urlscan.io logo urlscan.io
SecurityTrails logo

app-staging.thatchcloud.com Open in urlscan Pro
2606:4700:3037::ac43:d07e  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://app-staging.thatchcloud.com/
Effective URL: https://app-staging.thatchcloud.com/login
Submission: On October 14 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 1 countries across 3 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3037::ac43:d07e, located in United States and belongs to CLOUDFLARENET, US. The main domain is app-staging.thatchcloud.com.
TLS certificate: Issued by WE1 on September 10th 2024. Valid for: 3 months.
This is the only time app-staging.thatchcloud.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

4    2606:4700:3037::ac43:d07e (United States)

ASN13335 (CLOUDFLARENET, US)
app-staging.thatchcloud.com
8    2600:9000:2616:a600:12:f7d9:800:93a1 (United States)

ASN16509 (AMAZON-02, US)
assets-staging.thatch.ai
2    18.165.83.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-83-21.iad55.r.cloudfront.net
api.mapbox.com
2    2600:9000:2015:a200:9:e28b:3980:93a1 (United States)

ASN16509 (AMAZON-02, US)
ph.thatch.ai
1    2600:9000:2509:9600:1e:31eb:9f80:93a1 (United States)

ASN16509 (AMAZON-02, US)
sgmt-cdn.thatch.ai
1    2600:9000:201e:a000:12:25f5:a800:93a1 (United States)

ASN16509 (AMAZON-02, US)
sgmt-api.thatch.ai
Apex Domain
Subdomains		 Transfer
12 thatch.ai
assets-staging.thatch.ai
ph.thatch.ai
sgmt-cdn.thatch.ai
sgmt-api.thatch.ai
2 MB
4 thatchcloud.com
app-staging.thatchcloud.com
13 KB
2 mapbox.com
api.mapbox.com — Cisco Umbrella Rank: 3830
7 KB
18 3
Domain Requested by
8 assets-staging.thatch.ai app-staging.thatchcloud.com
assets-staging.thatch.ai
4 app-staging.thatchcloud.com 1 redirects assets-staging.thatch.ai
2 ph.thatch.ai assets-staging.thatch.ai
2 api.mapbox.com
1 sgmt-api.thatch.ai assets-staging.thatch.ai
1 sgmt-cdn.thatch.ai assets-staging.thatch.ai
18 6

This site contains no links.

Subject Issuer Validity Valid
app-staging.thatchcloud.com
WE1		 2024-09-10 -
2024-12-09		 3 months crt.sh
assets-staging.thatch.ai
Amazon RSA 2048 M02		 2023-12-22 -
2025-01-20		 a year crt.sh
api.mapbox.com
Amazon RSA 2048 M03		 2024-10-05 -
2025-11-02		 a year crt.sh
ph.thatch.ai
Amazon RSA 2048 M02		 2024-07-31 -
2025-08-30		 a year crt.sh
sgmt-cdn.thatch.ai
Amazon RSA 2048 M02		 2024-01-09 -
2025-02-06		 a year crt.sh
sgmt-api.thatch.ai
Amazon RSA 2048 M03		 2024-01-09 -
2025-02-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://app-staging.thatchcloud.com/login
Frame ID: B5D7E35D9259C24C93E67277DAC32E5A
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Welcome back! | Thatch [STAGING]

Page URL History Show full URLs

  1. https://app-staging.thatchcloud.com/ HTTP 302
    https://app-staging.thatchcloud.com/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • mapbox-gl.js
Overall confidence: 100%
Detected patterns
  • <[^>]+data-controller
Overall confidence: 100%
Detected patterns

Page Statistics

18
Requests

94 %
HTTPS

83 %
IPv6

3
Domains

6
Subdomains

7
IPs

1
Countries

1742 kB
Transfer

6410 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://app-staging.thatchcloud.com/ HTTP 302
    https://app-staging.thatchcloud.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
app-staging.thatchcloud.com/
Redirect Chain
  • https://app-staging.thatchcloud.com/
  • https://app-staging.thatchcloud.com/login
9 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app-staging.thatchcloud.com/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:d07e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fcc4808183b9a3c83be22a8a106c6d387a61a7136f74aa77641daaf817afa49
Security Headers
Name Value
Content-Security-Policy default-src 'none'; upgrade-insecure-requests; font-src 'self' https://assets-staging.thatch.ai; img-src 'self' https://assets-staging.thatch.ai https: data:; object-src 'none'; script-src 'self' https://assets-staging.thatch.ai https://api.mapbox.com https://js.stripe.com/v3/ https://*.googletagmanager.com https://connect.facebook.net https://serverside.thatch.ai 'strict-dynamic' 'report-sample' 'nonce-Ql4UL8lCR75G9Tut+6VG2A=='; frame-src https://js.stripe.com/v3/ https://www.loom.com https://thatch.ai/; style-src 'self' https://assets-staging.thatch.ai https://app-static-prod.posthog.com https://api.mapbox.com 'unsafe-inline' 'report-sample'; connect-src 'self' https://assets-staging.thatch.ai https://appsignal-endpoint.net https://ph.thatch.ai https://app.posthog.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.mapbox.com https://events.mapbox.com https://application-form.sh https://application-form.co https://sgmt-api.thatch.ai https://sgmt-cdn.thatch.ai https://serverside.thatch.ai; base-uri 'none'; form-action 'self' https://billing.stripe.com https://application-form.sh https://application-form.co; frame-ancestors https://thatch.ai; report-uri /csp_reports
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=0, private, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8d2938a71ca40f87-EWR
content-encoding
zstd
content-security-policy
default-src 'none'; upgrade-insecure-requests; font-src 'self' https://assets-staging.thatch.ai; img-src 'self' https://assets-staging.thatch.ai https: data:; object-src 'none'; script-src 'self' https://assets-staging.thatch.ai https://api.mapbox.com https://js.stripe.com/v3/ https://*.googletagmanager.com https://connect.facebook.net https://serverside.thatch.ai 'strict-dynamic' 'report-sample' 'nonce-Ql4UL8lCR75G9Tut+6VG2A=='; frame-src https://js.stripe.com/v3/ https://www.loom.com https://thatch.ai/; style-src 'self' https://assets-staging.thatch.ai https://app-static-prod.posthog.com https://api.mapbox.com 'unsafe-inline' 'report-sample'; connect-src 'self' https://assets-staging.thatch.ai https://appsignal-endpoint.net https://ph.thatch.ai https://app.posthog.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.mapbox.com https://events.mapbox.com https://application-form.sh https://application-form.co https://sgmt-api.thatch.ai https://sgmt-cdn.thatch.ai https://serverside.thatch.ai; base-uri 'none'; form-action 'self' https://billing.stripe.com https://application-form.sh https://application-form.co; frame-ancestors https://thatch.ai; report-uri /csp_reports
content-type
text/html; charset=utf-8
date
Mon, 14 Oct 2024 17:17:09 GMT
feature-policy
camera 'none'; gyroscope 'none'; microphone 'none'; usb 'none'; fullscreen 'self'; payment 'none'
link
<https://assets-staging.thatch.ai/assets/tailwind-6cf9e651327c7b1281e1e12fc9e56fbf1fb4fbd23bbb028d95cfd4f89400658a.css>; rel=preload; as=style; nopush,<https://assets-staging.thatch.ai/assets/inter-font-8c3e82affb176f4bca9616b838d906343d1251adc8408efe02cf2b1e4fcf2bc4.css>; rel=preload; as=style; nopush,<https://assets-staging.thatch.ai/assets/application-9616ca31e16d364876cbf430a27d9ff8b53c5a0aae606e9f9842e772ae03fe6b.css>; rel=preload; as=style; nopush,<https://api.mapbox.com/mapbox-gl-js/v2.14.1/mapbox-gl.css>; rel=preload; as=style; crossorigin=anonymous; integrity=sha384-SDYx9Nwa5fE1fRuBplOPejrcbPOK/ql0Uym6hsGsTvnlC784P5LZhBJIbo8O/O+0; nopush,<https://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-geocoder/v5.0.0/mapbox-gl-geocoder.css>; rel=preload; as=style; crossorigin=anonymous; integrity=sha384-1KNhwJNCQTr0DCi/5/OnQcFytgycxTahxNZaqKbAtqmY8bUhu26qxXqvDGXXwplS; nopush
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i78UTWw1D%2Bz9P80wg%2BtPI%2BNwOJ0tGHvWE6d0r68GpdsFqknJx063rSwheWrbCUZihhjBfeSVO3LuAchbSG3W0C5wo2wb%2BAdKnw48iES37yF1cYgQmH6ddYKE%2BNYxG6099St5J2WWoV4OLwJDwM7j3H%2FHMB41XYC7vPI%3D"}],"group":"cf-nel","max_age":604800}
rndr-id
49ea712a-419a-49be
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-render-origin-server
Render
x-request-id
946ee081-291c-4d60-852c-39fae23d39ff
x-runtime
0.011699
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8d2938a5caef0f87-EWR
content-security-policy
default-src 'none'; upgrade-insecure-requests; font-src 'self' https://assets-staging.thatch.ai; img-src 'self' https://assets-staging.thatch.ai https: data:; object-src 'none'; script-src 'self' https://assets-staging.thatch.ai https://api.mapbox.com https://js.stripe.com/v3/ https://*.googletagmanager.com https://connect.facebook.net https://serverside.thatch.ai 'strict-dynamic' 'report-sample' 'nonce-Xx8NzP859AAlyGYVRweeJg=='; frame-src https://js.stripe.com/v3/ https://www.loom.com https://thatch.ai/; style-src 'self' https://assets-staging.thatch.ai https://app-static-prod.posthog.com https://api.mapbox.com 'unsafe-inline' 'report-sample'; connect-src 'self' https://assets-staging.thatch.ai https://appsignal-endpoint.net https://ph.thatch.ai https://app.posthog.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.mapbox.com https://events.mapbox.com https://application-form.sh https://application-form.co https://sgmt-api.thatch.ai https://sgmt-cdn.thatch.ai https://serverside.thatch.ai; base-uri 'none'; form-action 'self' https://billing.stripe.com https://application-form.sh https://application-form.co; frame-ancestors https://thatch.ai; report-uri /csp_reports
content-type
text/html; charset=utf-8
date
Mon, 14 Oct 2024 17:17:09 GMT
feature-policy
camera 'none'; gyroscope 'none'; microphone 'none'; usb 'none'; fullscreen 'self'; payment 'none'
location
https://app-staging.thatchcloud.com/login
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q5k4TZ%2FqzC3BejQJwcpoawFHthuGgSv2xGvNlDwVN6xpVsUo6Id1S4GtH6H5M5%2F5cRX7a%2FC2HNPFzlY7M5OPfWGHZCroUM4cSkj%2Bbxumv5SusYjzGTCwcOc0MbObcQCJgo21Vhwf5IsAFuTX4CNpctzAooWghAUFiQs%3D"}],"group":"cf-nel","max_age":604800}
rndr-id
75c1ce34-c636-435b
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-render-origin-server
Render
x-request-id
9853495e-0923-4ee7-9fb6-13647f7a3dc9
x-runtime
0.024794
csp_reports
app-staging.thatchcloud.com/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://app-staging.thatchcloud.com/csp_reports
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:d07e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; upgrade-insecure-requests; font-src 'self' https://assets-staging.thatch.ai; img-src 'self' https://assets-staging.thatch.ai https: data:; object-src 'none'; script-src 'self' https://assets-staging.thatch.ai https://api.mapbox.com https://js.stripe.com/v3/ https://*.googletagmanager.com https://connect.facebook.net https://serverside.thatch.ai 'strict-dynamic' 'report-sample' 'nonce-A5W6SoT6MLOzKWmhlsL6NA=='; frame-src https://js.stripe.com/v3/ https://www.loom.com https://thatch.ai/; style-src 'self' https://assets-staging.thatch.ai https://app-static-prod.posthog.com https://api.mapbox.com 'unsafe-inline' 'report-sample'; connect-src 'self' https://assets-staging.thatch.ai https://appsignal-endpoint.net https://ph.thatch.ai https://app.posthog.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.mapbox.com https://events.mapbox.com https://application-form.sh https://application-form.co https://sgmt-api.thatch.ai https://sgmt-cdn.thatch.ai https://serverside.thatch.ai; base-uri 'none'; form-action 'self' https://billing.stripe.com https://application-form.sh https://application-form.co; frame-ancestors https://thatch.ai; report-uri /csp_reports
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://app-staging.thatchcloud.com/login

Response headers

x-request-id
c2016c7b-c1e9-4db6-8f5e-9bff2d038cc6
content-encoding
zstd
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V3IrR45gs4NM7cNBWy61A5uceYSBwLtUxiejiV5rHtp2yxpOE6GVBx%2BytuF01KVOAZZJ%2F8iW2UEOHQWvkxAlvygSnEOp1fAf4N4RpOLZOLrq187AJReSoGM%2FPQX8syveKnPaeAo4OlA4oFateTNG3ynocimioz7jQCE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
rndr-id
49455f61-9570-498d
x-render-origin-server
Render
date
Mon, 14 Oct 2024 17:17:09 GMT
content-type
text/html
vary
Accept-Encoding
feature-policy
camera 'none'; gyroscope 'none'; microphone 'none'; usb 'none'; fullscreen 'self'; payment 'none'
x-runtime
0.013475
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubDomains
content-security-policy
default-src 'none'; upgrade-insecure-requests; font-src 'self' https://assets-staging.thatch.ai; img-src 'self' https://assets-staging.thatch.ai https: data:; object-src 'none'; script-src 'self' https://assets-staging.thatch.ai https://api.mapbox.com https://js.stripe.com/v3/ https://*.googletagmanager.com https://connect.facebook.net https://serverside.thatch.ai 'strict-dynamic' 'report-sample' 'nonce-A5W6SoT6MLOzKWmhlsL6NA=='; frame-src https://js.stripe.com/v3/ https://www.loom.com https://thatch.ai/; style-src 'self' https://assets-staging.thatch.ai https://app-static-prod.posthog.com https://api.mapbox.com 'unsafe-inline' 'report-sample'; connect-src 'self' https://assets-staging.thatch.ai https://appsignal-endpoint.net https://ph.thatch.ai https://app.posthog.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.mapbox.com https://events.mapbox.com https://application-form.sh https://application-form.co https://sgmt-api.thatch.ai https://sgmt-cdn.thatch.ai https://serverside.thatch.ai; base-uri 'none'; form-action 'self' https://billing.stripe.com https://application-form.sh https://application-form.co; frame-ancestors https://thatch.ai; report-uri /csp_reports
cache-control
no-cache
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d2938a83e350f87-EWR
x-xss-protection
0
server
cloudflare
speculation
app-staging.thatchcloud.com/cdn-cgi/ 		0
0
tailwind-6cf9e651327c7b1281e1e12fc9e56fbf1fb4fbd23bbb028d95cfd4f89400658a.css
assets-staging.thatch.ai/assets/ 		131 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets-staging.thatch.ai/assets/tailwind-6cf9e651327c7b1281e1e12fc9e56fbf1fb4fbd23bbb028d95cfd4f89400658a.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2616:a600:12:f7d9:800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0eb224ab7bf7f9524dfe6dcf688721229d8c296630c529a475796e0ae8364b42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app-staging.thatchcloud.com/

Response headers

content-encoding
br
etag
W/"ff02194d691fe968396cd5605c4cb67b"
age
435442
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
aMali_NaoLe2miCY-2XcDA2P4brCz7xoI-m1QDgcCB4eUVb5Cj9gYQ==
date
Wed, 09 Oct 2024 16:19:49 GMT
content-type
text/css
vary
Accept-Encoding, Origin
last-modified
Wed, 09 Oct 2024 13:21:52 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 31ab6a69a955ba22ff90036cd9977e74.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
ORD56-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
inter-font-8c3e82affb176f4bca9616b838d906343d1251adc8408efe02cf2b1e4fcf2bc4.css
assets-staging.thatch.ai/assets/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets-staging.thatch.ai/assets/inter-font-8c3e82affb176f4bca9616b838d906343d1251adc8408efe02cf2b1e4fcf2bc4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2616:a600:12:f7d9:800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d57186c9caf6817c10dc5e1d1a48acd510cb96404d21957f17419c6ace4d552f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app-staging.thatchcloud.com/

Response headers

content-encoding
br
etag
W/"a903ef102c8f721d2d7574f3209b0acf"
age
3421305
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
u4Jry77_XObJgrwv9OVj9qIMUd_BFQAnMXnms4MwZ8cGRxIgnY3M-Q==
date
Thu, 05 Sep 2024 02:55:26 GMT
content-type
text/css
vary
Accept-Encoding, Origin
last-modified
Fri, 30 Aug 2024 18:32:56 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 31ab6a69a955ba22ff90036cd9977e74.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
ORD56-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
application-9616ca31e16d364876cbf430a27d9ff8b53c5a0aae606e9f9842e772ae03fe6b.css
assets-staging.thatch.ai/assets/ 		76 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets-staging.thatch.ai/assets/application-9616ca31e16d364876cbf430a27d9ff8b53c5a0aae606e9f9842e772ae03fe6b.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2616:a600:12:f7d9:800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
71ceb9cf97252895d90dad047a387da8fca678c968231266c03cce55d7a552d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app-staging.thatchcloud.com/

Response headers

content-encoding
br
etag
W/"421ab8d4b5db1f2058d351fe08eb0db1"
age
523197
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
SX2MI1L1wLnkighVcwtgWUEde8y9urhPs9fFiut0YlbBsADgpsFrgA==
date
Tue, 08 Oct 2024 15:57:14 GMT
content-type
text/css
vary
Accept-Encoding, Origin
last-modified
Tue, 08 Oct 2024 01:30:41 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 31ab6a69a955ba22ff90036cd9977e74.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
ORD56-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
mapbox-gl.css
api.mapbox.com/mapbox-gl-js/v2.14.1/ 		35 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.mapbox.com/mapbox-gl-js/v2.14.1/mapbox-gl.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-21.iad55.r.cloudfront.net
Software
/ Express
Resource Hash
cf2d07b0a7181ad1d80439432c6aee2fc500331962cc27cafa4a67e8d00e7fef

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://app-staging.thatchcloud.com
Referer
https://app-staging.thatchcloud.com/

Response headers

content-encoding
gzip
etag
"6e33e0e2daf7a9f869e156907a91ff0b"
age
7549501
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
mRh86rSQuw-uVmR2gWwsU6qWvmQV3XYAPnUh9170w0wd_q2Dt-BKnA==
date
Fri, 19 Jul 2024 08:12:08 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
last-modified
Fri Apr 14 2023 09:13:53 GMT+0000 (Coordinated Universal Time)
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 b885d7691d1de254a7c8e89572398f9a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
IAD55-P3
x-powered-by
Express
mapbox-gl-geocoder.css
api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-geocoder/v5.0.0/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-geocoder/v5.0.0/mapbox-gl-geocoder.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.83.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-83-21.iad55.r.cloudfront.net
Software
/ Express
Resource Hash
fb2b10733ab46531a8070e83b051a2fd1008a104ec3b829d8cf5cd46aade265f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://app-staging.thatchcloud.com
Referer
https://app-staging.thatchcloud.com/

Response headers

content-encoding
gzip
etag
"fd56afcde508bb0e1a9279b60c4c2c88"
age
2262704
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
sfQM5PijrTf-vm-AIV0r9zfFXeen95lDb_48wcZXkUgO-Bkk1O8gMg==
date
Wed, 18 Sep 2024 12:45:25 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
last-modified
Fri Mar 11 2022 19:41:50 GMT+0000 (Coordinated Universal Time)
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 b885d7691d1de254a7c8e89572398f9a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
IAD55-P3
x-powered-by
Express
application-dbaa0501ff75a4f592017e1a8f22efbf4e1acda40c0091f802a98e6e11b62f81.js
assets-staging.thatch.ai/assets/ 		6 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets-staging.thatch.ai/assets/application-dbaa0501ff75a4f592017e1a8f22efbf4e1acda40c0091f802a98e6e11b62f81.js
Requested by
Host: app-staging.thatchcloud.com
URL: https://app-staging.thatchcloud.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2616:a600:12:f7d9:800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b0202b9239e40cdb7c5293cee25be3fa539c922eb1ab1ce4d58efb736195af9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://app-staging.thatchcloud.com
Referer
https://app-staging.thatchcloud.com/

Response headers

content-encoding
br
etag
W/"3751704de419c42f6dd0288fdf357077"
age
253054
access-control-allow-methods
GET, HEAD
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
ZGVAWFwv9X1lc7TpMLpDNlHBWAubFDYn-P-eRorMOA9kyr15msuCnA==
date
Fri, 11 Oct 2024 18:59:37 GMT
content-type
application/javascript
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 18:13:03 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 ca47e4bb9e78a1aa39ecef90c4d282d2.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
1; mode=block
x-amz-cf-pop
ORD56-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
logo_all_cap-2f32134c5f3654e36fb6caf8dbcf6ce43b4a3e6d2a3839acff6a20f6a1d944a1.svg
assets-staging.thatch.ai/assets/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-staging.thatch.ai/assets/logo_all_cap-2f32134c5f3654e36fb6caf8dbcf6ce43b4a3e6d2a3839acff6a20f6a1d944a1.svg
Requested by
Host: app-staging.thatchcloud.com
URL: https://app-staging.thatchcloud.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2616:a600:12:f7d9:800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5a5a19010fece3dae9d9630d72b151e09042351c6b2acaab2f65d7f88e458018
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app-staging.thatchcloud.com/

Response headers

content-encoding
br
etag
W/"2b66520a607591d89214797e54e3460f"
age
684461
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
3L-3qFOL_KIwR9QSx1G10z5jEVeWfQHvX12rHoRYtFbxp28rPYkWJw==
date
Sun, 06 Oct 2024 19:09:29 GMT
content-type
image/svg+xml
vary
Accept-Encoding, Origin
last-modified
Fri, 04 Oct 2024 01:57:08 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 31ab6a69a955ba22ff90036cd9977e74.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
ORD56-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
login-d7d12a597f30cf86021dc1cb90e705e7359307128cfe0def3c08fc5572301a03.svg
assets-staging.thatch.ai/assets/ 		13 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-staging.thatch.ai/assets/login-d7d12a597f30cf86021dc1cb90e705e7359307128cfe0def3c08fc5572301a03.svg
Requested by
Host: app-staging.thatchcloud.com
URL: https://app-staging.thatchcloud.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2616:a600:12:f7d9:800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
332cefed198e47cd2651db0e5917fb04573e45348c5c6fc96837abd17a5f7260
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app-staging.thatchcloud.com/

Response headers

content-encoding
br
etag
W/"ab8f612ef20f843083610eca358ba574"
age
3032721
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
XThMKB-6J3xyjy8w9_iKExk7bG-49i3395WsYWzrBUJuEMuUH2TB0A==
date
Mon, 09 Sep 2024 14:51:50 GMT
content-type
image/svg+xml
vary
Accept-Encoding, Origin
last-modified
Thu, 05 Sep 2024 16:43:52 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 31ab6a69a955ba22ff90036cd9977e74.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
ORD56-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
Inter-roman.latin.var-4b87a3d384ea557b10afa9570b753eda868b12b5e51eea0977ffa6e641998f6a.woff2
assets-staging.thatch.ai/assets/ 		51 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets-staging.thatch.ai/assets/Inter-roman.latin.var-4b87a3d384ea557b10afa9570b753eda868b12b5e51eea0977ffa6e641998f6a.woff2
Requested by
Host: assets-staging.thatch.ai
URL: https://assets-staging.thatch.ai/assets/inter-font-8c3e82affb176f4bca9616b838d906343d1251adc8408efe02cf2b1e4fcf2bc4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2616:a600:12:f7d9:800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5156501c82759bb0891d4a37c4eb6bce023623d762572a946c56a17d8ae37bd8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://app-staging.thatchcloud.com
Referer
https://assets-staging.thatch.ai/assets/inter-font-8c3e82affb176f4bca9616b838d906343d1251adc8408efe02cf2b1e4fcf2bc4.css

Response headers

etag
"dec25f4c0751dfa3830eb3d9edbdc8ba"
age
616574
access-control-allow-methods
GET, HEAD
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
4L3hxaYW9AhCqfcnd9cqLanF0gQZfpEIwvC4wEUKqX33fNnnDwA9TQ==
date
Mon, 07 Oct 2024 14:00:57 GMT
content-type
font/woff2
last-modified
Fri, 04 Oct 2024 01:56:44 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 ca47e4bb9e78a1aa39ecef90c4d282d2.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
51896
x-xss-protection
1; mode=block
x-amz-cf-pop
ORD56-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
csp_reports
app-staging.thatchcloud.com/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://app-staging.thatchcloud.com/csp_reports
Requested by
Host: assets-staging.thatch.ai
URL: https://assets-staging.thatch.ai/assets/application-dbaa0501ff75a4f592017e1a8f22efbf4e1acda40c0091f802a98e6e11b62f81.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:d07e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; upgrade-insecure-requests; font-src 'self' https://assets-staging.thatch.ai; img-src 'self' https://assets-staging.thatch.ai https: data:; object-src 'none'; script-src 'self' https://assets-staging.thatch.ai https://api.mapbox.com https://js.stripe.com/v3/ https://*.googletagmanager.com https://connect.facebook.net https://serverside.thatch.ai 'strict-dynamic' 'report-sample' 'nonce-WGT/8rqIMX+nnOVmV2OVcA=='; frame-src https://js.stripe.com/v3/ https://www.loom.com https://thatch.ai/; style-src 'self' https://assets-staging.thatch.ai https://app-static-prod.posthog.com https://api.mapbox.com 'unsafe-inline' 'report-sample'; connect-src 'self' https://assets-staging.thatch.ai https://appsignal-endpoint.net https://ph.thatch.ai https://app.posthog.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.mapbox.com https://events.mapbox.com https://application-form.sh https://application-form.co https://sgmt-api.thatch.ai https://sgmt-cdn.thatch.ai https://serverside.thatch.ai; base-uri 'none'; form-action 'self' https://billing.stripe.com https://application-form.sh https://application-form.co; frame-ancestors https://thatch.ai; report-uri /csp_reports
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer
https://app-staging.thatchcloud.com/login

Response headers

x-request-id
57a429e1-c9c7-4347-a2d5-b52bd72862a2
content-encoding
zstd
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cZyfEZTA89kRxdFZu6VfMNGrA7jrhhJc1QuXwn7rD7hTqf08UsuNFCnigrKYYaIAJLTgVjInROCBh%2FM9ss7DBcYGVUaaIeW4aeLgGQaxnKzuFM6xosIRvVBwkNs3Ws4rWThrJk1Dus61KF%2F%2B4redS7zDPrnKaZgKONA%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
rndr-id
4dbc0526-a9e0-4381
x-render-origin-server
Render
date
Mon, 14 Oct 2024 17:17:12 GMT
content-type
text/html
vary
Accept-Encoding
feature-policy
camera 'none'; gyroscope 'none'; microphone 'none'; usb 'none'; fullscreen 'self'; payment 'none'
x-runtime
0.009946
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubDomains
content-security-policy
default-src 'none'; upgrade-insecure-requests; font-src 'self' https://assets-staging.thatch.ai; img-src 'self' https://assets-staging.thatch.ai https: data:; object-src 'none'; script-src 'self' https://assets-staging.thatch.ai https://api.mapbox.com https://js.stripe.com/v3/ https://*.googletagmanager.com https://connect.facebook.net https://serverside.thatch.ai 'strict-dynamic' 'report-sample' 'nonce-WGT/8rqIMX+nnOVmV2OVcA=='; frame-src https://js.stripe.com/v3/ https://www.loom.com https://thatch.ai/; style-src 'self' https://assets-staging.thatch.ai https://app-static-prod.posthog.com https://api.mapbox.com 'unsafe-inline' 'report-sample'; connect-src 'self' https://assets-staging.thatch.ai https://appsignal-endpoint.net https://ph.thatch.ai https://app.posthog.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.mapbox.com https://events.mapbox.com https://application-form.sh https://application-form.co https://sgmt-api.thatch.ai https://sgmt-cdn.thatch.ai https://serverside.thatch.ai; base-uri 'none'; form-action 'self' https://billing.stripe.com https://application-form.sh https://application-form.co; frame-ancestors https://thatch.ai; report-uri /csp_reports
cache-control
no-cache
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d2938b579e40f87-EWR
x-xss-protection
0
server
cloudflare
/
ph.thatch.ai/decide/ 		502 B
960 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ph.thatch.ai/decide/?v=3&ip=1&_=1728926231942&ver=1.166.1&compression=base64
Requested by
Host: assets-staging.thatch.ai
URL: https://assets-staging.thatch.ai/assets/application-dbaa0501ff75a4f592017e1a8f22efbf4e1acda40c0091f802a98e6e11b62f81.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2015:a200:9:e28b:3980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fcab2cb309663ccecacee87ac5282424026713d8ef6575a1998a9c760ec74ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://app-staging.thatchcloud.com/

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
x-cache
Miss from cloudfront
x-amz-cf-id
56NAb-1QNOxiBreoMonQLJic8ILBz3tSCxDp-m14r60P0VUqLj2vZg==
date
Mon, 14 Oct 2024 17:17:12 GMT
content-type
application/json
vary
Accept-Encoding
access-control-allow-headers
X-Requested-With,Content-Type
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cross-origin-opener-policy
same-origin
x-envoy-upstream-service-time
8
access-control-allow-credentials
true
referrer-policy
same-origin
via
1.1 0c9c133650294ca2485db2f5e74b2d10.cloudfront.net (CloudFront)
cf-ray
8d2938b6eb578275-IAD
access-control-allow-origin
https://app-staging.thatchcloud.com
x-xss-protection
1; mode=block
x-amz-cf-pop
IAD66-C1
server
cloudflare
truncated
/ 		38 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/webp
settings
sgmt-cdn.thatch.ai/v1/projects/YbEHGMWH50dXNEqS4yiifhmk7tHCx8ni/ 		618 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sgmt-cdn.thatch.ai/v1/projects/YbEHGMWH50dXNEqS4yiifhmk7tHCx8ni/settings
Requested by
Host: assets-staging.thatch.ai
URL: https://assets-staging.thatch.ai/assets/application-dbaa0501ff75a4f592017e1a8f22efbf4e1acda40c0091f802a98e6e11b62f81.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2509:9600:1e:31eb:9f80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b0bab04910bf6ab7b0a06b5eb4b92ef74824f2f2d17ea6adcf3fd49fd9df6530
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app-staging.thatchcloud.com/

Response headers

access-control-max-age
3000
x-amz-version-id
B_JT.DaVrbtelCMeQXN8feA3QJQOsLZB
etag
"685e3865a8e975f8f56a3d73831f76dc"
age
3717
access-control-allow-methods
GET, HEAD
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
W69GkfN43B01pMA7GGHzdIifk9o0GrU8DC8VsepUs6Eh7MnzehMm6Q==
date
Mon, 14 Oct 2024 16:15:15 GMT
content-type
application/json; charset=utf-8
last-modified
Thu, 25 Jul 2024 17:50:57 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
x-amz-replication-status
COMPLETED
cache-control
public, max-age=10800
referrer-policy
strict-origin-when-cross-origin
via
1.1 72b77c557ac4c265c32d99bdef4e9d6a.cloudfront.net (CloudFront), 1.1 39cace2136102a575c38c82525d3b770.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
618
x-xss-protection
1; mode=block
x-amz-cf-pop
IAD79-C3, IAD12-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
/
ph.thatch.ai/e/ 		13 B
692 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ph.thatch.ai/e/?ip=1&_=1728926231988&ver=1.166.1&compression=gzip-js
Requested by
Host: assets-staging.thatch.ai
URL: https://assets-staging.thatch.ai/assets/application-dbaa0501ff75a4f592017e1a8f22efbf4e1acda40c0091f802a98e6e11b62f81.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2015:a200:9:e28b:3980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://app-staging.thatchcloud.com/

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
x-cache
Miss from cloudfront
x-amz-cf-id
fCZSxKyoDYPghdj8l5ZBR09BHSynT-fSy8z8LA8wxaejM403CZ2R9g==
date
Mon, 14 Oct 2024 17:17:12 GMT
content-type
application/json
vary
Accept-Encoding
access-control-allow-headers
X-Requested-With,Content-Type
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cross-origin-opener-policy
same-origin
x-envoy-upstream-service-time
6
access-control-allow-credentials
true
referrer-policy
same-origin
via
1.1 0c9c133650294ca2485db2f5e74b2d10.cloudfront.net (CloudFront)
cf-ray
8d2938b6eff3826c-IAD
access-control-allow-origin
https://app-staging.thatchcloud.com
x-xss-protection
1; mode=block
x-amz-cf-pop
IAD66-C1
server
cloudflare
logo-staging-3f0f09277d6304bf0d19c4990b29ae015f4378c107c91b4e4db483863e5499ac.svg
assets-staging.thatch.ai/assets/ 		1 KB
919 B 		Other
General
Check archive.org
Download Go to
Full URL
https://assets-staging.thatch.ai/assets/logo-staging-3f0f09277d6304bf0d19c4990b29ae015f4378c107c91b4e4db483863e5499ac.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:2616:a600:12:f7d9:800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
500aff9ca2f11c6a39a9649dfd0f86eee5463db4ec48080c209268e74981582c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://app-staging.thatchcloud.com/

Response headers

content-encoding
gzip
etag
W/"4b2413244b4950c925e9f09f242cb07b"
age
2655036
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
KGPjgiBAGa0zo_sq9plTbipKYaHksCnav4bjk4aB90qHA24njT1RIQ==
date
Fri, 13 Sep 2024 23:46:37 GMT
content-type
image/svg+xml
vary
Accept-Encoding, Origin
last-modified
Fri, 13 Sep 2024 23:20:07 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 9a6a29f33061b144abde8efb3690cd5e.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
ORD56-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
p
sgmt-api.thatch.ai/v1/ 		21 B
447 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sgmt-api.thatch.ai/v1/p
Requested by
Host: assets-staging.thatch.ai
URL: https://assets-staging.thatch.ai/assets/application-dbaa0501ff75a4f592017e1a8f22efbf4e1acda40c0091f802a98e6e11b62f81.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:201e:a000:12:25f5:a800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://app-staging.thatchcloud.com/

Response headers

strict-transport-security
max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 368146333bf1a1071e8432a7d4e41e1a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
access-control-allow-origin
https://app-staging.thatchcloud.com
x-cache
Miss from cloudfront
content-length
21
x-amz-cf-id
ElaV_YgOW61pGTLxLWrSNCzMG82OP8ypGPHOWn-uM85cQuM7OOFDyw==
date
Mon, 14 Oct 2024 17:17:13 GMT
x-xss-protection
1; mode=block
content-type
application/json
vary
Origin
x-amz-cf-pop
IAD89-C3
x-frame-options
SAMEORIGIN

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
app-staging.thatchcloud.com
URL
https://app-staging.thatchcloud.com/cdn-cgi/speculation

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Stimulus function| MapboxSearchListbox function| MapboxAddressConfirmation function| MapboxAddressConfirmationFeature function| MapboxAddressConfirmationNoFeature function| MapboxAddressAutofill function| MapboxSearchBox function| MapboxGeocoder function| MapboxAddressMinimap object| Turbo function| Suggestions function| Inputmask object| __PosthogExtensions__ object| Trix object| __SEGMENT_INSPECTOR__ object| __core-js_shared__ object| posthog object| segment

5 Cookies

Domain/Path Name / Value
app-staging.thatchcloud.com/ Name: ahoy_visitor
Value: d714250b-dac0-4945-a49b-8fd8b89df27d
app-staging.thatchcloud.com/ Name: ahoy_visit
Value: 92d5ca38-638d-4078-8570-0c71a435a9c7
.thatchcloud.com/ Name: ph_phc_lZ8krRDL9RPIBO86DJhecfzYpTY5fKTn06T90S19z0D_posthog
Value: %7B%22distinct_id%22%3A%2201928c08-ad90-744e-abea-b1f26da725b6%22%2C%22%24sesid%22%3A%5B1728926231983%2C%2201928c08-adaf-7b8b-896e-1a70f01ffcc0%22%2C1728926231983%5D%7D
app-staging.thatchcloud.com/ Name: _thatch_session
Value: PhY9kvnn7JjKKZgqPFYlSiX%2BRZj2sanviIU9HFr1T872boIMWqAbxnaOp8SaAWy7QmymfvThC4MzvPEatxl30JGbTcY3y4x3H5NGYOyYIvVfGmvVxUg%2FyNEoy00dcXIbanG7Ps85ginvHQETj5m6DsB12xAXJQ4ylUg8Q5dWrfdj9C%2FcjP2FaO1BI3BYu6LERIx2WXIEnFvHF8RuY5Gh5OHUYMyJsoKHJ1oEEOmXOd2pG5tMtoaTD1%2Bm8DJY0OjFfxVxpw3Scq6h5xuGrXFuHOvcWIMR5j4C961%2F9RO4ZAVxxZcl8yOXYJVZ0ThFnKrD3%2BgW--pdeyQVSxalCFmz2K--4cgEQ9hr5j%2FPFTlKNt0ZzA%3D%3D
.thatchcloud.com/ Name: ajs_anonymous_id
Value: 2767fb15-e5ef-4b2f-831a-259d025e25ee

2 Console Messages

Source Level URL
Text
security error URL: https://app-staging.thatchcloud.com/login
Message:
Refused to load the script 'https://app-staging.thatchcloud.com/cdn-cgi/speculation' because it violates the following Content Security Policy directive: "script-src 'self' https://assets-staging.thatch.ai https://api.mapbox.com https://js.stripe.com/v3/ https://*.googletagmanager.com https://connect.facebook.net https://serverside.thatch.ai 'strict-dynamic' 'report-sample' 'nonce-Ql4UL8lCR75G9Tut+6VG2A=='". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled.
other warning URL: https://app-staging.thatchcloud.com/login
Message:
Load failed or canceled (net::ERR_ABORTED) for rule set requested from "https://app-staging.thatchcloud.com/cdn-cgi/speculation" found in Speculation-Rules header.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; upgrade-insecure-requests; font-src 'self' https://assets-staging.thatch.ai; img-src 'self' https://assets-staging.thatch.ai https: data:; object-src 'none'; script-src 'self' https://assets-staging.thatch.ai https://api.mapbox.com https://js.stripe.com/v3/ https://*.googletagmanager.com https://connect.facebook.net https://serverside.thatch.ai 'strict-dynamic' 'report-sample' 'nonce-Ql4UL8lCR75G9Tut+6VG2A=='; frame-src https://js.stripe.com/v3/ https://www.loom.com https://thatch.ai/; style-src 'self' https://assets-staging.thatch.ai https://app-static-prod.posthog.com https://api.mapbox.com 'unsafe-inline' 'report-sample'; connect-src 'self' https://assets-staging.thatch.ai https://appsignal-endpoint.net https://ph.thatch.ai https://app.posthog.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api.mapbox.com https://events.mapbox.com https://application-form.sh https://application-form.co https://sgmt-api.thatch.ai https://sgmt-cdn.thatch.ai https://serverside.thatch.ai; base-uri 'none'; form-action 'self' https://billing.stripe.com https://application-form.sh https://application-form.co; frame-ancestors https://thatch.ai; report-uri /csp_reports
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.mapbox.com
app-staging.thatchcloud.com
assets-staging.thatch.ai
ph.thatch.ai
sgmt-api.thatch.ai
sgmt-cdn.thatch.ai
app-staging.thatchcloud.com
18.165.83.21
2600:9000:2015:a200:9:e28b:3980:93a1
2600:9000:201e:a000:12:25f5:a800:93a1
2600:9000:2509:9600:1e:31eb:9f80:93a1
2600:9000:2616:a600:12:f7d9:800:93a1
2606:4700:3037::ac43:d07e
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9
0eb224ab7bf7f9524dfe6dcf688721229d8c296630c529a475796e0ae8364b42
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
332cefed198e47cd2651db0e5917fb04573e45348c5c6fc96837abd17a5f7260
3fcc4808183b9a3c83be22a8a106c6d387a61a7136f74aa77641daaf817afa49
4fcab2cb309663ccecacee87ac5282424026713d8ef6575a1998a9c760ec74ba
500aff9ca2f11c6a39a9649dfd0f86eee5463db4ec48080c209268e74981582c
5156501c82759bb0891d4a37c4eb6bce023623d762572a946c56a17d8ae37bd8
5a5a19010fece3dae9d9630d72b151e09042351c6b2acaab2f65d7f88e458018
71ceb9cf97252895d90dad047a387da8fca678c968231266c03cce55d7a552d9
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
b0202b9239e40cdb7c5293cee25be3fa539c922eb1ab1ce4d58efb736195af9c
b0bab04910bf6ab7b0a06b5eb4b92ef74824f2f2d17ea6adcf3fd49fd9df6530
cf2d07b0a7181ad1d80439432c6aee2fc500331962cc27cafa4a67e8d00e7fef
d57186c9caf6817c10dc5e1d1a48acd510cb96404d21957f17419c6ace4d552f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fb2b10733ab46531a8070e83b051a2fd1008a104ec3b829d8cf5cd46aade265f