staging.dashboard.heropay.co Open in urlscan Pro
2600:9000:20ea:2a00:19:4e9:8a40:93a1  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response staging.dashboard.heropay.co/	1 KB 891 B	915ms 542ms	Document text/html	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.dashboard.heropay.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5d539290233d4e921ec511bc773d3a1f6b0fa00bcd5650dbd9e903b73d009530 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language en-US,en;q=0.9 Response headers cache-control max-age=0,no-cache content-encoding gzip content-type text/html date Mon, 30 Oct 2023 16:00:19 GMT etag W/"1925fb4f3b2fa64719b856f58cf07c96" last-modified Fri, 27 Oct 2023 12:52:51 GMT server AmazonS3 vary Accept-Encoding via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) x-amz-cf-id nIUoUj5MBqhsDe7-o3TGEVLc72Y1jcFnQ24eZ9u9-QhKTxf0mgexuA== x-amz-cf-pop BOS50-C1 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront
GET H2	200	css2 fonts.googleapis.com/	9 KB 1 KB	259ms 97ms	Stylesheet text/css	2607:f8b0:4020:807::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:807::200a Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 47a8a3cac11d58041b7c0874be17d4c7f9a71fe87ec09e8dc3dbf047438346d5 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Mon, 30 Oct 2023 16:00:18 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Mon, 30 Oct 2023 15:16:50 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 30 Oct 2023 16:00:18 GMT
GET H2	200	index-9982da77.js Show response staging.dashboard.heropay.co/assets/	2 MB 500 KB	529ms 527ms	Script text/javascript	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.dashboard.heropay.co/assets/index-9982da77.js Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash d6eaa46ed4c428b99c32f45be7d3c148825d571869301ed37ade665a039aa2a9 Request headers Referer https://staging.dashboard.heropay.co/ Origin https://staging.dashboard.heropay.co accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:19 GMT content-encoding gzip via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:50 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag W/"6adb45b1dca41e507a3b0e92b7935144" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type text/javascript cache-control max-age=0,no-cache x-amz-cf-id p5yzpRr984XVqsHuf9_8LUUwPCFNjiPipsrlonPVCws3kDm4PFVEcA==
GET H2	200	index-6e768ac8.css staging.dashboard.heropay.co/assets/	15 KB 4 KB	482ms 481ms	Stylesheet text/css	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.dashboard.heropay.co/assets/index-6e768ac8.css Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 6e768ac80f1f94b8e99de6b20394d3cf3dbf359989542c8c33d09534e0949c43 Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:19 GMT content-encoding gzip via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:50 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag W/"9f53359a1c420c5aac4e289be375999e" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type text/css cache-control max-age=0,no-cache x-amz-cf-id hFHqItzLwJID-L87wTBEjdrybETmsBBy3Rronsn-i9ll-x1qsvWXOA==
GET H2	200	hotjar-3530272.js Show response static.hotjar.com/c/	12 KB 5 KB	330ms 162ms	Script application/javascript	18.239.168.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-3530272.js?sv=6 Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/assets/index-9982da77.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.239.168.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-239-168-48.bos50.r.cloudfront.net Software / Resource Hash c1fce64979a9fa9136ed4bf1ca75ccc562354ae1fc26309f5fcbdeef057fe881 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:20 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 3f2d1b9ddd51bb5347439fcd3cc10c06.cloudfront.net (CloudFront) x-amz-cf-pop BOS50-P3 etag W/b519d6b91d53a15376d449a482d80fd3 vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control max-age=60 x-cache-hit 1 cross-origin-resource-policy cross-origin x-amz-cf-id LYDHR3qRTaQvKOiHDzUGfOrHoTUaU3_NDP9bLqmOm0Zkqq69XleUHw==
GET H2	200	UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 fonts.gstatic.com/s/inter/v13/	46 KB 46 KB	240ms 76ms	Font font/woff2	2607:f8b0:4020:804::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4020:804::2003 Montreal, Canada, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://staging.dashboard.heropay.co accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Thu, 26 Oct 2023 16:54:27 GMT x-content-type-options nosniff age 342353 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 46704 x-xss-protection 0 last-modified Wed, 13 Sep 2023 23:49:07 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 25 Oct 2024 16:54:27 GMT
GET H2	200	en-47ee1484.js Show response staging.dashboard.heropay.co/assets/	3 KB 2 KB	483ms 481ms	Script text/javascript	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.dashboard.heropay.co/assets/en-47ee1484.js Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/assets/index-9982da77.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash fa2298bd5c07a4dd4f7b386edd08688035fecb918a46376fba9c9d955c550812 Request headers Referer https://staging.dashboard.heropay.co/assets/index-9982da77.js Origin https://staging.dashboard.heropay.co accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:21 GMT content-encoding gzip via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:49 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag W/"0471f1050079e751c0f72ed302772048" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type text/javascript cache-control max-age=0,no-cache x-amz-cf-id hgAQtIjQDctDEsTANsEYkyjJ4mwAmxIjlU-yT5w2JrKfQMZVQOItBA==
GET H2	200	fr-17a1db78.js Show response staging.dashboard.heropay.co/assets/	4 KB 2 KB	502ms 500ms	Script text/javascript	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.dashboard.heropay.co/assets/fr-17a1db78.js Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/assets/index-9982da77.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash bca405a53406c6fa9bb06c7b3e6c5bd78d2572d4faa52b113e5145c00b5a82f9 Request headers Referer https://staging.dashboard.heropay.co/assets/index-9982da77.js Origin https://staging.dashboard.heropay.co accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:21 GMT content-encoding gzip via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:49 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag W/"34dd7005b02b698ade5f88eec5ebd95b" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type text/javascript cache-control max-age=0,no-cache x-amz-cf-id a4Sc97nCMKwEm-QVfy-UHRxgE0O8AUIppuFYUnDWDvt1xQ3tcvV16w==
GET H2	200	modules.69643a16c30805061a6a.js Show response script.hotjar.com/	228 KB 56 KB	204ms 72ms	Script application/javascript	18.239.168.112 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.69643a16c30805061a6a.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-3530272.js?sv=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.239.168.112 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-239-168-112.bos50.r.cloudfront.net Software / Resource Hash 804b13b5357088583d46a0f1d21d67a55ee5717953267d4fee9b2dcccf43b128 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 13:19:06 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 a33b4a7ade2c9b4c38f3755095420bea.cloudfront.net (CloudFront) x-amz-cf-pop BOS50-P3 age 9674 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 56520 last-modified Mon, 30 Oct 2023 13:18:22 GMT etag "d0307b1dda59561c66df55cc7b4ab03a" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes x-robots-tag none x-amz-cf-id VdlPkoOyn-JgfXTiYzuilw0BZhGjFfHxsd2ZkR62q4THdu73ZkDyHw==
GET H2	200	en-fe06fc0c.js Show response staging.dashboard.heropay.co/assets/	23 KB 8 KB	504ms 504ms	Script text/javascript	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.dashboard.heropay.co/assets/en-fe06fc0c.js Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/assets/index-9982da77.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 246feb3a55578e73adfd46d7d4c26a0fbeaef53bb90d57bc18765581ca1887cc Request headers Referer https://staging.dashboard.heropay.co/assets/index-9982da77.js Origin https://staging.dashboard.heropay.co accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:21 GMT content-encoding gzip via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:49 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag W/"fe056bacac6608bf9ea26469e92d355a" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type text/javascript cache-control max-age=0,no-cache x-amz-cf-id IHfrDHW6lmHNmtJfj00vexV8uGQJx5G0-NKEZJv-unpWGUzLe42cGw==
GET H2	200	fr-a059b01d.js Show response staging.dashboard.heropay.co/assets/	25 KB 8 KB	491ms 491ms	Script text/javascript	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.dashboard.heropay.co/assets/fr-a059b01d.js Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/assets/index-9982da77.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f40f9c3b95914225d18534446dd6f8031784bed9a23f3d34b3e0eb697f9b1b71 Request headers Referer https://staging.dashboard.heropay.co/assets/index-9982da77.js Origin https://staging.dashboard.heropay.co accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:21 GMT content-encoding gzip via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:49 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag W/"9b5c40522126dcdeebc0c606ab11e30a" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type text/javascript cache-control max-age=0,no-cache x-amz-cf-id ToqdxrXzhoWW7xAdD0kjBXS3pTN7STOxqOvMAxD-mYwAwQ5FM-ulwQ==
GET H2	204	3530272 Show response vc.hotjar.io/sessions/	0 258 B	327ms 132ms	XHR text/plain	18.161.21.9 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vc.hotjar.io/sessions/3530272?s=0.25&r=0.22429074011138184 Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/assets/index-9982da77.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.161.21.9 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-161-21-9.bos50.r.cloudfront.net Software Python/3.8 aiohttp/3.8.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:20 GMT via 1.1 6c748592897536a14218f656977fbc38.cloudfront.net (CloudFront) server Python/3.8 aiohttp/3.8.4 x-amz-cf-pop BOS50-P1 x-cache Miss from cloudfront access-control-allow-origin * cache-control no-store x-amz-cf-id -S5dyNE93q5uMWFHN2aC6u9lR3eGRZlkqd5GLksDPMtsRq38I8qm2w==
OPTIONS H2	200	graphql staging.api.hero.fr/api/	0 0	556ms 146ms	Preflight	13.37.2.76 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.api.hero.fr/api/graphql Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.37.2.76 Paris, France, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-37-2-76.eu-west-3.compute.amazonaws.com Software kong/3.1.1 / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,content-type Access-Control-Request-Method POST Origin https://staging.dashboard.heropay.co Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers authorization,content-type access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE,TRACE,CONNECT,OPTIONS access-control-allow-origin https://staging.dashboard.heropay.co content-length 0 date Mon, 30 Oct 2023 16:00:21 GMT server kong/3.1.1 vary Origin x-kong-response-latency 0
POST H2	200	graphql Show response staging.api.hero.fr/api/	161 B 584 B	436ms 161ms	Fetch application/json	13.37.2.76 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.api.hero.fr/api/graphql Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/assets/index-9982da77.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.37.2.76 Paris, France, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-37-2-76.eu-west-3.compute.amazonaws.com Software / Express Resource Hash 964c36bd60949bf80ae4885b3342b62503609c02c9bfaabef4480c6640fa21b7 Request headers accept */* Referer https://staging.dashboard.heropay.co/ accept-language en-US,en;q=0.9 authorization User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 content-type application/json Response headers date Mon, 30 Oct 2023 16:00:22 GMT ratelimit-reset 1 via kong/3.1.1 x-ratelimit-limit-second 200 x-powered-by Express x-ratelimit-remaining-second 199 x-kong-proxy-latency 5 x-ratelimit-limit-minute 1800 x-kong-upstream-latency 6 x-ratelimit-remaining-minute 1799 ratelimit-limit 200 content-length 161 etag W/"a1-+7TgPpCGoqmQEKddxHhX8f7ak4I" vary Origin content-type application/json; charset=utf-8 access-control-allow-origin https://staging.dashboard.heropay.co access-control-allow-credentials true ratelimit-remaining 199
POST H2	200	/ Show response o1086518.ingest.sentry.io/api/6100378/envelope/	41 B 108 B	261ms 103ms	Fetch application/json	34.120.195.249 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://o1086518.ingest.sentry.io/api/6100378/envelope/?sentry_key=8acdda2bc0064f78aed831665bc9bbc3&sentry_version=7&sentry_client=sentry.javascript.react%2F7.64.0 Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/assets/index-9982da77.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 249.195.120.34.bc.googleusercontent.com Software nginx / Resource Hash 41825918f05a5c9f915d1a969655504b6756b09121da3aa0e2d831251be9912f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://staging.dashboard.heropay.co/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 30 Oct 2023 16:00:22 GMT strict-transport-security max-age=31536000; includeSubDomains; preload via 1.1 google server nginx vary origin,access-control-request-method,access-control-request-headers content-type application/json access-control-allow-origin * access-control-expose-headers x-sentry-error,x-sentry-rate-limits,retry-after x-envoy-upstream-service-time 2 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 41
POST H2	200	/ Show response o1086518.ingest.sentry.io/api/6100378/envelope/	41 B 373 B	247ms 101ms	Fetch application/json	34.120.195.249 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://o1086518.ingest.sentry.io/api/6100378/envelope/?sentry_key=8acdda2bc0064f78aed831665bc9bbc3&sentry_version=7&sentry_client=sentry.javascript.react%2F7.64.0 Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/assets/index-9982da77.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 249.195.120.34.bc.googleusercontent.com Software nginx / Resource Hash d7a1b9359d4b1aa247dc7d3b9675ecf9ec7ad89c6bcdc1cb8ee4cb5bc88262ce Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://staging.dashboard.heropay.co/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 30 Oct 2023 16:00:22 GMT strict-transport-security max-age=31536000; includeSubDomains; preload via 1.1 google server nginx vary origin,access-control-request-method,access-control-request-headers content-type application/json access-control-allow-origin * access-control-expose-headers x-sentry-error,x-sentry-rate-limits,retry-after x-envoy-upstream-service-time 0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 41
GET H2	200	gradient-bar-7feef139.png staging.dashboard.heropay.co/assets/	25 KB 26 KB	519ms 515ms	Image image/png	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://staging.dashboard.heropay.co/assets/gradient-bar-7feef139.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 7feef1394e8118dfd52ab531ae6161bdd15e90985093cc53104b8cdf56365fa3 Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/login?path=/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:23 GMT via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:50 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag "7951d35475829097845662a04a82e266" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control max-age=0,no-cache accept-ranges bytes content-length 25951 x-amz-cf-id oWVnPKWgkYF_rQ2RP6r4CLkoskRN0l55-SXcW5diWFg4iNzoT1PvZA==
GET H2	200	en.png staging.dashboard.heropay.co/flags/	1 KB 2 KB	517ms 512ms	Image image/png	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://staging.dashboard.heropay.co/flags/en.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 86b633fe47b77bff0390a50de05843c464b16e719a0f796b834e75651c526253 Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/login?path=/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:23 GMT via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:50 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag "472e5c39077f17636df20552effd6152" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control max-age=0,no-cache accept-ranges bytes content-length 1201 x-amz-cf-id AjUE2DToQwFCW78EJUC6jnhh-yD_5Yx9aMAcTfHS1Ec0U7R1hzBZbg==
GET H2	200	fr.png staging.dashboard.heropay.co/flags/	345 B 714 B	490ms 485ms	Image image/png	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://staging.dashboard.heropay.co/flags/fr.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash dace64eca85f13c78998f915c21c46c648c4ac37695bf15d4b0263ea01af7448 Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/login?path=/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:23 GMT via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:51 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag "1a436bf39632438ff23a1eae00dd2b94" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control max-age=0,no-cache accept-ranges bytes content-length 345 x-amz-cf-id 2CTjowFwuPVukkzsZiS7b-vBX23rgxoLti3lchiiH0rzA45T6hVc4A==
GET H2	200	es.png staging.dashboard.heropay.co/flags/	639 B 1010 B	498ms 494ms	Image image/png	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://staging.dashboard.heropay.co/flags/es.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 3d7ebdbd744a47d9f8a0c20b9dc9bd6d203187cf2e6c0a869eebf71d2f9686f5 Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/login?path=/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:23 GMT via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:50 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag "936e71c033f4bbf595d48ab674b08737" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control max-age=0,no-cache accept-ranges bytes content-length 639 x-amz-cf-id YjtcEn4TkmvDQf06pP1g1RVCuMWlbNT0rUcIE6plRPG9AFNAj4mT-A==
GET H2	200	de.png staging.dashboard.heropay.co/flags/	297 B 667 B	481ms 477ms	Image image/png	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://staging.dashboard.heropay.co/flags/de.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a733a95af8be6996e3e5a4d2f77a72b27d07f2e110c966fbca47aed0c2b819ea Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/login?path=/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:23 GMT via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:50 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag "edbd6682aba7c590860624e702a9559a" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control max-age=0,no-cache accept-ranges bytes content-length 297 x-amz-cf-id UOx_e6z9e7uGU-VU1LuHDUryJ44SAGDsBWewmcL-hOV9CKVcpRsL8w==
GET H2	200	it.png staging.dashboard.heropay.co/flags/	289 B 661 B	492ms 489ms	Image image/png	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://staging.dashboard.heropay.co/flags/it.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 68807ed4488c4921b0095f4d592c614ef9b5e444c3f4538a5cb32274344d99c4 Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/login?path=/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:23 GMT via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:50 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag "bddfa2fef7dd4369bcdb2741f4d84cfd" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control max-age=0,no-cache accept-ranges bytes content-length 289 x-amz-cf-id W6wsmZSBfjRkyFuuWqyIt8uvmvGA-whwhx-hxVRXARJhy8bAgWgICg==
GET H2	200	hero-illu-25f34f32.png staging.dashboard.heropay.co/assets/	388 KB 389 KB	220ms 217ms	Image image/png	2600:9000:20ea:2a00:19:4e9:8a40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://staging.dashboard.heropay.co/assets/hero-illu-25f34f32.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ea:2a00:19:4e9:8a40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 25f34f32ecec83ba0817008c3b22c5f475b28014bc0193947b9a113483086029 Request headers accept-language en-US,en;q=0.9 Referer https://staging.dashboard.heropay.co/login?path=/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 16:00:23 GMT via 1.1 d0aba1ed008065dfa80f3b92c85f7e52.cloudfront.net (CloudFront) last-modified Fri, 27 Oct 2023 12:52:50 GMT server AmazonS3 x-amz-cf-pop BOS50-C1 etag "9c4c17f25f30939a4b221995901380cc" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control max-age=0,no-cache accept-ranges bytes content-length 397367 x-amz-cf-id p96YKCgR9oAHwGNm0zDsTC9YIt29lv5mT56-3jv8e_Xaz8vYmwgbLQ==
POST H2	200	/ Show response o1086518.ingest.sentry.io/api/6100378/envelope/	41 B 105 B	76ms 55ms	Fetch application/json	34.120.195.249 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://o1086518.ingest.sentry.io/api/6100378/envelope/?sentry_key=8acdda2bc0064f78aed831665bc9bbc3&sentry_version=7&sentry_client=sentry.javascript.react%2F7.64.0 Requested by Host: staging.dashboard.heropay.co URL: https://staging.dashboard.heropay.co/assets/index-9982da77.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 249.195.120.34.bc.googleusercontent.com Software nginx / Resource Hash cffc96d0839ae8ceadb073ff11e7d9d01e617e24ac4a598c58e8dcfc54bdaea9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://staging.dashboard.heropay.co/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 30 Oct 2023 16:00:23 GMT strict-transport-security max-age=31536000; includeSubDomains; preload via 1.1 google server nginx vary origin,access-control-request-method,access-control-request-headers content-type application/json access-control-allow-origin * access-control-expose-headers x-sentry-error,x-sentry-rate-limits,retry-after x-envoy-upstream-service-time 0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 41

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture object| __SENTRY__ function| hj object| _hjSettings string| _scriptPath object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| __APOLLO_CLIENT__

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.heropay.co/	1970-01-20 15:51:23	Name: _hjFirstSeen Value: 1
			.heropay.co/	1970-01-20 15:51:21	Name: _hjIncludedInSessionSample_3530272 Value: 1
			.heropay.co/	1970-01-20 15:51:23	Name: _hjSession_3530272 Value: eyJpZCI6IjA2MDkyNzUyLTZmNDYtNDA0Yi05NjgxLTc1OTQwZDM5N2JmMiIsImNyZWF0ZWQiOjE2OTg2ODE2MjA1NzAsImluU2FtcGxlIjp0cnVlLCJzZXNzaW9uaXplckJldGFFbmFibGVkIjp0cnVlfQ==
			.heropay.co/	1970-01-21 00:36:57	Name: _hjSessionUser_3530272 Value: eyJpZCI6IjZiMGZmNTZjLTI2OTEtNWIyOC1iYjNlLWQwOWVjNzRkNmM5MiIsImNyZWF0ZWQiOjE2OTg2ODE2MjA1NjcsImV4aXN0aW5nIjp0cnVlfQ==
			.heropay.co/	1970-01-20 15:51:23	Name: _hjAbsoluteSessionInProgress Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
o1086518.ingest.sentry.io
script.hotjar.com
staging.api.hero.fr
staging.dashboard.heropay.co
static.hotjar.com
vc.hotjar.io
13.37.2.76
18.161.21.9
18.239.168.112
18.239.168.48
2600:9000:20ea:2a00:19:4e9:8a40:93a1
2607:f8b0:4020:804::2003
2607:f8b0:4020:807::200a
34.120.195.249
246feb3a55578e73adfd46d7d4c26a0fbeaef53bb90d57bc18765581ca1887cc
25f34f32ecec83ba0817008c3b22c5f475b28014bc0193947b9a113483086029
3d7ebdbd744a47d9f8a0c20b9dc9bd6d203187cf2e6c0a869eebf71d2f9686f5
41825918f05a5c9f915d1a969655504b6756b09121da3aa0e2d831251be9912f
47a8a3cac11d58041b7c0874be17d4c7f9a71fe87ec09e8dc3dbf047438346d5
5d539290233d4e921ec511bc773d3a1f6b0fa00bcd5650dbd9e903b73d009530
68807ed4488c4921b0095f4d592c614ef9b5e444c3f4538a5cb32274344d99c4
6e768ac80f1f94b8e99de6b20394d3cf3dbf359989542c8c33d09534e0949c43
7feef1394e8118dfd52ab531ae6161bdd15e90985093cc53104b8cdf56365fa3
804b13b5357088583d46a0f1d21d67a55ee5717953267d4fee9b2dcccf43b128
86b633fe47b77bff0390a50de05843c464b16e719a0f796b834e75651c526253
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
964c36bd60949bf80ae4885b3342b62503609c02c9bfaabef4480c6640fa21b7
a733a95af8be6996e3e5a4d2f77a72b27d07f2e110c966fbca47aed0c2b819ea
bca405a53406c6fa9bb06c7b3e6c5bd78d2572d4faa52b113e5145c00b5a82f9
c1fce64979a9fa9136ed4bf1ca75ccc562354ae1fc26309f5fcbdeef057fe881
cffc96d0839ae8ceadb073ff11e7d9d01e617e24ac4a598c58e8dcfc54bdaea9
d6eaa46ed4c428b99c32f45be7d3c148825d571869301ed37ade665a039aa2a9
d7a1b9359d4b1aa247dc7d3b9675ecf9ec7ad89c6bcdc1cb8ee4cb5bc88262ce
dace64eca85f13c78998f915c21c46c648c4ac37695bf15d4b0263ea01af7448
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f40f9c3b95914225d18534446dd6f8031784bed9a23f3d34b3e0eb697f9b1b71
fa2298bd5c07a4dd4f7b386edd08688035fecb918a46376fba9c9d955c550812