnutproject.bottle.com/js/ 		421 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://thedoughnutproject.bottle.com/js/app.8fcdbd2a.js
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-57-224.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
ce3945792ce43bf8572411eedd54601e9f57cbe0ca7cc8e76867845bcac9b191

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Fri, 19 Jan 2024 19:19:16 GMT
Content-Encoding
gzip
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Powered-By
Express
Transfer-Encoding
chunked
Connection
keep-alive
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D
Last-Modified
Thu, 18 Jan 2024 20:23:58 GMT
Server
Cowboy
Etag
W/"6943b-18d1e3ea330"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D"}]}
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Accept-Ranges
bytes
chunk-vendors.c884e806.css
thedoughnutproject.bottle.com/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://thedoughnutproject.bottle.com/css/chunk-vendors.c884e806.css
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-57-224.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
803dbf8d19528ae4e7761979db0aaf97642d6c4ede0f3bb7be33b8d3026d8c60

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Fri, 19 Jan 2024 19:19:16 GMT
Content-Encoding
gzip
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Powered-By
Express
Transfer-Encoding
chunked
Connection
keep-alive
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D
Last-Modified
Thu, 18 Jan 2024 20:23:58 GMT
Server
Cowboy
Etag
W/"773d-18d1e3ea330"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D"}]}
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Accept-Ranges
bytes
app.6e030145.css
thedoughnutproject.bottle.com/css/ 		69 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://thedoughnutproject.bottle.com/css/app.6e030145.css
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-57-224.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
f548f7bb69c2ef8b31b326a2ef02f66da1a94858bc932a772948c71413c21797

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Fri, 19 Jan 2024 19:19:16 GMT
Content-Encoding
gzip
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Powered-By
Express
Transfer-Encoding
chunked
Connection
keep-alive
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D
Last-Modified
Thu, 18 Jan 2024 20:23:58 GMT
Server
Cowboy
Etag
W/"1156d-18d1e3ea330"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D"}]}
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Accept-Ranges
bytes
/
js.stripe.com/v3/ 		585 KB
163 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
02b19c7a87d1f0bd878549516583c12f0fe3922552fc88d908faab568e2c536e
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Fri, 19 Jan 2024 19:19:16 GMT
via
1.1 varnish
age
14
x-cache
HIT
content-length
166218
x-request-id
51b3a181-6fed-4dba-a894-837b49331fe7
x-served-by
cache-fra-eddf8230128-FRA
last-modified
Fri, 19 Jan 2024 18:39:32 GMT
server
Fastly
etag
"6f011e05421b2206da15f606e16ffca5"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
7
fbevents.js
connect.facebook.net/en_US/ 		213 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7d32db5e7f8166ca472c3703592e17b044a0bfd5b49150c5c888a20164105b08
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 19 Jan 2024 19:19:16 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57023
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
VykTax91VxWq2UA4yWe9ayyPJky5er94fmeXvHkTOw1DFmVXd4i4xT2eIC+taIJ3LYeCvY1p/qhDhK5JpdlJ2Q==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
x-fb-optimizer
0
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
hotjar-3522853.js
static.hotjar.com/c/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-3522853.js?sv=6
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-117.dus51.r.cloudfront.net
Software
/
Resource Hash
c4d1f1c3bbe300d333bce3e58938a4e3f0486ceead49093d938dd90434cdcc8d
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 19:19:16 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 3f309afe37d854da2eb973ba0e31d032.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
etag
W/4dc25f9902491c3ed132d8d419db40c9
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
U7HyBy56L0M-M7RRyERPN9ytTdh-T-e-cb9gGhhIVjNipkruV-eZRA==
modules.2472296d2d26f0040059.js
script.hotjar.com/ 		219 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.2472296d2d26f0040059.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3522853.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.233.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-233-11.dus51.r.cloudfront.net
Software
/
Resource Hash
5bdaa2d2fac01a05dee8737ec7b70ad184651961d3a3998c1efa7cf147ae1ba1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 15 Jan 2024 14:36:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 37e0fb431669e8e8fdb89f91f65f43f2.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P3
age
362590
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
55620
last-modified
Mon, 15 Jan 2024 14:36:02 GMT
etag
"5f2cc7c8ec157af965fb3409029f8b70"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
5cU20Io_lWwxxGrvMnNg4goVOpB7fXdywYYXHbE1gegYwNYeH81teQ==
css2
fonts.googleapis.com/ 		58 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=EB+Garamond:ital,wght@0,400;0,500;0,600;0,700;0,800;1,400;1,500;1,600;1,700;1,800&family=Inter:wght@100;200;300;400;500;600;700;800;900&family=Manrope:wght@200;300;400;500;600;700;800&display=swap
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/css/app.6e030145.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
829f8bb2f1d84f1a1edd24a96ceb306509ac6cc8e0957a61270d3f25f8854755
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 19 Jan 2024 19:19:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 19 Jan 2024 19:19:16 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 19 Jan 2024 19:19:16 GMT
tokens
api.bottle.com/merchant/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.bottle.com/merchant/tokens
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::15:3041 , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/f9c163a6 (2024-01-16) /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://thedoughnutproject.bottle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-length
0
date
Fri, 19 Jan 2024 19:19:17 GMT
fly-request-id
01HMHJKHTT47YT7VMQGHPHPFKF-fra
server
Fly/f9c163a6 (2024-01-16)
via
2 fly.io
tokens
api.bottle.com/merchant/ 		239 B
497 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.bottle.com/merchant/tokens
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/js/chunk-vendors.693f9bd6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::15:3041 , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/f9c163a6 (2024-01-16) /
Resource Hash
abb72e5577080eaef571530e0c13e66b8678c937ee2b9c8367098ffe44ed2a98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://thedoughnutproject.bottle.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/json

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
x-content-type-options
nosniff
date
Fri, 19 Jan 2024 19:19:17 GMT
via
2 fly.io
content-length
206
x-xss-protection
1; mode=block
x-request-id
4f2782ac-1085-4ecc-ba2f-41910a7ee021
x-runtime
0.013437
fly-request-id
01HMHJKJ0D6H95PCWEQSAJWX8H-fra
server
Fly/f9c163a6 (2024-01-16)
etag
W/"0b77d926f42f0fd0ce8c85ebdfec6630"
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
content-type
application/json; charset=utf-8
vary
Origin
bottle-yellow.3d058c75.svg
thedoughnutproject.bottle.com/img/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thedoughnutproject.bottle.com/img/bottle-yellow.3d058c75.svg
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-57-224.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
22f8a5170a390c9cb30f0e9681c9a977cb04a84c07836bc6631d9add7ab1a202

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Fri, 19 Jan 2024 19:19:16 GMT
Content-Encoding
gzip
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Powered-By
Express
Transfer-Encoding
chunked
Connection
keep-alive
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D
Last-Modified
Thu, 18 Jan 2024 20:23:58 GMT
Server
Cowboy
Etag
W/"b2d-18d1e3ea330"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705691956&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=W%2Bhg1iCEvQ524ikSima7gjyoqk2bUtwg48w1Sw3XVw0%3D"}]}
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
Accept-Ranges
bytes
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame F90E 		200 B
819 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://thedoughnutproject.bottle.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
3848843
cache-control
max-age=31536000
content-encoding
br
content-length
154
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Fri, 19 Jan 2024 19:19:16 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 11 Nov 2022 20:25:37 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
508379
x-content-type-options
nosniff
x-request-id
2375453a-bfb9-49bc-8b15-7689be01b553
x-served-by
cache-fra-eddf8230128-FRA
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=EB+Garamond:ital,wght@0,400;0,500;0,600;0,700;0,800;1,400;1,500;1,600;1,700;1,800&family=Inter:wght@100;200;300;400;500;600;700;800;900&family=Manrope:wght@200;300;400;500;600;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://thedoughnutproject.bottle.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 16 Jan 2024 17:34:54 GMT
x-content-type-options
nosniff
age
265462
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46704
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:49:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jan 2025 17:34:54 GMT
m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
js.stripe.com/v3/fingerprinted/js/ Frame F90E 		526 B
451 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Fri, 19 Jan 2024 19:19:16 GMT
via
1.1 varnish
age
3769862
x-cache
HIT
content-length
315
x-request-id
0ddbe55c-503a-474d-b9ad-6c4482183397
x-served-by
cache-fra-eddf8230128-FRA
last-modified
Fri, 11 Nov 2022 20:25:36 GMT
server
Fastly
etag
"d96c709017743c0759cf3853d1806ba5"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
484888
csp-report
q.stripe.com/ Frame F90E 		0
717 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 19 Jan 2024 19:19:17 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1705691957399856
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
0
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1705691957399569
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame F90E 		0
716 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 19 Jan 2024 19:19:17 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1705691957399785
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
1
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1705691957399533
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
inner.html
m.stripe.network/ Frame 3B17 		930 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
135
cache-control
max-age=300, public
content-encoding
br
content-length
540
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Fri, 19 Jan 2024 19:19:16 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 varnish
x-cache
HIT
x-cache-hits
146
x-content-type-options
nosniff
x-request-id
d7cefc4e-580a-4d45-9dc5-37ce86cee559
x-served-by
cache-fra-eddf8230128-FRA
x-timer
S1705691957.992030,VS0,VE0
csp-report
q.stripe.com/ Frame 3B17 		0
490 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 19 Jan 2024 19:19:17 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1705691957400049
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-stripe-server-envoy-upstream-service-time-ms
0
x-stripe-client-envoy-start-time-us
1705691957399562
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
expires
0
out-4.5.43.js
m.stripe.network/ Frame 3B17 		87 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.43.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Fri, 19 Jan 2024 19:19:17 GMT
x-content-type-options
nosniff
content-encoding
br
via
1.1 varnish
age
16
x-cache
HIT
content-length
15509
x-request-id
b3cf70e4-00b4-46f8-8804-098bf858909c
x-served-by
cache-fra-eddf8230128-FRA
server
Fastly
x-timer
S1705691957.002925,VS0,VE0
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
accept-ranges
bytes
x-cache-hits
20
6
m.stripe.com/ Frame 3B17 		156 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.143.252 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-143-252.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
8fc6db3b2ecc3d3cea5cebce8af7d87ae4bd0ca977a32d82d158c3880f86471d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
blue
date
Fri, 19 Jan 2024 19:19:17 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1705691957489501
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
2
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1705691957488784
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
pages
api.bottle.com/merchant/ 		2 KB
456 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.bottle.com/merchant/pages
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/js/chunk-vendors.693f9bd6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::15:3041 , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/f9c163a6 (2024-01-16) /
Resource Hash
8d1ff11c75f5c3205ab3f6fbd2044350cb6e20384ac1d6f1088d7bfb87080070
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjaGFudCI6eyJpZCI6NjIwNDk0LCJoYW5kbGUiOiJ0aGVkb3VnaG51dHByb2plY3QifSwiYW5vbnltb3VzX3Rva2VuIjoiYjBmNzI3MTBiMWQwZmE1ZDNlMWI2ZDYwYTA3ZTJlYjIifQ.LvvySVAvYCFEmDGq4wufklOA4Ds-j5q8YJDydasOdg0
Content-Type
application/json
Accept
application/json
Referer
https://thedoughnutproject.bottle.com/
baggage
sentry-trace
991b725d0ab04b51838b57bde1ec9711-841145bd1cd0065d-1

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
x-content-type-options
nosniff
date
Fri, 19 Jan 2024 19:19:17 GMT
via
2 fly.io
content-length
321
x-xss-protection
1; mode=block
x-request-id
24c43e58-b4e4-4b3b-83ae-7c9a7cb0a49e
x-runtime
0.032762
fly-request-id
01HMHJKJF97BHY1G4MZYAX684T-fra
server
Fly/f9c163a6 (2024-01-16)
etag
W/"07430c18d5b26555b4d5168ac5beab90"
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
content-type
application/json; charset=utf-8
vary
Origin
info
api.bottle.com/merchant/ 		1 KB
726 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.bottle.com/merchant/info
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/js/chunk-vendors.693f9bd6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::15:3041 , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/f9c163a6 (2024-01-16) /
Resource Hash
2c10ae56e0aac96df14b79004bbaf6b6daf0d87ac8e1677cf3a84a867d820126
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjaGFudCI6eyJpZCI6NjIwNDk0LCJoYW5kbGUiOiJ0aGVkb3VnaG51dHByb2plY3QifSwiYW5vbnltb3VzX3Rva2VuIjoiYjBmNzI3MTBiMWQwZmE1ZDNlMWI2ZDYwYTA3ZTJlYjIifQ.LvvySVAvYCFEmDGq4wufklOA4Ds-j5q8YJDydasOdg0
Content-Type
application/json
Accept
application/json
Referer
https://thedoughnutproject.bottle.com/
baggage
sentry-trace
991b725d0ab04b51838b57bde1ec9711-9e053efc78eca3e5-1

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
x-content-type-options
nosniff
date
Fri, 19 Jan 2024 19:19:17 GMT
via
2 fly.io
content-length
590
x-xss-protection
1; mode=block
x-request-id
194277e6-78d8-42a8-b3b2-c45a13190e6c
x-runtime
0.011453
fly-request-id
01HMHJKJF9DCX9X0Z1NEWDX4R2-fra
server
Fly/f9c163a6 (2024-01-16)
etag
W/"b2a23b5ccf8c309598ca2a59fb33b239"
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
content-type
application/json; charset=utf-8
vary
Origin
stores
api.bottle.com/merchant/ 		17 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.bottle.com/merchant/stores?included=attachments
Requested by
Host: thedoughnutproject.bottle.com
URL: https://thedoughnutproject.bottle.com/js/chunk-vendors.693f9bd6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::15:3041 , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/f9c163a6 (2024-01-16) /
Resource Hash
fbb62a27438109f48445ad7dba97836ad6b5d1d5dcb18c643f2aacd47fb8704c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjaGFudCI6eyJpZCI6NjIwNDk0LCJoYW5kbGUiOiJ0aGVkb3VnaG51dHByb2plY3QifSwiYW5vbnltb3VzX3Rva2VuIjoiYjBmNzI3MTBiMWQwZmE1ZDNlMWI2ZDYwYTA3ZTJlYjIifQ.LvvySVAvYCFEmDGq4wufklOA4Ds-j5q8YJDydasOdg0
Content-Type
application/json
Accept
application/json
Referer
https://thedoughnutproject.bottle.com/
baggage
sentry-trace
991b725d0ab04b51838b57bde1ec9711-b1fad4cb150d17d5-1

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
x-content-type-options
nosniff
date
Fri, 19 Jan 2024 19:19:16 GMT
via
2 fly.io
content-length
2047
x-xss-protection
1; mode=block
x-request-id
c384f391-89ff-4778-9316-49f3c77b83a5
x-runtime
0.037497
fly-request-id
01HMHJKJF9ZTNY9VH0D33Z4T4F-fra
server
Fly/f9c163a6 (2024-01-16)
etag
W/"2fed0bfba7378c93938e809818142049"
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
content-type
application/json; charset=utf-8
vary
Origin
pages
api.bottle.com/merchant/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.bottle.com/merchant/pages
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::15:3041 , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/f9c163a6 (2024-01-16) /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,baggage,content-type,sentry-trace
Access-Control-Request-Method
GET
Origin
https://thedoughnutproject.bottle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers
authorization,baggage,content-type,sentry-trace
access-control-allow-methods
GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-length
0
date
Fri, 19 Jan 2024 19:19:16 GMT
fly-request-id
01HMHJKJ706FZSBE9NYGJMSA0C-fra
server
Fly/f9c163a6 (2024-01-16)
via
2 fly.io
info
api.bottle.com/merchant/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.bottle.com/merchant/info
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::15:3041 , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/f9c163a6 (2024-01-16) /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,baggage,content-type,sentry-trace
Access-Control-Request-Method
GET
Origin
https://thedoughnutproject.bottle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers
authorization,baggage,content-type,sentry-trace
access-control-allow-methods
GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-length
0
date
Fri, 19 Jan 2024 19:19:16 GMT
fly-request-id
01HMHJKJ70K0HWC1YFNMCXQDBB-fra
server
Fly/f9c163a6 (2024-01-16)
via
2 fly.io
stores
api.bottle.com/merchant/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.bottle.com/merchant/stores?included=attachments
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1::15:3041 , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/f9c163a6 (2024-01-16) /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,baggage,content-type,sentry-trace
Access-Control-Request-Method
GET
Origin
https://thedoughnutproject.bottle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers
authorization,baggage,content-type,sentry-trace
access-control-allow-methods
GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-expose-headers
access-control-max-age
7200
content-length
0
date
Fri, 19 Jan 2024 19:19:17 GMT
fly-request-id
01HMHJKJ70AQZZ1G4H3VPK8RHM-fra
server
Fly/f9c163a6 (2024-01-16)
via
2 fly.io
rxntzchntiznaseqz58u.jpg
res.cloudinary.com/hpwejnwbc/image/upload/c_pad,f_auto,h_256,w_256/v1/merchant-frontend/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/hpwejnwbc/image/upload/c_pad,f_auto,h_256,w_256/v1/merchant-frontend/rxntzchntiznaseqz58u.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a641 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b45f670a13406b685339b505b80f98d8863579beefdf77284f6cb7253deba03
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 19:19:18 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
content-disposition
inline; filename="rxntzchntiznaseqz58u.webp"
server-timing
cld-cloudflare;dur=164;start=2024-01-19T19:19:17.902Z;desc=miss,rtt;dur=7,content-info;desc="width=256,height=256,owidth=1041,oheight=1041,obytes=40472;";cloudinary;dur=48;start=2024-01-19T19:19:17.968Z
content-length
7408
last-modified
Thu, 20 Oct 2022 14:42:37 GMT
server
cloudflare
etag
"ce4a3b62487146379ad687c1c2d6c0c4"
vary
Accept,User-Agent, Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control
private, no-transform, immutable, max-age=2592000
accept-ranges
bytes
cf-ray
84816db0dd109bbf-FRA
timing-allow-origin
*
gy5hjiszlluvten0yfrd.jpg
res.cloudinary.com/hpwejnwbc/image/upload/c_limit,f_auto,h_552,w_552/v1/merchant-frontend/ 		129 KB
129 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/hpwejnwbc/image/upload/c_limit,f_auto,h_552,w_552/v1/merchant-frontend/gy5hjiszlluvten0yfrd.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a641 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b403a044deee683d329509fcc0e858e2f44dbd93c4df2bde5d03203591c1b514
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://thedoughnutproject.bottle.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 19:19:18 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
content-disposition
inline; filename="gy5hjiszlluvten0yfrd.webp"
server-timing
cld-cloudflare;dur=258;start=2024-01-19T19:19:17.900Z;desc=miss,rtt;dur=7,content-info;desc="width=552,height=273,owidth=2874,oheight=1423,obytes=5082972;";cloudinary;dur=144;start=2024-01-19T19:19:17.966Z
content-length
132032
last-modified
Sun, 21 May 2023 22:00:19 GMT
server
cloudflare
etag
"b84b4edb20607e3fc1d4798c3349f712"
vary
Accept,User-Agent, Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control
private, no-transform, immutable, max-age=2592000
accept-ranges
bytes
cf-ray
84816db0dd129bbf-FRA
timing-allow-origin
*

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| google function| fbq function| _fbq function| hj object| _hjSettings object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| webpackChunkStripeJSouter function| noop function| Stripe object| webpackChunkbottle_merchant_vue function| _ object| intlTelInputGlobals object| intlTelInputUtils object| __SENTRY__

6 Cookies

Domain/Path Name / Value
.bottle.com/ Name: _hjSessionUser_3522853
Value: eyJpZCI6ImUwNTIwZTlkLWRlZTctNWE2OS05OGEwLWQyZGNkMzA4YWY0ZCIsImNyZWF0ZWQiOjE3MDU2OTE5NTY5NDQsImV4aXN0aW5nIjpmYWxzZX0=
.bottle.com/ Name: _hjIncludedInSessionSample_3522853
Value: 0
.bottle.com/ Name: _hjSession_3522853
Value: eyJpZCI6ImJkYjQ3ZGMzLWE3NGUtNDdhOS05OTZjLTZkZGE3YzhkNDU1NSIsImMiOjE3MDU2OTE5NTY5NDQsInMiOjAsInIiOjAsInNiIjoxLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
m.stripe.com/ Name: m
Value: 6d44957e-a4bb-4a3d-8d70-29d9dc26c995bc366e
.thedoughnutproject.bottle.com/ Name: __stripe_mid
Value: da9a33e8-239f-405a-baf9-3a48072841c4c5aac1
.thedoughnutproject.bottle.com/ Name: __stripe_sid
Value: 3c91c404-9911-4ff1-a115-cb8609938f438df071

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.bottle.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
res.cloudinary.com
script.hotjar.com
static.hotjar.com
thedoughnutproject.bottle.com
151.101.128.176
18.173.233.11
18.66.248.117
2606:4700::6813:a641
2a00:1450:4001:813::2003
2a00:1450:4001:82a::200a
2a03:2880:f083:100:face:b00c:0:3
2a09:8280:1::15:3041
3.220.57.224
44.240.143.252
52.20.78.240
54.186.23.98
02b19c7a87d1f0bd878549516583c12f0fe3922552fc88d908faab568e2c536e
22f8a5170a390c9cb30f0e9681c9a977cb04a84c07836bc6631d9add7ab1a202
2c10ae56e0aac96df14b79004bbaf6b6daf0d87ac8e1677cf3a84a867d820126
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
5bdaa2d2fac01a05dee8737ec7b70ad184651961d3a3998c1efa7cf147ae1ba1
7d32db5e7f8166ca472c3703592e17b044a0bfd5b49150c5c888a20164105b08
803dbf8d19528ae4e7761979db0aaf97642d6c4ede0f3bb7be33b8d3026d8c60
829f8bb2f1d84f1a1edd24a96ceb306509ac6cc8e0957a61270d3f25f8854755
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
8b45f670a13406b685339b505b80f98d8863579beefdf77284f6cb7253deba03
8d1ff11c75f5c3205ab3f6fbd2044350cb6e20384ac1d6f1088d7bfb87080070
8fc6db3b2ecc3d3cea5cebce8af7d87ae4bd0ca977a32d82d158c3880f86471d
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
abb72e5577080eaef571530e0c13e66b8678c937ee2b9c8367098ffe44ed2a98
b403a044deee683d329509fcc0e858e2f44dbd93c4df2bde5d03203591c1b514
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
c4d1f1c3bbe300d333bce3e58938a4e3f0486ceead49093d938dd90434cdcc8d
ce3945792ce43bf8572411eedd54601e9f57cbe0ca7cc8e76867845bcac9b191
d1ebc3060f6dd686435575ec6ac1f6959f6bc63750fe55b478532399d530c1f9
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f548f7bb69c2ef8b31b326a2ef02f66da1a94858bc932a772948c71413c21797
f9a9afd8a9167ba8f8603421b5afe4c710c3efb57c5fc1833e5e4d0df8d6e290
fbb62a27438109f48445ad7dba97836ad6b5d1d5dcb18c643f2aacd47fb8704c