urlscan.io logo urlscan.io
SecurityTrails logo

app.fuul.xyz Open in urlscan Pro
76.76.21.93  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://app.fuul.xyz/
Effective URL: https://app.fuul.xyz/auth/login
Submission: On September 27 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 28 HTTP transactions. The main IP is 76.76.21.93, located in Charlotte, United States and belongs to AMAZON-02, US. The main domain is app.fuul.xyz.
TLS certificate: Issued by R3 on September 18th 2023. Valid for: 3 months.
This is the only time app.fuul.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 13 76.76.21.93 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
8 2600:9000:249... 16509 (AMAZON-02)
2 18.239.83.25 16509 (AMAZON-02)
1 18.239.83.26 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
28 7
13    76.76.21.93 (Charlotte, United States)

ASN16509 (AMAZON-02, US)
app.fuul.xyz
2    2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
8    2600:9000:2490:a200:1c:d308:7ac0:93a1 (United States)

ASN16509 (AMAZON-02, US)
app.dynamicauth.com
2    18.239.83.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-83-25.ams58.r.cloudfront.net
dynamic-static-assets.com
1    18.239.83.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-83-26.ams58.r.cloudfront.net
iconic.dynamic-static-assets.com
1    2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
Apex Domain
Subdomains		 Transfer
13 fuul.xyz
app.fuul.xyz
715 KB
8 dynamicauth.com
app.dynamicauth.com
6 KB
3 dynamic-static-assets.com
dynamic-static-assets.com
iconic.dynamic-static-assets.com
95 KB
3 gstatic.com
fonts.gstatic.com
39 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 113
2 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 558
15 KB
28 6
Domain Requested by
13 app.fuul.xyz 2 redirects app.fuul.xyz
8 app.dynamicauth.com app.fuul.xyz
3 fonts.gstatic.com fonts.googleapis.com
2 dynamic-static-assets.com app.fuul.xyz
2 fonts.googleapis.com app.fuul.xyz
1 cdn.jsdelivr.net
1 iconic.dynamic-static-assets.com app.fuul.xyz
28 7

This site contains no links.

Subject Issuer Validity Valid
app.fuul.xyz
R3		 2023-09-18 -
2023-12-17		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh
app.dynamic.xyz
Amazon RSA 2048 M02		 2023-07-05 -
2024-08-02		 a year crt.sh
dynamic-static-assets.com
Amazon RSA 2048 M02		 2023-02-10 -
2024-03-10		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://app.fuul.xyz/auth/login
Frame ID: 92A9C37FA190BD163238FABEA8674226
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Fuul

Page URL History Show full URLs

  1. http://app.fuul.xyz/ HTTP 308
    https://app.fuul.xyz/ HTTP 307
    https://app.fuul.xyz/auth/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

28
Requests

100 %
HTTPS

57 %
IPv6

6
Domains

7
Subdomains

7
IPs

2
Countries

871 kB
Transfer

2944 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.fuul.xyz/ HTTP 308
    https://app.fuul.xyz/ HTTP 307
    https://app.fuul.xyz/auth/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
app.fuul.xyz/auth/
Redirect Chain
  • http://app.fuul.xyz/
  • https://app.fuul.xyz/
  • https://app.fuul.xyz/auth/login
9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.93 Charlotte, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
ffb496a712cfe808933ce0e37de4bcce0196407c08829216a3c70baf32729aa6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
age
3981
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="login"
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 27 Sep 2023 13:19:11 GMT
etag
W/"55d349a72c89de461d72d3b6588b1c13"
server
Vercel
strict-transport-security
max-age=63072000
x-matched-path
/auth/login
x-vercel-cache
HIT
x-vercel-id
fra1::9d6nx-1695820751918-96dcb4c2d23d

Redirect headers

cache-control
public, max-age=0, must-revalidate
content-type
text/html
date
Wed, 27 Sep 2023 13:19:11 GMT
location
/auth/login
server
Vercel
strict-transport-security
max-age=63072000
x-vercel-cache
MISS
x-vercel-id
fra1::9d6nx-1695820751907-eafb09f96836
css2
fonts.googleapis.com/ 		4 KB
950 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;700&display=swap
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
46f8cce0826f2b934c7ef9af81e9667f64a36dca24ff6782e09b298e79480cbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 27 Sep 2023 13:19:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 27 Sep 2023 12:21:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 27 Sep 2023 13:19:11 GMT
css2
fonts.googleapis.com/ 		9 KB
839 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 27 Sep 2023 13:19:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 27 Sep 2023 12:29:49 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 27 Sep 2023 13:19:11 GMT
7b6e30c3a0210948.css
app.fuul.xyz/_next/static/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.fuul.xyz/_next/static/css/7b6e30c3a0210948.css
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.93 Charlotte, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
67f3fa5a360093b5fc8ede98493ab5720e35d50291550bee3172f2ad8a691408
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:12 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::9d6nx-1695820751935-5bbb13532a0c
age
0
x-matched-path
/_next/static/css/7b6e30c3a0210948.css
etag
W/"fe566c2b2dc50a9fd3ba1b46818cb1eb"
x-vercel-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="7b6e30c3a0210948.css"
webpack-11e6a23828215311.js
app.fuul.xyz/_next/static/chunks/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.fuul.xyz/_next/static/chunks/webpack-11e6a23828215311.js
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.93 Charlotte, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
eca0c96b285f66d9acf5edfee69fc0717170fcee65e8965995bd31ccc4efe5d3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:11 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::9h9s6-1695820751938-70c1848f5fc4
age
4156
x-matched-path
/_next/static/chunks/webpack-11e6a23828215311.js
etag
W/"fedbbfd6b0914af8bda2532990cf9b34"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="webpack-11e6a23828215311.js"
framework-1f1fb5c07f2be279.js
app.fuul.xyz/_next/static/chunks/ 		138 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.fuul.xyz/_next/static/chunks/framework-1f1fb5c07f2be279.js
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.93 Charlotte, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
13b25bb108f8024f644b2ed5dbc9a7abd6e95ee689e10910e91da0d654583383
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:12 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::xb9p9-1695820751955-28cc815f43d3
age
0
x-matched-path
/_next/static/chunks/framework-1f1fb5c07f2be279.js
etag
W/"da99253ac978dcdbbc051a9a987ae1b4"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="framework-1f1fb5c07f2be279.js"
main-a6fe9e3439d0af40.js
app.fuul.xyz/_next/static/chunks/ 		99 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.fuul.xyz/_next/static/chunks/main-a6fe9e3439d0af40.js
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.93 Charlotte, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
2c0b68534ced53aab61f3d4df4e60902196cf599e2dba130e1d848f92442b0ea
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:12 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::g8bc9-1695820751941-231b59db2aef
age
0
x-matched-path
/_next/static/chunks/main-a6fe9e3439d0af40.js
etag
W/"de10d25bef2088003cd40e13c728ef39"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="main-a6fe9e3439d0af40.js"
_app-aeac468ed6c0dbf3.js
app.fuul.xyz/_next/static/chunks/pages/ 		2 MB
618 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.fuul.xyz/_next/static/chunks/pages/_app-aeac468ed6c0dbf3.js
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.93 Charlotte, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
b6dbf6e9a63f118c339d316fc52ad9a5620adb3069fc99b64030a68e12884d5e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:11 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::9ptzh-1695820751939-522448913c99
age
16776
x-matched-path
/_next/static/chunks/pages/_app-aeac468ed6c0dbf3.js
etag
W/"7cf5ba12786bd06b2adbbcdc11dcfeff"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="_app-aeac468ed6c0dbf3.js"
login-3a6f2f38d639f01b.js
app.fuul.xyz/_next/static/chunks/pages/auth/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.fuul.xyz/_next/static/chunks/pages/auth/login-3a6f2f38d639f01b.js
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.93 Charlotte, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
a5556345e757389f322affcca04dcdfc21f904b4772c9d463871a000191a6040
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:11 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::xskkl-1695820751939-7ea79ed1db2b
age
3982
x-matched-path
/_next/static/chunks/pages/auth/login-3a6f2f38d639f01b.js
etag
W/"e3c29608dd617ce5732232ef92a044cd"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="login-3a6f2f38d639f01b.js"
_buildManifest.js
app.fuul.xyz/_next/static/LitSmoZ7yWdnSFCWetYiM/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.fuul.xyz/_next/static/LitSmoZ7yWdnSFCWetYiM/_buildManifest.js
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.93 Charlotte, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
a2253cffa17df180c27c7f6a5fdd77c2af52b5827fc04c1e59b7752a2091f892
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:11 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::qrhls-1695820751939-8e175489ca63
age
16776
x-matched-path
/_next/static/LitSmoZ7yWdnSFCWetYiM/_buildManifest.js
etag
W/"c6e861a2104b4095835f30a8a1db16f8"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="_buildManifest.js"
_ssgManifest.js
app.fuul.xyz/_next/static/LitSmoZ7yWdnSFCWetYiM/ 		77 B
250 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.fuul.xyz/_next/static/LitSmoZ7yWdnSFCWetYiM/_ssgManifest.js
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.93 Charlotte, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:11 GMT
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::4wmtg-1695820751939-0d1ae62a4042
age
16776
x-matched-path
/_next/static/LitSmoZ7yWdnSFCWetYiM/_ssgManifest.js
etag
"b6652df95db52feb4daf4eca35380933"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="_ssgManifest.js"
accept-ranges
bytes
content-length
77
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app.fuul.xyz
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Tue, 26 Sep 2023 17:26:14 GMT
x-content-type-options
nosniff
age
71578
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Sep 2024 17:26:14 GMT
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app.fuul.xyz
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 21 Sep 2023 00:08:32 GMT
x-content-type-options
nosniff
age
565840
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7816
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 20 Sep 2024 00:08:32 GMT
fuul-logo-white.svg
app.fuul.xyz/assets/svg/ 		12 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.fuul.xyz/assets/svg/fuul-logo-white.svg
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.93 Charlotte, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
ba6c550e478bcda919a416c9ce274bf6960c1d5d0f8f03cb6c0d52bd20c06e86
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:12 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::9d6nx-1695820752069-9852e34b7d7c
age
3982
x-matched-path
/assets/svg/fuul-logo-white.svg
etag
W/"a758ba2c18a8318a389ecb7c2128554b"
x-vercel-cache
HIT
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="fuul-logo-white.svg"
wallet.svg
app.fuul.xyz/assets/svg/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.fuul.xyz/assets/svg/wallet.svg
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/auth/login
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.93 Charlotte, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
69f55c0af11206f9da17401fa29835b349914b311f4c5760bb400056258a3b7b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/auth/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:12 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::rzr8j-1695820752068-a33e9d243c66
age
3982
x-matched-path
/assets/svg/wallet.svg
etag
W/"c29b968e4bb236968ef82249704f934f"
x-vercel-cache
HIT
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="wallet.svg"
nonce
app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/nonce
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:a200:1c:d308:7ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront / Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-dyn-api-version,x-dyn-version
Access-Control-Request-Method
GET
Origin
https://app.fuul.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-dyn-api-version,x-dyn-version
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://app.fuul.xyz
access-control-max-age
600
content-security-policy-report-only
connect-src api.axept.io api.hubspot.com app.launchdarkly.com client.axept.io events.launchdarkly.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com www.google-analytics.com 'self' clientstream.launchdarkly.com dynamic-static-assets.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com; frame-src app.hubspot.com; img-src 'self' axeptio.imgix.net track.hubspot.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.usemessages.com www.googletagmanager.com js.hs-scripts.com static.axept.io; script-src wasm-eval; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com; worker-src blob:; frame-ancestors 'self'; report-uri https://dynamicxyz.report-uri.com/r/d/csp/wizard; report-to default
date
Wed, 27 Sep 2023 13:19:12 GMT
nel
{"report_to":"default","max_age":31536000,"include_subdomains":true}
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://dynamicxyz.report-uri.com/a/d/g"}],"include_subdomains":true}
server
CloudFront
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Origin, Access-Control-Request-Headers
via
1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-id
cM6jVV3d8advYDVyaI1YYAnd1hrHs2lDdAvxlI3XgG-TH47o7pE39A==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-powered-by
Express
x-xss-protection
1; mode=block
sdkSettings
app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/sdkSettings
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:a200:1c:d308:7ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront / Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-dyn-api-version,x-dyn-version
Access-Control-Request-Method
POST
Origin
https://app.fuul.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-dyn-api-version,x-dyn-version
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://app.fuul.xyz
access-control-max-age
600
content-security-policy-report-only
connect-src api.axept.io api.hubspot.com app.launchdarkly.com client.axept.io events.launchdarkly.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com www.google-analytics.com 'self' clientstream.launchdarkly.com dynamic-static-assets.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com; frame-src app.hubspot.com; img-src 'self' axeptio.imgix.net track.hubspot.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.usemessages.com www.googletagmanager.com js.hs-scripts.com static.axept.io; script-src wasm-eval; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com; worker-src blob:; frame-ancestors 'self'; report-uri https://dynamicxyz.report-uri.com/r/d/csp/wizard; report-to default
date
Wed, 27 Sep 2023 13:19:12 GMT
nel
{"report_to":"default","max_age":31536000,"include_subdomains":true}
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://dynamicxyz.report-uri.com/a/d/g"}],"include_subdomains":true}
server
CloudFront
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Origin, Access-Control-Request-Headers
via
1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-id
E9mJngGf-taxRMduDYHvbapNf3sc1oKOgfhvdYCSdn-pNd7y_2iC0g==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-powered-by
Express
x-xss-protection
1; mode=block
settings
app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/settings
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:a200:1c:d308:7ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront / Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-dyn-api-version,x-dyn-version
Access-Control-Request-Method
GET
Origin
https://app.fuul.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-dyn-api-version,x-dyn-version
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://app.fuul.xyz
access-control-max-age
600
content-security-policy-report-only
connect-src api.axept.io api.hubspot.com app.launchdarkly.com client.axept.io events.launchdarkly.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com www.google-analytics.com 'self' clientstream.launchdarkly.com dynamic-static-assets.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com; frame-src app.hubspot.com; img-src 'self' axeptio.imgix.net track.hubspot.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.usemessages.com www.googletagmanager.com js.hs-scripts.com static.axept.io; script-src wasm-eval; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com; worker-src blob:; frame-ancestors 'self'; report-uri https://dynamicxyz.report-uri.com/r/d/csp/wizard; report-to default
date
Wed, 27 Sep 2023 13:19:12 GMT
nel
{"report_to":"default","max_age":31536000,"include_subdomains":true}
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://dynamicxyz.report-uri.com/a/d/g"}],"include_subdomains":true}
server
CloudFront
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Origin, Access-Control-Request-Headers
via
1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-id
EHxeZHpcncvb5QtAK1kW-DydVY01Q3oCX0hU9PmNpClFe3vb5_GJNA==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-powered-by
Express
x-xss-protection
1; mode=block
networks
app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/networks
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:a200:1c:d308:7ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront / Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-dyn-api-version,x-dyn-version
Access-Control-Request-Method
GET
Origin
https://app.fuul.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-dyn-api-version,x-dyn-version
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://app.fuul.xyz
access-control-max-age
600
content-security-policy-report-only
connect-src api.axept.io api.hubspot.com app.launchdarkly.com client.axept.io events.launchdarkly.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com www.google-analytics.com 'self' clientstream.launchdarkly.com dynamic-static-assets.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com; frame-src app.hubspot.com; img-src 'self' axeptio.imgix.net track.hubspot.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.usemessages.com www.googletagmanager.com js.hs-scripts.com static.axept.io; script-src wasm-eval; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com; worker-src blob:; frame-ancestors 'self'; report-uri https://dynamicxyz.report-uri.com/r/d/csp/wizard; report-to default
date
Wed, 27 Sep 2023 13:19:12 GMT
nel
{"report_to":"default","max_age":31536000,"include_subdomains":true}
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://dynamicxyz.report-uri.com/a/d/g"}],"include_subdomains":true}
server
CloudFront
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Origin, Access-Control-Request-Headers
via
1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-id
A0PlAdB08r0LMUfLP3lBFEJKs41qTBGKsHGPuWFXv2LXTxoi7hMnsw==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-powered-by
Express
x-xss-protection
1; mode=block
nonce
app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/ 		44 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/nonce
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/_next/static/chunks/pages/_app-aeac468ed6c0dbf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:a200:1c:d308:7ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront / Express
Resource Hash
d8116917a09c03bee76b238cb9f2bd9d9b3113a0341f9ecffbf18f3f2e103774
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-dyn-api-version
API/0.0.270
Referer
https://app.fuul.xyz/
accept-language
de-DE,de;q=0.9
x-dyn-version
WalletKit/0.18.100-viem.17
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 27 Sep 2023 13:19:13 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
nel
{"report_to":"default","max_age":31536000,"include_subdomains":true}
via
1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
x-powered-by
Express
content-security-policy-report-only
connect-src api.axept.io api.hubspot.com app.launchdarkly.com client.axept.io events.launchdarkly.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com www.google-analytics.com 'self' clientstream.launchdarkly.com dynamic-static-assets.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com; frame-src app.hubspot.com; img-src 'self' axeptio.imgix.net track.hubspot.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.usemessages.com www.googletagmanager.com js.hs-scripts.com static.axept.io; script-src wasm-eval; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com; worker-src blob:; frame-ancestors 'self'; report-uri https://dynamicxyz.report-uri.com/r/d/csp/wizard; report-to default
x-cache
Miss from cloudfront
content-length
44
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
CloudFront
etag
W/"2c-EAKqjU7obs8DleQ4VNgPMb0LXeA"
vary
Origin, Accept-Encoding
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.fuul.xyz
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://dynamicxyz.report-uri.com/a/d/g"}],"include_subdomains":true}
x-amz-cf-id
aqXWjMHzaZn1r8rto8I4yJmidXds5W6efyDEYzniTEew5SyS8swXzg==
sdkSettings
app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/sdkSettings
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/_next/static/chunks/pages/_app-aeac468ed6c0dbf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:a200:1c:d308:7ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront / Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-dyn-api-version
API/0.0.270
Referer
https://app.fuul.xyz/
accept-language
de-DE,de;q=0.9
x-dyn-version
WalletKit/0.18.100-viem.17
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 27 Sep 2023 13:19:12 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
nel
{"report_to":"default","max_age":31536000,"include_subdomains":true}
via
1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
x-powered-by
Express
content-security-policy-report-only
connect-src api.axept.io api.hubspot.com app.launchdarkly.com client.axept.io events.launchdarkly.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com www.google-analytics.com 'self' clientstream.launchdarkly.com dynamic-static-assets.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com; frame-src app.hubspot.com; img-src 'self' axeptio.imgix.net track.hubspot.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.usemessages.com www.googletagmanager.com js.hs-scripts.com static.axept.io; script-src wasm-eval; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com; worker-src blob:; frame-ancestors 'self'; report-uri https://dynamicxyz.report-uri.com/r/d/csp/wizard; report-to default
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
CloudFront
x-frame-options
DENY
vary
Origin
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://dynamicxyz.report-uri.com/a/d/g"}],"include_subdomains":true}
access-control-allow-origin
https://app.fuul.xyz
x-amz-cf-id
3IQvsc6t84VQW3vfFYFmlh8PQUCPLJxMMPsoufDqS50iZU2PqETTZA==
settings
app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/ 		5 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/settings
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/_next/static/chunks/pages/_app-aeac468ed6c0dbf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:a200:1c:d308:7ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront / Express
Resource Hash
0379da59d5748d7227785ea7cce55aa5d6cd36fd3c74a6abf8953112e8c89cc7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-dyn-api-version
API/0.0.270
Referer
https://app.fuul.xyz/
accept-language
de-DE,de;q=0.9
x-dyn-version
WalletKit/0.18.100-viem.17
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 27 Sep 2023 13:19:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
nel
{"report_to":"default","max_age":31536000,"include_subdomains":true}
via
1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
x-powered-by
Express
content-security-policy-report-only
connect-src api.axept.io api.hubspot.com app.launchdarkly.com client.axept.io events.launchdarkly.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com www.google-analytics.com 'self' clientstream.launchdarkly.com dynamic-static-assets.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com; frame-src app.hubspot.com; img-src 'self' axeptio.imgix.net track.hubspot.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.usemessages.com www.googletagmanager.com js.hs-scripts.com static.axept.io; script-src wasm-eval; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com; worker-src blob:; frame-ancestors 'self'; report-uri https://dynamicxyz.report-uri.com/r/d/csp/wizard; report-to default
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
CloudFront
etag
W/"1264-GF52ucUBlAdgRWRdqz0FyDIYiIg"
vary
Origin, Accept-Encoding
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.fuul.xyz
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://dynamicxyz.report-uri.com/a/d/g"}],"include_subdomains":true}
x-amz-cf-id
a0_IuLt12F1xj5zuthBXRTMZvlGpSIUIWv5jdKwSMgehVBK7Vpip1A==
wallet-book.json
dynamic-static-assets.com/wallet-book/v1/stable/ 		191 KB
29 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dynamic-static-assets.com/wallet-book/v1/stable/wallet-book.json
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/_next/static/chunks/pages/_app-aeac468ed6c0dbf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.83.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-83-25.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
49018e588b2743874064dd007ad6b4835daf36d12510a3f00e72361a9b4c14a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:13 GMT
content-encoding
br
via
1.1 a44309111e5e1050ff485adaa4681ad0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
AMS58-P5
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 22 Sep 2023 14:49:39 GMT
server
AmazonS3
etag
W/"c7db0a8c29a5cd15b1e121dd98f37c1f"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache,s-maxage=864002592
x-frame-options
SAMEORIGIN
x-amz-cf-id
ubyh_6NMuProm09UbHezfSIW1bTjBp6gdvsMN06FUDl9xqStH78scw==
networks
app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://app.dynamicauth.com/api/v0/sdk/4b9286f7-9043-41d4-8696-29a6372696e3/networks
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/_next/static/chunks/pages/_app-aeac468ed6c0dbf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:a200:1c:d308:7ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront / Express
Resource Hash
65669ce32c630e940b8beaaa9083a6d2f8680551d86df78fa088521e95ca450b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

x-dyn-api-version
API/0.0.270
Referer
https://app.fuul.xyz/
accept-language
de-DE,de;q=0.9
x-dyn-version
WalletKit/0.18.100-viem.17
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 27 Sep 2023 13:19:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
nel
{"report_to":"default","max_age":31536000,"include_subdomains":true}
via
1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
x-powered-by
Express
content-security-policy-report-only
connect-src api.axept.io api.hubspot.com app.launchdarkly.com client.axept.io events.launchdarkly.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com www.google-analytics.com 'self' clientstream.launchdarkly.com dynamic-static-assets.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com; frame-src app.hubspot.com; img-src 'self' axeptio.imgix.net track.hubspot.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.usemessages.com www.googletagmanager.com js.hs-scripts.com static.axept.io; script-src wasm-eval; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com; worker-src blob:; frame-ancestors 'self'; report-uri https://dynamicxyz.report-uri.com/r/d/csp/wizard; report-to default
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
CloudFront
etag
W/"5ad-vrpk+nUV3Eo7SzLHNUAWmZvOyew"
vary
Origin, Accept-Encoding
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.fuul.xyz
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://dynamicxyz.report-uri.com/a/d/g"}],"include_subdomains":true}
x-amz-cf-id
wGVICwl0pK5q8vsn1paNV691jYHrsWi5sW0Eo4qTY5eftYjDXrtgpw==
sprite.svg
iconic.dynamic-static-assets.com/icons/ 		0
66 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://iconic.dynamic-static-assets.com/icons/sprite.svg?v=0.1.27
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/_next/static/chunks/pages/_app-aeac468ed6c0dbf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.83.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-83-26.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:13 GMT
content-encoding
br
via
1.1 8bb90d44758ce70476efdf577c8bd268.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
AMS58-P5
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 15 Sep 2023 19:11:45 GMT
server
AmazonS3
etag
W/"fc3b26bda2a6796a0c3a2dcda1ebf140"
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
no-cache, s-maxAge=86400
x-amz-cf-id
ISt-24pzfU2WFStWEYk2dLXvDprr8q-0V6DCoMEhSd4rXLeL_SLN-A==
wallet-book.json
dynamic-static-assets.com/wallet-book/v1/stable/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://dynamic-static-assets.com/wallet-book/v1/stable/wallet-book.json
Requested by
Host: app.fuul.xyz
URL: https://app.fuul.xyz/_next/static/chunks/pages/_app-aeac468ed6c0dbf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.83.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-83-25.ams58.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.fuul.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app.fuul.xyz
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 16:50:19 GMT
x-content-type-options
nosniff
age
592133
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 19 Sep 2024 16:50:19 GMT
dm-sans-latin-700-normal.woff2
cdn.jsdelivr.net/npm/@fontsource/dm-sans/files/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@fontsource/dm-sans/files/dm-sans-latin-700-normal.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69efa8dc8daa0fa51d1b346a891785ad2613a69d933fe5ab6b223b6f2df884da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.fuul.xyz/
Origin
https://app.fuul.xyz
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 13:19:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3953
x-jsd-version
5.0.7
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
14312
x-served-by
cache-fra-eddf8230043-FRA, cache-yyz4564-YYZ
x-jsd-version-type
version
server
cloudflare
etag
W/"37e8-IVsbIut8QGSMC3YKc1ptgl6fWRU"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C5OhdlGk6u1cs4NbBb48L5f3U8Aq7Kcbz85O%2B5yLL0B%2FACrl9eyQ5%2BmzEFlsskgH%2FNm1Dj6qSCOfJTq5wLbmbMUO%2B02MXNlfxMsghSeapr%2BN2TXaAhHKEnlxRMa6SGW8%2Fg2daTbqRquKc42UH6w%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
cf-ray
80d40976cfc09a3f-FRA

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| webpackChunk_N_E function| __next_require__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E object| __SENTRY__ string| __sentryRewritesTunnelPath__ object| SENTRY_RELEASE string| __rewriteFramesAssetPrefixPath__ object| global function| Buffer object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.dynamicauth.com
app.fuul.xyz
cdn.jsdelivr.net
dynamic-static-assets.com
fonts.googleapis.com
fonts.gstatic.com
iconic.dynamic-static-assets.com
18.239.83.25
18.239.83.26
2600:9000:2490:a200:1c:d308:7ac0:93a1
2606:4700::6810:5814
2a00:1450:4001:811::200a
2a00:1450:4001:829::2003
76.76.21.93
0379da59d5748d7227785ea7cce55aa5d6cd36fd3c74a6abf8953112e8c89cc7
13b25bb108f8024f644b2ed5dbc9a7abd6e95ee689e10910e91da0d654583383
2c0b68534ced53aab61f3d4df4e60902196cf599e2dba130e1d848f92442b0ea
46f8cce0826f2b934c7ef9af81e9667f64a36dca24ff6782e09b298e79480cbc
49018e588b2743874064dd007ad6b4835daf36d12510a3f00e72361a9b4c14a6
65669ce32c630e940b8beaaa9083a6d2f8680551d86df78fa088521e95ca450b
67f3fa5a360093b5fc8ede98493ab5720e35d50291550bee3172f2ad8a691408
69efa8dc8daa0fa51d1b346a891785ad2613a69d933fe5ab6b223b6f2df884da
69f55c0af11206f9da17401fa29835b349914b311f4c5760bb400056258a3b7b
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
a2253cffa17df180c27c7f6a5fdd77c2af52b5827fc04c1e59b7752a2091f892
a5556345e757389f322affcca04dcdfc21f904b4772c9d463871a000191a6040
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b6dbf6e9a63f118c339d316fc52ad9a5620adb3069fc99b64030a68e12884d5e
ba6c550e478bcda919a416c9ce274bf6960c1d5d0f8f03cb6c0d52bd20c06e86
d8116917a09c03bee76b238cb9f2bd9d9b3113a0341f9ecffbf18f3f2e103774
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eca0c96b285f66d9acf5edfee69fc0717170fcee65e8965995bd31ccc4efe5d3
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
ffb496a712cfe808933ce0e37de4bcce0196407c08829216a3c70baf32729aa6