URL: https://loyalty.ninjapop.io/
Submission: On December 09 via api from US — Scanned from DK

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 20 HTTP transactions. The main IP is 46.101.199.46, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is loyalty.ninjapop.io.
TLS certificate: Issued by R10 on December 9th 2024. Valid for: 3 months.
This is the only time loyalty.ninjapop.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
14 46.101.199.46 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
1 46.4.97.23 24940 (HETZNER-A...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
20 6
Domain Requested by
7 loyalty.ninjapop.io loyalty.ninjapop.io
5 api.digitalwallet.cards loyalty.ninjapop.io
2 cdn.digitalwallet.cards
2 www.google.com loyalty.ninjapop.io
www.gstatic.com
1 fonts.gstatic.com fonts.googleapis.com
1 www.gstatic.com www.google.com
1 sentry.digitalwallet.cards loyalty.ninjapop.io
1 fonts.googleapis.com loyalty.ninjapop.io
20 8

This site contains links to these domains. Also see Links.

Domain
policies.google.com
Subject Issuer Validity Valid
loyalty.ninjapop.io
R10
2024-12-09 -
2025-03-09
3 months crt.sh
upload.video.google.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
sentry.digitalwallet.cards
E6
2024-10-31 -
2025-01-29
3 months crt.sh
api.digitalwallet.cards
R10
2024-11-05 -
2025-02-03
3 months crt.sh
*.google.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
cdn.digitalwallet.cards
R11
2024-11-06 -
2025-02-04
3 months crt.sh
*.gstatic.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh

This page contains 2 frames:

Primary Page: https://loyalty.ninjapop.io/
Frame ID: E9590651E59579FA9BCE9C91699B1862
Requests: 18 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeXu2wlAAAAANr1r306zDdg2XPFiKAgWZ8A7aia&co=aHR0cHM6Ly9sb3lhbHR5Lm5pbmphcG9wLmlvOjQ0Mw..&hl=da&v=pPK749sccDmVW_9DSeTMVvh2&size=invisible&cb=u6ia19i91ez7
Frame ID: 6B2813AAA44EF8255D5B5307452BB72D
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Boomerangme

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

20
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

8
Subdomains

6
IPs

1
Countries

1805 kB
Transfer

5900 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
loyalty.ninjapop.io/
4 KB
2 KB
Document
General
Full URL
https://loyalty.ninjapop.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
9991bd328a98654ae558309d1f9939f665610be23a2bb311da43b50be4dc5a99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 09 Dec 2024 22:58:34 GMT
etag
W/"eb8-S1bDAZaJADWYIyknV/KgpwmBgNQ"
server
nginx/1.23.3
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-powered-by
Express
x-request-id
d19682a51dde22dcc3d298edb9371532
css2
fonts.googleapis.com/
8 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Manrope:wght@400;500;600;700&display=swap
Requested by
Host: loyalty.ninjapop.io
URL: https://loyalty.ninjapop.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b06cfc79a6799a4a04276fc6d512fccaec76646aac29237eeb737dd700f14b79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loyalty.ninjapop.io/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 09 Dec 2024 22:58:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 09 Dec 2024 22:58:36 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Mon, 09 Dec 2024 22:45:10 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
env.js
loyalty.ninjapop.io/env/
703 B
790 B
Script
General
Full URL
https://loyalty.ninjapop.io/env/env.js
Requested by
Host: loyalty.ninjapop.io
URL: https://loyalty.ninjapop.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
1ac7b852bccd96e9ed1b5e0176f12960e4bf21fc85077aa30a14e4140a222dea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loyalty.ninjapop.io/

Response headers

strict-transport-security
max-age=31536000
x-request-id
52daee8d57b3ae85546c8ab9fbef7ca1
cache-control
public, max-age=0
content-encoding
gzip
etag
W/"2bf-19378a6be1d"
date
Mon, 09 Dec 2024 22:58:34 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.23.3
last-modified
Fri, 29 Nov 2024 16:00:13 GMT
x-powered-by
Express
index-DgElv-G0.js
loyalty.ninjapop.io/assets/
4 MB
977 KB
Script
General
Full URL
https://loyalty.ninjapop.io/assets/index-DgElv-G0.js
Requested by
Host: loyalty.ninjapop.io
URL: https://loyalty.ninjapop.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
3efd3d748cb991507e7dbb001e3d04bf0274b0a02ff7f73a80ac68c2df4a2133
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://loyalty.ninjapop.io
Referer
https://loyalty.ninjapop.io/

Response headers

strict-transport-security
max-age=31536000
x-request-id
8ff7c8548b99cb224c5bb083cc74c421
cache-control
public, max-age=0
content-encoding
gzip
etag
W/"3ea901-19378a6be1d"
date
Mon, 09 Dec 2024 22:58:34 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.23.3
last-modified
Fri, 29 Nov 2024 16:00:13 GMT
x-powered-by
Express
index-DVl_jmev.css
loyalty.ninjapop.io/assets/
335 KB
57 KB
Stylesheet
General
Full URL
https://loyalty.ninjapop.io/assets/index-DVl_jmev.css
Requested by
Host: loyalty.ninjapop.io
URL: https://loyalty.ninjapop.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
acbc351d0a29789a05e2b3f10ad26c812240126c3fff4a4e5f2c55b98185f7f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://loyalty.ninjapop.io
Referer
https://loyalty.ninjapop.io/

Response headers

strict-transport-security
max-age=31536000
x-request-id
0ecd617520c4bdda7b4a69e5911fefe7
cache-control
public, max-age=0
content-encoding
gzip
etag
W/"53d04-19378a6be15"
date
Mon, 09 Dec 2024 22:58:34 GMT
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
nginx/1.23.3
last-modified
Fri, 29 Nov 2024 16:00:13 GMT
x-powered-by
Express
/
sentry.digitalwallet.cards/api/3/envelope/
2 B
256 B
Fetch
General
Full URL
https://sentry.digitalwallet.cards/api/3/envelope/?sentry_key=4ab6748efb38a3bb6e3c0a3e46db5fd0&sentry_version=7&sentry_client=sentry.javascript.react%2F8.4.0
Requested by
Host: loyalty.ninjapop.io
URL: https://loyalty.ninjapop.io/assets/index-DgElv-G0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.4.97.23 Berlin, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
static.23.97.4.46.clients.your-server.de
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://loyalty.ninjapop.io/

Response headers

access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
2
date
Mon, 09 Dec 2024 22:58:38 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
common.json
api.digitalwallet.cards/i18n/en/
252 KB
61 KB
Fetch
General
Full URL
https://api.digitalwallet.cards/i18n/en/common.json
Requested by
Host: loyalty.ninjapop.io
URL: https://loyalty.ninjapop.io/assets/index-DgElv-G0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 /
Resource Hash
ca27bf13eee7746f30911988094ec49c275e96b8ca6613bcee9cd35f14985273
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loyalty.ninjapop.io/

Response headers

strict-transport-security
max-age=31536000
x-request-id
fb69b46e74ff5eece46268704f2b55a9
content-encoding
gzip
etag
W/"674d7ec6-3f025"
access-control-allow-origin
*
date
Mon, 09 Dec 2024 22:58:38 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.23.3
last-modified
Mon, 02 Dec 2024 09:32:54 GMT
common.json
api.digitalwallet.cards/i18n/en/
252 KB
0
Fetch
General
Full URL
https://api.digitalwallet.cards/i18n/en/common.json
Requested by
Host: loyalty.ninjapop.io
URL: https://loyalty.ninjapop.io/assets/index-DgElv-G0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 /
Resource Hash
ca27bf13eee7746f30911988094ec49c275e96b8ca6613bcee9cd35f14985273

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loyalty.ninjapop.io/

Response headers

x-request-id
fb69b46e74ff5eece46268704f2b55a9
content-encoding
gzip
etag
W/"674d7ec6-3f025"
access-control-allow-origin
*
date
Mon, 09 Dec 2024 22:58:38 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.23.3
last-modified
Mon, 02 Dec 2024 09:32:54 GMT
api.js
www.google.com/recaptcha/
1 KB
996 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?render=6LeXu2wlAAAAANr1r306zDdg2XPFiKAgWZ8A7aia
Requested by
Host: loyalty.ninjapop.io
URL: https://loyalty.ninjapop.io/assets/index-DgElv-G0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
34630c9bd54099f756721f65e7125b2e24497896e62d3719d3cd6803e89494af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loyalty.ninjapop.io/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Mon, 09 Dec 2024 22:58:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Mon, 09 Dec 2024 22:58:38 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
faviconPng
cdn.digitalwallet.cards/products/27212/themes/54243/
262 KB
263 KB
Other
General
Full URL
https://cdn.digitalwallet.cards/products/27212/themes/54243/faviconPng
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 /
Resource Hash
2bca0a8b2b62cc1c835255fc2b0ca774f544d5e276a7b84ffaee54ccdf97a48d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload, max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loyalty.ninjapop.io/

Response headers

x-request-id
7f249f1f436d34e171c870d1e2cf6f70
x-envoy-upstream-healthchecked-cluster
access-control-expose-headers
Content-Length,Content-Range
etag
"0a83342b984e6d7e51425c01e9930b13"
access-control-allow-methods
GET, POST, OPTIONS
date
Mon, 09 Dec 2024 22:58:38 GMT
x-rgw-object-type
Normal
content-type
image/png
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
last-modified
Mon, 09 Dec 2024 16:29:39 GMT
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
strict-transport-security
max-age=15552000; includeSubDomains; preload, max-age=31536000
accept-ranges
bytes
access-control-allow-origin
*
content-length
267848
server
nginx/1.23.3
recaptcha__da.js
www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/
548 KB
217 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__da.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LeXu2wlAAAAANr1r306zDdg2XPFiKAgWZ8A7aia
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7edeaf5b495fe148f040fde3d8d4ffef763b971ac306a827d03ba7f8a41bb6b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://loyalty.ninjapop.io
Referer
https://loyalty.ninjapop.io/

Response headers

content-encoding
gzip
age
345157
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Fri, 05 Dec 2025 23:06:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 05 Dec 2024 23:06:02 GMT
last-modified
Mon, 11 Nov 2024 05:00:22 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
222019
x-xss-protection
0
server
sffe
favicon.svg
loyalty.ninjapop.io/assets/theme/
1 KB
1 KB
Other
General
Full URL
https://loyalty.ninjapop.io/assets/theme/favicon.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
30ee6d58d2e7cf68adcf8346005a5797775f759b13b8a3f2c670bab9203a7c68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loyalty.ninjapop.io/

Response headers

strict-transport-security
max-age=31536000
x-request-id
ecbdff406ffe41424fbf9bf3b90d9d23
cache-control
public, max-age=0
content-encoding
gzip
etag
W/"5a9-19378a6bdc9"
date
Mon, 09 Dec 2024 22:58:40 GMT
content-type
image/svg+xml
vary
Accept-Encoding
server
nginx/1.23.3
last-modified
Fri, 29 Nov 2024 16:00:13 GMT
x-powered-by
Express
anchor
www.google.com/recaptcha/api2/ Frame 6B28
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeXu2wlAAAAANr1r306zDdg2XPFiKAgWZ8A7aia&co=aHR0cHM6Ly9sb3lhbHR5Lm5pbmphcG9wLmlvOjQ0Mw..&hl=da&v=pPK749sccDmVW_9DSeTMVvh2&size=invisible&cb=u6ia19i91ez7
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__da.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-FtyCV-zlFBkfX2t1HEWNFQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://loyalty.ninjapop.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-FtyCV-zlFBkfX2t1HEWNFQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Mon, 09 Dec 2024 22:58:40 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
xn7gYHE41ni1AdIRggexSg.woff2
fonts.gstatic.com/s/manrope/v15/
24 KB
24 KB
Font
General
Full URL
https://fonts.gstatic.com/s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Manrope:wght@400;500;600;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
14be4114dcfde74652f19f9ffae8c9bb50707e9e88bd2b1fcd86fb50224109e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://loyalty.ninjapop.io
Referer
https://fonts.googleapis.com/

Response headers

age
489253
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 04 Dec 2025 07:04:27 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 07:04:27 GMT
last-modified
Wed, 13 Sep 2023 23:22:16 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
24376
x-xss-protection
0
server
sffe
brief
api.digitalwallet.cards/external_services/
2 KB
968 B
XHR
General
Full URL
https://api.digitalwallet.cards/external_services/brief
Requested by
Host: loyalty.ninjapop.io
URL: https://loyalty.ninjapop.io/assets/index-DgElv-G0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / PHP/8.1.28
Resource Hash
4b8a65bb77bcdb94a3aa1646d4229e4e807b88fd415834974f2bdcc1ee8553b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny

Request headers

X-App-Cookie
{}
Referer
https://loyalty.ninjapop.io/
X-App-Name
front
X-Timezone
Europe/Copenhagen
ngrok-skip-browser-warning
test
X-Lang
en
X-App-Version
release-2024-11-29
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/vnd.api+json
X-Timezone-Offset
3600

Response headers

x-request-id
da1b3cd25e1a51511fe6ae1f4bb6486b
access-control-expose-headers
link, x-navbar-data-url, x-redirect-url, x-request-id
content-encoding
gzip
etag
W/"d21098e99c34fbc80421a69a30410d57"
x-content-type-options
nosniff
date
Mon, 09 Dec 2024 22:58:41 GMT
content-type
application/vnd.api+json; charset=utf-8
vary
Accept-Encoding, Accept
x-frame-options
deny
strict-transport-security
max-age=31536000
link
<http://api.digitalwallet.cards/docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation"
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://loyalty.ninjapop.io
x-powered-by
PHP/8.1.28
server
nginx/1.23.3
brief
api.digitalwallet.cards/external_services/ Frame
0
0
Preflight
General
Full URL
https://api.digitalwallet.cards/external_services/brief
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / PHP/8.1.28
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
ngrok-skip-browser-warning,x-app-cookie,x-app-name,x-app-version,x-lang,x-timezone,x-timezone-offset
Access-Control-Request-Method
GET
Origin
https://loyalty.ninjapop.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type, authorization, card-token, x-shopify-token, x-ghl-token, ngrok-skip-browser-warning, x-app-name, x-app-version, x-app-cookie, x-lang, x-timezone, x-timezone-offset
access-control-allow-methods
GET, OPTIONS, POST, PUT, PATCH, DELETE
access-control-allow-origin
https://loyalty.ninjapop.io
access-control-max-age
3600
cache-control
no-cache, private
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 09 Dec 2024 22:58:40 GMT
server
nginx/1.23.3
strict-transport-security
max-age=31536000
vary
Accept-Encoding Origin
x-powered-by
PHP/8.1.28
x-request-id
832a469b785796347674820b8f2b7c50
brief
api.digitalwallet.cards/external_services/
2 KB
967 B
XHR
General
Full URL
https://api.digitalwallet.cards/external_services/brief
Requested by
Host: loyalty.ninjapop.io
URL: https://loyalty.ninjapop.io/assets/index-DgElv-G0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / PHP/8.1.28
Resource Hash
4b8a65bb77bcdb94a3aa1646d4229e4e807b88fd415834974f2bdcc1ee8553b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny

Request headers

X-App-Cookie
{}
Referer
https://loyalty.ninjapop.io/
X-App-Name
front
X-Timezone
Europe/Copenhagen
ngrok-skip-browser-warning
test
X-Lang
en
X-App-Version
release-2024-11-29
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/vnd.api+json
X-Timezone-Offset
3600

Response headers

x-request-id
e57ebb2429211dd3d8a7e2e23176f6e8
access-control-expose-headers
link, x-navbar-data-url, x-redirect-url, x-request-id
content-encoding
gzip
etag
W/"d21098e99c34fbc80421a69a30410d57"
x-content-type-options
nosniff
date
Mon, 09 Dec 2024 22:58:41 GMT
content-type
application/vnd.api+json; charset=utf-8
vary
Accept-Encoding, Accept
x-frame-options
deny
strict-transport-security
max-age=31536000
link
<http://api.digitalwallet.cards/docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation"
cache-control
no-cache, private
access-control-allow-credentials
true
access-control-allow-origin
https://loyalty.ninjapop.io
x-powered-by
PHP/8.1.28
server
nginx/1.23.3
login.jpg
loyalty.ninjapop.io/assets/theme/
119 KB
120 KB
Image
General
Full URL
https://loyalty.ninjapop.io/assets/theme/login.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
d7d9873447a0dd9ae6b6746a9e6c3a43214306ef3b4e27630f770fc1067542b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loyalty.ninjapop.io/

Response headers

strict-transport-security
max-age=31536000
x-request-id
f40a372486b392e8bcaf1f759c828cca
cache-control
public, max-age=0
etag
W/"1dda1-19378a6bdc9"
accept-ranges
bytes
content-length
122273
date
Mon, 09 Dec 2024 22:58:41 GMT
content-type
image/jpeg
x-powered-by
Express
server
nginx/1.23.3
last-modified
Fri, 29 Nov 2024 16:00:13 GMT
logoLight
cdn.digitalwallet.cards/products/27212/themes/54243/
76 KB
77 KB
Image
General
Full URL
https://cdn.digitalwallet.cards/products/27212/themes/54243/logoLight
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 /
Resource Hash
d924da2e5d76e8af7f54d149b2ec012343f0cf5a670f620c0d8f0f77c5dae287
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload, max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://loyalty.ninjapop.io/

Response headers

x-request-id
440e95df135a34da66b7bfabf7f7d1bf
x-envoy-upstream-healthchecked-cluster
access-control-expose-headers
Content-Length,Content-Range
etag
"7a3ec256e8796a7667677ff6efd6eadd"
access-control-allow-methods
GET, POST, OPTIONS
date
Mon, 09 Dec 2024 22:58:41 GMT
x-rgw-object-type
Normal
content-type
image/jpeg
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
last-modified
Mon, 09 Dec 2024 16:29:34 GMT
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
strict-transport-security
max-age=15552000; includeSubDomains; preload, max-age=31536000
accept-ranges
bytes
access-control-allow-origin
*
content-length
77923
server
nginx/1.23.3
eye-closed.svg
loyalty.ninjapop.io/assets/icons/
929 B
1 KB
Fetch
General
Full URL
https://loyalty.ninjapop.io/assets/icons/eye-closed.svg
Requested by
Host: loyalty.ninjapop.io
URL: https://loyalty.ninjapop.io/assets/index-DgElv-G0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.101.199.46 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.23.3 / Express
Resource Hash
abd6be2fc1db820666857f618d2705cf4fa6c72aeb9abae14287728a4549a851
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sentry-trace
f608e8e3c38e4a8c99f6a89c059b3fc0-9538a40063fcc909-0
Referer
https://loyalty.ninjapop.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
baggage
sentry-environment=production,sentry-release=release-2024-11-29,sentry-public_key=4ab6748efb38a3bb6e3c0a3e46db5fd0,sentry-trace_id=f608e8e3c38e4a8c99f6a89c059b3fc0,sentry-sample_rate=0.1,sentry-sampled=false

Response headers

strict-transport-security
max-age=31536000
x-request-id
2cb4c6a63eabe307ed9f3d4cd7d653e6
cache-control
public, max-age=0
etag
W/"3a1-19378a6bdc9"
accept-ranges
bytes
content-length
929
date
Mon, 09 Dec 2024 22:58:41 GMT
content-type
image/svg+xml
x-powered-by
Express
server
nginx/1.23.3
last-modified
Fri, 29 Nov 2024 16:00:13 GMT

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ENV object| SERVER_DATA number| __mobxInstanceCount object| __mobxGlobals string| __reactRouterVersion function| saveAs function| IMask object| __localeData__ object| __SENTRY__ function| onRecaptchaLoadCallback object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_21631

0 Cookies

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://loyalty.ninjapop.io/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.digitalwallet.cards
cdn.digitalwallet.cards
fonts.googleapis.com
fonts.gstatic.com
loyalty.ninjapop.io
sentry.digitalwallet.cards
www.google.com
www.gstatic.com
2a00:1450:4001:80e::200a
2a00:1450:4001:82f::2003
2a00:1450:4001:831::2003
2a00:1450:4001:831::2004
46.101.199.46
46.4.97.23
14be4114dcfde74652f19f9ffae8c9bb50707e9e88bd2b1fcd86fb50224109e7
1ac7b852bccd96e9ed1b5e0176f12960e4bf21fc85077aa30a14e4140a222dea
2bca0a8b2b62cc1c835255fc2b0ca774f544d5e276a7b84ffaee54ccdf97a48d
30ee6d58d2e7cf68adcf8346005a5797775f759b13b8a3f2c670bab9203a7c68
34630c9bd54099f756721f65e7125b2e24497896e62d3719d3cd6803e89494af
3efd3d748cb991507e7dbb001e3d04bf0274b0a02ff7f73a80ac68c2df4a2133
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4b8a65bb77bcdb94a3aa1646d4229e4e807b88fd415834974f2bdcc1ee8553b4
7edeaf5b495fe148f040fde3d8d4ffef763b971ac306a827d03ba7f8a41bb6b6
9991bd328a98654ae558309d1f9939f665610be23a2bb311da43b50be4dc5a99
abd6be2fc1db820666857f618d2705cf4fa6c72aeb9abae14287728a4549a851
acbc351d0a29789a05e2b3f10ad26c812240126c3fff4a4e5f2c55b98185f7f2
b06cfc79a6799a4a04276fc6d512fccaec76646aac29237eeb737dd700f14b79
ca27bf13eee7746f30911988094ec49c275e96b8ca6613bcee9cd35f14985273
d7d9873447a0dd9ae6b6746a9e6c3a43214306ef3b4e27630f770fc1067542b3
d924da2e5d76e8af7f54d149b2ec012343f0cf5a670f620c0d8f0f77c5dae287