URL: https://app.ducky.eco/en/joinCampaign?link=cm2izej7m000us6018t8mhpxd
Submission: On October 28 via manual from NO — Scanned from NO

Summary

This website contacted 5 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 199.36.158.100, located in United States and belongs to FASTLY, US. The main domain is app.ducky.eco.
TLS certificate: Issued by WR3 on October 7th 2024. Valid for: 3 months.
This is the only time app.ducky.eco was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 199.36.158.100 54113 (FASTLY)
3 18.195.235.189 16509 (AMAZON-02)
3 2600:1901:0:c... 396982 (GOOGLE-CL...)
5 34.95.127.37 396982 (GOOGLE-CL...)
18 5
Domain Requested by
7 app.ducky.eco app.ducky.eco
5 static.ducky.eco app.ducky.eco
3 sentry.ducky.eco app.ducky.eco
3 folketsfotavtrykk.matomo.cloud app.ducky.eco
folketsfotavtrykk.matomo.cloud
18 4

This site contains links to these domains. Also see Links.

Domain
support.ducky.eco
Subject Issuer Validity Valid
www.jayohen.com
WR3
2024-10-07 -
2025-01-05
3 months crt.sh
*.matomo.cloud
Amazon RSA 2048 M02
2024-05-21 -
2025-06-19
a year crt.sh
sentry.ducky.eco
WR3
2024-10-27 -
2025-01-25
3 months crt.sh
static.duckytest.no
WR3
2024-10-04 -
2025-01-02
3 months crt.sh

This page contains 1 frames:

Primary Page: https://app.ducky.eco/en/joinCampaign?link=cm2izej7m000us6018t8mhpxd
Frame ID: 487FCA2611E5F7B65134F76D988EB953
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

Ducky

Page Statistics

18
Requests

100 %
HTTPS

25 %
IPv6

2
Domains

4
Subdomains

5
IPs

2
Countries

832 kB
Transfer

3683 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request joinCampaign
app.ducky.eco/en/
4 KB
3 KB
Document
General
Full URL
https://app.ducky.eco/en/joinCampaign?link=cm2izej7m000us6018t8mhpxd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8f392a76d311b5ee32dadbf6e4cf338c11764e7792a18222f6b81f909e874709
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
br
content-length
1112
content-security-policy
default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
content-type
text/html; charset=utf-8
date
Mon, 28 Oct 2024 12:43:11 GMT
etag
"c88ffd8a7d18edfcc92ca77eaba431c0d9b9579457cdf04aaea57d081003b7f0-br"
last-modified
Wed, 03 Jul 2024 09:11:43 GMT
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
x-cache-hits
0
x-content-type-options
nosniff
x-frame-options
DENY
x-served-by
cache-bma1674-BMA
x-timer
S1730119391.002817,VS0,VE1
x-xss-protection
0
index-JE4o_sQn.js
app.ducky.eco/assets/
2 MB
286 KB
Script
General
Full URL
https://app.ducky.eco/assets/index-JE4o_sQn.js
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/en/joinCampaign?link=cm2izej7m000us6018t8mhpxd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a5c19e7edc531bee9a91ba5f7801c45590a45c90a21833c522177fb5f70588ac
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://app.ducky.eco
Referer
https://app.ducky.eco/en/joinCampaign?link=cm2izej7m000us6018t8mhpxd

Response headers

content-encoding
br
etag
"769a24bd2177e889c3d13167f5dc02e084e9103896adf60f9bf33f7868febf22-br"
x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Mon, 28 Oct 2024 12:43:11 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 03 Jul 2024 09:11:43 GMT
x-served-by
cache-bma1674-BMA
x-cache-hits
0
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
content-security-policy
default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
cache-control
max-age=3600
x-timer
S1730119391.046494,VS0,VE1
referrer-policy
strict-origin-when-cross-origin
accept-ranges
bytes
content-length
292735
x-xss-protection
0
index-bbsJi1WW.css
app.ducky.eco/assets/
131 KB
51 KB
Stylesheet
General
Full URL
https://app.ducky.eco/assets/index-bbsJi1WW.css
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/en/joinCampaign?link=cm2izej7m000us6018t8mhpxd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2166202131806064b81d16077f5c9f18bd7c03ab9155082bb6408d0d7d7e30d8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://app.ducky.eco
Referer
https://app.ducky.eco/en/joinCampaign?link=cm2izej7m000us6018t8mhpxd

Response headers

content-encoding
br
etag
"f40bbd96cb185a2e2d0323e57eca6f8798644b36fda02f6522a0a6a37f1f53d5-br"
x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Mon, 28 Oct 2024 12:43:11 GMT
content-type
text/css; charset=utf-8
last-modified
Wed, 03 Jul 2024 09:11:43 GMT
x-served-by
cache-bma1674-BMA
x-cache-hits
0
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
content-security-policy
default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
cache-control
max-age=3600
x-timer
S1730119391.046434,VS0,VE1
referrer-policy
strict-origin-when-cross-origin
accept-ranges
bytes
content-length
51743
x-xss-protection
0
matomo.js
folketsfotavtrykk.matomo.cloud/
202 KB
59 KB
Script
General
Full URL
https://folketsfotavtrykk.matomo.cloud/matomo.js
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/assets/index-JE4o_sQn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.195.235.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-235-189.eu-central-1.compute.amazonaws.com
Software
CloudFront /
Resource Hash
3d512bf16e4e064bf2cd56a525b27bfd004cf6705f928d4c4f6cc5c8c027884a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.ducky.eco/

Response headers

content-encoding
gzip
etag
W/"27c5dedf90d5acb999b2168c7e96f487"
x-amz-version-id
t6Hxn06qeWZU1ZhyLhxXOnZgP2qt2iSj
age
2531
expires
Tue, 05 Nov 2024 12:43:11 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
kHpkdgMp7N5Tu8pAaT34n2g4srUzlg1s5Ev9SHyjjVcwO18V5gAQNQ==
date
Mon, 28 Oct 2024 12:43:11 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 16 Oct 2024 00:10:06 GMT
vary
Accept-Encoding,User-Agent
strict-transport-security
max-age=31536000, max-age=31536000
cache-control
max-age=691200, max-age=691200
via
1.1 392cb865edfd76152c5ac655614b2f60.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P12
server
CloudFront
index-N1mUk2bP.js
app.ducky.eco/assets/
420 KB
74 KB
Script
General
Full URL
https://app.ducky.eco/assets/index-N1mUk2bP.js
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/assets/index-JE4o_sQn.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
47f4a745a57a40f830e125aaf14e1a4769cddce9d5bd17a69bcc97e143ae59ae
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://app.ducky.eco
Referer
https://app.ducky.eco/assets/index-JE4o_sQn.js

Response headers

content-encoding
br
etag
"18e7a38a08556269117ec5f1b4bb590da42c179fc0cbed3926250fc39b723fc1-br"
x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Mon, 28 Oct 2024 12:43:11 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 03 Jul 2024 09:11:43 GMT
x-served-by
cache-bma1669-BMA
x-cache-hits
2
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
content-security-policy
default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
cache-control
max-age=3600
x-timer
S1730119391.271712,VS0,VE0
referrer-policy
strict-origin-when-cross-origin
accept-ranges
bytes
content-length
74033
x-xss-protection
0
/
sentry.ducky.eco/api/3/envelope/
2 B
55 B
Fetch
General
Full URL
https://sentry.ducky.eco/api/3/envelope/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.90.0
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/assets/index-JE4o_sQn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:cd35:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://app.ducky.eco/

Response headers

access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Mon, 28 Oct 2024 12:43:11 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
index_desktop-RFklly3g.js
app.ducky.eco/assets/
201 KB
40 KB
Script
General
Full URL
https://app.ducky.eco/assets/index_desktop-RFklly3g.js
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/assets/index-JE4o_sQn.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3f7137a7a7f8352be64b7322bf681586cab065222c2f048e1b2331b93f7df0bc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://app.ducky.eco
Referer

Response headers

content-encoding
br
etag
"500b5c00dd14017ebf0346de7b8972457709682080b141847bbc4194f41f0602-br"
x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Mon, 28 Oct 2024 12:43:11 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 03 Jul 2024 09:11:43 GMT
x-served-by
cache-bma1669-BMA
x-cache-hits
3
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
content-security-policy
default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
cache-control
max-age=3600
x-timer
S1730119391.370449,VS0,VE0
referrer-policy
strict-origin-when-cross-origin
accept-ranges
bytes
content-length
39062
x-xss-protection
0
index-rZpp65Og.js
app.ducky.eco/assets/
593 KB
146 KB
Script
General
Full URL
https://app.ducky.eco/assets/index-rZpp65Og.js
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/assets/index-JE4o_sQn.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
be6853122d8d3f27d98e15f0242018482c17e94b7b25f23493bb4efd19b6c811
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://app.ducky.eco
Referer

Response headers

content-encoding
br
etag
"9f06167e2fcf6e2bc04201a7f19d5253bed8fbb8f247a44bf8418e313259f79f-br"
x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Mon, 28 Oct 2024 12:43:11 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 03 Jul 2024 09:11:43 GMT
x-served-by
cache-bma1669-BMA
x-cache-hits
0
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
content-security-policy
default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
cache-control
max-age=3600
x-timer
S1730119391.370426,VS0,VE1
referrer-policy
strict-origin-when-cross-origin
accept-ranges
bytes
content-length
147505
x-xss-protection
0
index.esm-__y3aVZU.js
app.ducky.eco/assets/
48 KB
9 KB
Script
General
Full URL
https://app.ducky.eco/assets/index.esm-__y3aVZU.js
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/assets/index-JE4o_sQn.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
787a8c84e3a0147224a8532a65a570127f84d3a319a4ee33426a5aa91336b412
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://app.ducky.eco
Referer
https://app.ducky.eco/assets/index-JE4o_sQn.js

Response headers

content-encoding
br
etag
"834fdbc9d778ec613b17296677452d9fd29e90de24bbbbf29078b8eac286605b-br"
x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Mon, 28 Oct 2024 12:43:11 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 03 Jul 2024 09:11:43 GMT
x-served-by
cache-bma1669-BMA
x-cache-hits
3
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
content-security-policy
default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
cache-control
max-age=3600
x-timer
S1730119391.370952,VS0,VE0
referrer-policy
strict-origin-when-cross-origin
accept-ranges
bytes
content-length
7603
x-xss-protection
0
/
sentry.ducky.eco/api/3/envelope/
2 B
266 B
Fetch
General
Full URL
https://sentry.ducky.eco/api/3/envelope/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.90.0
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/assets/index-JE4o_sQn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:cd35:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://app.ducky.eco/

Response headers

access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Mon, 28 Oct 2024 12:43:11 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
/
sentry.ducky.eco/api/3/envelope/
2 B
55 B
Fetch
General
Full URL
https://sentry.ducky.eco/api/3/envelope/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.90.0
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/assets/index-JE4o_sQn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:cd35:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://app.ducky.eco/

Response headers

access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Mon, 28 Oct 2024 12:43:11 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
ducky.svg
static.ducky.eco/images/logos/
3 KB
3 KB
Image
General
Full URL
https://static.ducky.eco/images/logos/ducky.svg
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/en/register
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.127.37 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
37.127.95.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
0b783291eb140d87c44a2d84545fb52ce70f9a1a176ced614aba5008f5a4f792

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.ducky.eco/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
x-goog-hash
crc32c=OthqTA==, md5=LRYow+/1PdsQy/fsrFApiA==
etag
"2d1628c3eff53ddb10cbf7ecac502988"
age
390
x-goog-stored-content-encoding
identity
expires
Mon, 28 Oct 2024 13:36:41 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
2742
date
Mon, 28 Oct 2024 12:36:41 GMT
last-modified
Mon, 20 Jun 2022 08:41:18 GMT
content-type
image/svg+xml
x-guploader-uploadid
AHmUCY3xsjHFrcofR4tR9a_3hJlKPyi2suiyySNkIY2NV7WFoTBBYlaRMlH7GcRztZHdwpNMKhV1aknfqA
cache-control
public, max-age=3600
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1655714478803818
content-length
2742
server
UploadServer
goalsMet.png
static.ducky.eco/images/onboarding/
52 KB
52 KB
Image
General
Full URL
https://static.ducky.eco/images/onboarding/goalsMet.png
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/en/register
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.127.37 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
37.127.95.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
07987b7ce3d3500d76e8c7b52b5b95279f2a7ed2dffb7ae2e594cc707df4db10

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.ducky.eco/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
x-goog-hash
crc32c=1Abvsg==, md5=zkexxH3iJeydasBC+16vog==
etag
"ce47b1c47de225ec9d6ac042fb5eafa2"
age
1869
x-goog-stored-content-encoding
identity
expires
Mon, 28 Oct 2024 13:12:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
53034
date
Mon, 28 Oct 2024 12:12:02 GMT
last-modified
Tue, 30 Nov 2021 13:51:37 GMT
content-type
image/png
x-guploader-uploadid
AHmUCY0STaLdqKdgh5o__1u_OxlISB_XIJmvnYA0jZWOFUnAhaC_H_j4fV-XPypY_zfEN2WwVGI
cache-control
public, max-age=3600
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1638280297910932
content-length
53034
server
UploadServer
truncated
/
81 KB
81 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f71133df52a01082a6d082dc0f396333b1b96cb0375ae1dc2032204d03044708

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://app.ducky.eco
Referer

Response headers

Content-Type
application/x-font-woff;charset=utf-8
montserrat_700_latin.woff2
static.ducky.eco/
10 KB
10 KB
Font
General
Full URL
https://static.ducky.eco/montserrat_700_latin.woff2
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/assets/index-bbsJi1WW.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.127.37 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
37.127.95.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
645c0784ac4ab9adcbd53bde9bfa482963d141b5a5cd2f7029bcd2be102b7d8d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://app.ducky.eco
Referer
https://app.ducky.eco/

Response headers

x-goog-metageneration
3
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash
crc32c=FMkkHQ==, md5=bcx94tMxAdqxDAGD6n40yw==
etag
"6dcc7de2d33101dab10c0183ea7e34cb"
age
1456108
x-goog-stored-content-encoding
identity
expires
Sat, 11 Oct 2025 16:14:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
9764
date
Fri, 11 Oct 2024 16:14:43 GMT
x-goog-custom-time
1970-01-01T00:00:00Z
last-modified
Fri, 17 Apr 2020 08:31:41 GMT
content-type
font/woff2
x-guploader-uploadid
AHmUCY0m1EMPr-EZyJJYxvAxisBMrpY8YcbWMzpylgcRBybTjlDnqdysCkkOPZUIT_XkvxDPP--HkzXCFw
cache-control
public, max-age=31536000
x-goog-meta-
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1587112301023269
content-length
9764
server
UploadServer
montserrat_400_latin.woff2
static.ducky.eco/
10 KB
10 KB
Font
General
Full URL
https://static.ducky.eco/montserrat_400_latin.woff2
Requested by
Host: app.ducky.eco
URL: https://app.ducky.eco/assets/index-bbsJi1WW.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.127.37 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
37.127.95.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
5e522f43408bc91ebda7ae4aadcf7e15d3e1100e221ed9f0aaec9608f2f18299

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://app.ducky.eco
Referer
https://app.ducky.eco/

Response headers

x-goog-metageneration
6
access-control-expose-headers
Content-Type
x-goog-hash
crc32c=WZu5rw==, md5=7YRVfn6wPuxQAhwpI2msbg==
etag
"ed84557e7eb03eec50021c292369ac6e"
age
1391759
x-goog-stored-content-encoding
identity
expires
Sun, 12 Oct 2025 10:07:12 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
9876
date
Sat, 12 Oct 2024 10:07:12 GMT
x-goog-custom-time
1970-01-01T00:00:00Z
last-modified
Fri, 17 Apr 2020 08:31:41 GMT
content-type
font/woff2
x-guploader-uploadid
AHmUCY3Nxm9uc2w_P2d98x1KvU8Wxb0pB8d_310va_TICKClFj_0S7eUFosH000l8lalZssHQ8T284C-9g
cache-control
public, max-age=31536000
x-goog-meta-
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1587112301838424
content-length
9876
server
UploadServer
matomo.php
folketsfotavtrykk.matomo.cloud/
0
173 B
Ping
General
Full URL
https://folketsfotavtrykk.matomo.cloud/matomo.php?action_name=Ducky&idsite=6&rec=1&r=444531&h=13&m=43&s=11&url=https%3A%2F%2Fapp.ducky.eco%2Fen%2Fregister&_id=&_idn=1&send_image=0&_refts=0&pv_id=1z74nP&pf_net=84&pf_srv=37&pf_tfr=3&pf_dm1=13&uadata=%7B%22formFactors%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200
Requested by
Host: folketsfotavtrykk.matomo.cloud
URL: https://folketsfotavtrykk.matomo.cloud/matomo.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.195.235.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-235-189.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8
Referer
https://app.ducky.eco/

Response headers

strict-transport-security
max-age=31536000
access-control-allow-origin
https://app.ducky.eco
date
Mon, 28 Oct 2024 12:43:11 GMT
vary
X-Forwarded-Proto,User-Agent
server
Apache
access-control-allow-credentials
true
configs.php
folketsfotavtrykk.matomo.cloud/plugins/HeatmapSessionRecording/
116 B
296 B
Script
General
Full URL
https://folketsfotavtrykk.matomo.cloud/plugins/HeatmapSessionRecording/configs.php?idsite=6&trackerid=IKyE9L&url=https%3A%2F%2Fapp.ducky.eco%2Fen%2Fregister
Requested by
Host: folketsfotavtrykk.matomo.cloud
URL: https://folketsfotavtrykk.matomo.cloud/matomo.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.195.235.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-235-189.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
8bf08ad881195ecce1ee7a90674b63e8152cd35951e9e5dbf2b092ca6e911c1e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.ducky.eco/

Response headers

strict-transport-security
max-age=31536000
content-length
119
content-encoding
gzip
date
Mon, 28 Oct 2024 12:43:11 GMT
content-type
application/javascript
vary
X-Forwarded-Proto,Accept-Encoding,User-Agent
server
Apache
ducky-app-icon-256.png
static.ducky.eco/
8 KB
8 KB
Other
General
Full URL
https://static.ducky.eco/ducky-app-icon-256.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.127.37 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
37.127.95.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c66021e195e40982bbfd5505473aa1603c4c556ddd690f1f373a2b072136a525

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.ducky.eco/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Type
x-goog-hash
crc32c=eaa0fw==, md5=9qB9jYa97s4L6dxHjMRpzw==
etag
"f6a07d8d86bdeece0be9dc478cc469cf"
age
1478
x-goog-stored-content-encoding
identity
expires
Mon, 28 Oct 2024 13:18:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
7693
date
Mon, 28 Oct 2024 12:18:33 GMT
last-modified
Fri, 17 Apr 2020 08:31:41 GMT
content-type
image/png
x-guploader-uploadid
AHmUCY0buyqU6U6qxoi9i1ZC1O9v1pEfPxaUYxF1wgS3rj-Wtcb6mT_qBWgcDEzA-W8HCKnQRh8tcu_fAg
cache-control
public, max-age=3600
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1587112301901257
content-length
7693
server
UploadServer

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _sentryDebugIds string| _sentryDebugIdIdentifier object| SENTRY_RELEASE object| _paq boolean| __vite_is_modern_browser object| __SENTRY__ object| Piwik object| Matomo object| matomoAbTestingCampaignUrlParamList object| AnalyticsTracker function| piwik_log

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'none'; connect-src 'self' https://api.ducky.eco https://api.duckytest.no https://dashboard.ducky.eco https://dashboard.duckytest.no https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://apis.google.com https://*.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://securetoken.googleapis.com https://firebasestorage.googleapis.com https://*.cloudfunctions.net https://*.firebasedatabase.app wss://*.firebasedatabase.app https://*.googleusercontent.com https://graph.facebook.com https://folketsfotavtrykk.matomo.cloud https://sentry.ducky.eco; font-src 'unsafe-inline' 'unsafe-eval' data: https://static.ducky.eco; form-action 'none'; frame-src https://auth.duckytest.no https://auth.ducky.eco https://cdn.firebase.com https://*.firebaseio.com https://*.firebasedatabase.app https://folketsfotavtrykk.matomo.cloud; img-src blob: data: https://static.ducky.eco https://*.googleusercontent.com https://firebasestorage.googleapis.com; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' https://static.ducky.eco https://www.gstatic.com/firebasejs/ https://cdn.firebase.com https://*.firebaseio.com https://apis.google.com https://*.firebasedatabase.app https://connect.facebook.net https://folketsfotavtrykk.matomo.cloud; worker-src 'self'; upgrade-insecure-requests; report-uri https://sentry.ducky.eco/api/3/security/?sentry_key=2c3ac7bb77ab470a928eb7f1fa93e52b&sentry_environment=ducky-prod&sentry_release=local
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0