app.bonumcoaching.com Open in urlscan Pro
76.76.21.142  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 6467a7d87e0f1308a96690cb Show response app.bonumcoaching.com/evaluation360/	868 B 1 KB	105ms 28ms	Document text/html	76.76.21.142 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.bonumcoaching.com/evaluation360/6467a7d87e0f1308a96690cb Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 76.76.21.142 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash b5e19e6651a32dbdce68c8e6f399501c06fda73d9c474c3d531f6a238cb40288 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * age 473285 cache-control s-maxage=0 content-disposition inline; filename="index.html" content-length 868 content-type text/html; charset=utf-8 date Wed, 19 Jul 2023 03:08:36 GMT etag "0839464420c8da4a934a1edaaae43dc2" server Vercel strict-transport-security max-age=63072000 x-vercel-cache HIT x-vercel-id fra1::4z4fr-1689736116162-f14c8e41efdb
GET H2	200	main.51af39b8.js Show response app.bonumcoaching.com/static/js/	4 MB 1 MB	28ms 28ms	Script application/javascript	76.76.21.142 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.bonumcoaching.com/static/js/main.51af39b8.js Requested by Host: app.bonumcoaching.com URL: https://app.bonumcoaching.com/evaluation360/6467a7d87e0f1308a96690cb Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 76.76.21.142 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash 794367e5de7c3485594fec2992fee764e1f4d79b242dac69bdb1aeef57a26e1e Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers accept-language de-DE,de;q=0.9 Referer https://app.bonumcoaching.com/evaluation360/6467a7d87e0f1308a96690cb User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 19 Jul 2023 03:08:36 GMT content-encoding br strict-transport-security max-age=63072000 server Vercel x-vercel-id fra1::4z4fr-1689736116196-3eba5850a035 age 394765 etag W/"f529e12f8b859fd4a5a83776095c93b4" x-vercel-cache HIT content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control s-maxage=31536000, immutable content-disposition inline; filename="main.51af39b8.js"
GET H2	200	main.6057c5e5.css app.bonumcoaching.com/static/css/	760 KB 115 KB	120ms 120ms	Stylesheet text/css	76.76.21.142 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.bonumcoaching.com/static/css/main.6057c5e5.css Requested by Host: app.bonumcoaching.com URL: https://app.bonumcoaching.com/evaluation360/6467a7d87e0f1308a96690cb Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 76.76.21.142 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash 3568a02c129683b79636e8e4b96f76883e7f66c0069c9b1955174ae17091f9e7 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers accept-language de-DE,de;q=0.9 Referer https://app.bonumcoaching.com/evaluation360/6467a7d87e0f1308a96690cb User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 19 Jul 2023 03:08:36 GMT content-encoding br strict-transport-security max-age=63072000 server Vercel x-vercel-id fra1::2z6b9-1689736116200-b991f3968cdb age 394766 etag W/"3eecc630a093785431b775a27dbb2bd8" x-vercel-cache HIT content-type text/css; charset=utf-8 access-control-allow-origin * cache-control s-maxage=31536000, immutable content-disposition inline; filename="main.6057c5e5.css"
GET H2	200	OneSignalSDK.js Show response cdn.onesignal.com/sdks/	9 KB 3 KB	93ms 39ms	Script application/javascript	2606:4700::6812:d63b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.onesignal.com/sdks/OneSignalSDK.js Requested by Host: app.bonumcoaching.com URL: https://app.bonumcoaching.com/static/js/main.51af39b8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 22a799158fe74ae3e802bb4708fa9b5888b3553ca8296ae1f4a23799a006d1ba Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://app.bonumcoaching.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 19 Jul 2023 03:08:37 GMT via 1.1 google content-encoding br cf-cache-status HIT server cloudflare strict-transport-security max-age=15552000; includeSubDomains age 1117 etag W/"841a8834d1e8a6a8a6de9933a13d2b34" vary Accept-Encoding content-type application/javascript cache-control public, max-age=259200 cf-ray 7e8fc2cc1f3e4d8b-FRA access-control-allow-headers OneSignal-Subscription-Id alt-svc h3=":443"; ma=86400 expires Sat, 22 Jul 2023 03:08:37 GMT
GET DATA	200 OK	truncated /	8 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5dcd9301f16cb50ecd88dae749b136703ab8d1c251158e881ed02a8cff20bce3 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	7 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 355ac5a2bd4df3b67a8650724e14ce3e7d1005e8d73695e9e768bcd64719b049 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/png
GET H2	200	6467a7d87e0f1308a96690cb Show response api.bonumcoaching.com/evaluations/api/evaluation360/	25 KB 6 KB	742ms 499ms	XHR application/json	34.226.22.184 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.bonumcoaching.com/evaluations/api/evaluation360/6467a7d87e0f1308a96690cb Requested by Host: app.bonumcoaching.com URL: https://app.bonumcoaching.com/static/js/main.51af39b8.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.226.22.184 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-226-22-184.compute-1.amazonaws.com Software / Resource Hash e831f0f3c2cbd2d03628c239c09a637e9062dc66951fb5095fedfaf09dac7326 Security Headers Name Value Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept application/json, text/plain, */* Referer https://app.bonumcoaching.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 19 Jul 2023 03:08:37 GMT content-security-policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests x-content-type-options nosniff strict-transport-security max-age=15552000; includeSubDomains content-encoding gzip x-permitted-cross-domain-policies none cross-origin-embedder-policy require-corp x-dns-prefetch-control off cross-origin-resource-policy same-origin x-xss-protection 0 referrer-policy no-referrer cross-origin-opener-policy same-origin etag W/"6443-aruKuX6iAuKKyfZvzxEvoqx/Mas" expect-ct max-age=0 x-frame-options SAMEORIGIN vary Accept-Encoding content-type application/json; charset=utf-8 access-control-allow-origin * origin-agent-cluster ?1 x-download-options noopen access-control-allow-credentials true
GET H2	200	OneSignalPageSDKES6.js Show response cdn.onesignal.com/sdks/	284 KB 68 KB	42ms 42ms	Script application/javascript	2606:4700::6812:d63b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151603 Requested by Host: cdn.onesignal.com URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c0eda55ec47640c00aa84096fabdb63c66f5e456f7b141e1ba1d153c2b6ebceb Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://app.bonumcoaching.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 19 Jul 2023 03:08:37 GMT via 1.1 google content-encoding br cf-cache-status HIT server cloudflare strict-transport-security max-age=15552000; includeSubDomains age 1111 etag W/"22f7e3545bf8cba3cac43d34db3357ed" vary Accept-Encoding content-type application/javascript cache-control public, max-age=259200 cf-ray 7e8fc2cc5f674d8b-FRA access-control-allow-headers OneSignal-Subscription-Id alt-svc h3=":443"; ma=86400 expires Sat, 22 Jul 2023 03:08:37 GMT
GET H2	200	web Show response onesignal.com/api/v1/sync/4793513b-dcbf-4e2e-b473-d7c74025bc50/	5 KB 2 KB	82ms 80ms	Script text/javascript	2606:4700::6812:d63b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://onesignal.com/api/v1/sync/4793513b-dcbf-4e2e-b473-d7c74025bc50/web?callback=__jp0 Requested by Host: cdn.onesignal.com URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151603 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 231317897cd341edcdf0a16745e2b4ad4b9ed7d69af598bd4bf5d4fa51c5d4c4 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.bonumcoaching.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 19 Jul 2023 03:08:37 GMT via 1.1 google x-content-type-options nosniff cf-cache-status MISS content-encoding br x-permitted-cross-domain-policies none strict-transport-security max-age=15552000; includeSubDomains alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block x-request-id 5b410f19-1e31-4b32-b2a0-548a8d1039ab x-runtime 0.034789 referrer-policy strict-origin-when-cross-origin server cloudflare etag W/"231317897cd341edcdf0a16745e2b4ad" x-download-options noopen vary Origin, Accept-Encoding x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=3600 cf-ray 7e8fc2ccefb14d8b-FRA access-control-allow-headers SDK-Version expires Wed, 19 Jul 2023 04:08:37 GMT
GET H3	200	OneSignalSDKStyles.css onesignal.com/sdks/	82 KB 9 KB	38ms 38ms	Stylesheet text/css	2606:4700::6812:d63b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2 Requested by Host: cdn.onesignal.com URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151603 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://app.bonumcoaching.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 19 Jul 2023 03:08:40 GMT via 1.1 google content-encoding br cf-cache-status HIT server cloudflare strict-transport-security max-age=15552000; includeSubDomains age 1112 etag W/"4e9aaefffd5f8ae7dc83361aa2294190" vary Accept-Encoding content-type text/css cache-control public, max-age=2592000 cf-ray 7e8fc2e05be5901e-FRA access-control-allow-headers OneSignal-Subscription-Id alt-svc h3=":443"; ma=86400 expires Fri, 18 Aug 2023 03:08:40 GMT
GET H3	200	icon Show response onesignal.com/api/v1/apps/4793513b-dcbf-4e2e-b473-d7c74025bc50/	184 B 753 B	84ms 58ms	Fetch application/json	2606:4700::6812:d73b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://onesignal.com/api/v1/apps/4793513b-dcbf-4e2e-b473-d7c74025bc50/icon Requested by Host: cdn.onesignal.com URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151603 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5283feb3c31c3a336ad0cb3ec6d27385cebff456e450486021fad3080372340f Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.bonumcoaching.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Wed, 19 Jul 2023 03:08:40 GMT via 1.1 google x-content-type-options nosniff cf-cache-status MISS content-encoding br x-permitted-cross-domain-policies none strict-transport-security max-age=15552000; includeSubDomains alt-svc h3=":443"; ma=86400 x-xss-protection 1; mode=block x-request-id fac96b2f-4d84-4ae6-9eae-2d6f6105bbe0 x-runtime 0.013655 referrer-policy strict-origin-when-cross-origin server cloudflare etag W/"5283feb3c31c3a336ad0cb3ec6d27385" x-download-options noopen x-frame-options SAMEORIGIN vary Accept, Origin, Accept-Encoding content-type application/json; charset=utf-8 access-control-allow-origin * cache-control max-age=0, private, must-revalidate cf-ray 7e8fc2e0ee039177-FRA access-control-allow-headers SDK-Version
GET H2	200	bcbc876b-84e2-4381-9919-85b296bf8c8a img.onesignal.com/permanent/	9 KB 10 KB	104ms 87ms	Image application/octet-stream	2606:4700::6812:d63b CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://img.onesignal.com/permanent/bcbc876b-84e2-4381-9919-85b296bf8c8a Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1df716e1fd9fa9cc1e50bd3cc6504b2bdfb4f5d6c661f270f862f4aeb31e7be2 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://app.bonumcoaching.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers x-goog-encryption-kms-key-name projects/core-infra-onesignal/locations/europe-west4/keyRings/keyring-kms-onesignal/cryptoKeys/img-persistence-bucket-onesignal/cryptoKeyVersions/1 date Wed, 19 Jul 2023 03:08:40 GMT strict-transport-security max-age=15552000; includeSubDomains cf-cache-status MISS x-guploader-uploadid ADPycduZjq6Pz79niVwclK1UlHfq4_g2xHyWimQ1W6sJJIliLjTjn3c_MV880laSlYaP_dreYxxkRwKW3azS0KY3xXgzi2npVUkk x-goog-meta-x-goog-source-etag "3d4b5377359bfb0061d461a46eeb83ee" x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=86400 content-length 9315 pragma no-cache last-modified Tue, 14 Feb 2023 03:54:32 GMT server cloudflare etag "-CI+Nzt6OlP0CEAE=" vary Origin, Accept-Encoding x-goog-generation 1676346872006287 content-type application/octet-stream x-goog-hash crc32c=7mssWg==, md5=PUtTdzWb+wBh1GGkbuuD7g== cache-control public, max-age=2678400 x-goog-meta-cache-control public, maxage=604800 x-goog-stored-content-length 9315 accept-ranges bytes cf-ray 7e8fc2e16e054d8b-FRA expires Sat, 19 Aug 2023 03:08:40 GMT

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| _ object| FontAwesomeConfig object| ___FONT_AWESOME___ function| setImmediate function| clearImmediate number| 2f1acc6c3a606b082e5eef5e54414ffb function| OneSignal number| __oneSignalSdkLoadCount function| __jp0

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.onesignal.com/	1970-01-20 13:22:17	Name: __cf_bm Value: 7qtDKEdleLPPgUgckFpkO22GvkZgeoh_bkp.FIohW5s-1689736117-0-AQYsBsEV1TSVb431iiSsDzbQD/UVG12XkGV+9l479Vot0qrY6cao3x5Buwr1tCdyEpPts5ATN3qWeORzqSaGvMk=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.bonumcoaching.com
app.bonumcoaching.com
cdn.onesignal.com
img.onesignal.com
onesignal.com
2606:4700::6812:d63b
2606:4700::6812:d73b
34.226.22.184
76.76.21.142
1df716e1fd9fa9cc1e50bd3cc6504b2bdfb4f5d6c661f270f862f4aeb31e7be2
22a799158fe74ae3e802bb4708fa9b5888b3553ca8296ae1f4a23799a006d1ba
231317897cd341edcdf0a16745e2b4ad4b9ed7d69af598bd4bf5d4fa51c5d4c4
355ac5a2bd4df3b67a8650724e14ce3e7d1005e8d73695e9e768bcd64719b049
3568a02c129683b79636e8e4b96f76883e7f66c0069c9b1955174ae17091f9e7
5283feb3c31c3a336ad0cb3ec6d27385cebff456e450486021fad3080372340f
5dcd9301f16cb50ecd88dae749b136703ab8d1c251158e881ed02a8cff20bce3
794367e5de7c3485594fec2992fee764e1f4d79b242dac69bdb1aeef57a26e1e
b5e19e6651a32dbdce68c8e6f399501c06fda73d9c474c3d531f6a238cb40288
c0eda55ec47640c00aa84096fabdb63c66f5e456f7b141e1ba1d153c2b6ebceb
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
e831f0f3c2cbd2d03628c239c09a637e9062dc66951fb5095fedfaf09dac7326