urlscan.io logo urlscan.io
SecurityTrails logo

www.jako.com Open in urlscan Pro
2a01:488:2000:d201::fb  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.jako.de//de//herren/_challenge//
Effective URL: https://www.jako.com/de-de/herren/_challenge/
Submission: On September 16 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 2a01:488:2000:d201::fb, located in Germany and belongs to GODADDY, DE. The main domain is www.jako.com.
TLS certificate: Issued by Thawte RSA CA 2018 on April 16th 2024. Valid for: a year.
This is the only time www.jako.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 62.138.219.24 61157 (PLUSSERVE...)
4 2a01:488:2000... 20773 (GODADDY)
4 2a02:26f0:480... 20940 (AKAMAI-ASN1)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
9 3
Apex Domain
Subdomains		 Transfer
5 typekit.net
use.typekit.net — Cisco Umbrella Rank: 462
p.typekit.net — Cisco Umbrella Rank: 578
52 KB
4 jako.com
www.jako.com
1 MB
1 jako.de
www.jako.de
340 B
9 3
Domain Requested by
4 use.typekit.net www.jako.com
use.typekit.net
4 www.jako.com www.jako.com
1 p.typekit.net use.typekit.net
1 www.jako.de 1 redirects
9 4

This site contains links to these domains. Also see Links.

Domain
jako.de
Subject Issuer Validity Valid
*.jako.com
Thawte RSA CA 2018		 2024-04-16 -
2025-04-15		 a year crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-27 -
2025-09-27		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.jako.com/de-de/herren/_challenge/
Frame ID: A5030C392CF10A302C7FDEC336FB212E
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

404 | jako.de

Page URL History Show full URLs

  1. http://www.jako.de//de//herren/_challenge// HTTP 307
    https://www.jako.de//de//herren/_challenge// HTTP 301
    https://www.jako.com/de-de/herren/_challenge/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

9
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

3
IPs

1
Countries

1175 kB
Transfer

1176 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.jako.de//de//herren/_challenge// HTTP 307
    https://www.jako.de//de//herren/_challenge// HTTP 301
    https://www.jako.com/de-de/herren/_challenge/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.jako.com/de-de/herren/_challenge/
Redirect Chain
  • http://www.jako.de//de//herren/_challenge//
  • https://www.jako.de//de//herren/_challenge//
  • https://www.jako.com/de-de/herren/_challenge/
4 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.jako.com/de-de/herren/_challenge/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:488:2000:d201::fb , Germany, ASN20773 (GODADDY, DE),
Reverse DNS
Software
Apache /
Resource Hash
59f8d2349168eee7c24d97be94f60f4403c9559cce7a2a341b09462d419e2601
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://b2b.jako.com localhost:8090 ws://127.0.0.1:35729 *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://b2b.jako.com localhost:8090 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com *.convertexperiments.com *.juicer.io *.cloudfront.net *.userlike.com *.ssl-images-amazon.com *.amazon.com *.amazon.de *.payments-amazon.com *.googleapis.com googlemaps.github.io *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com *.jquery.com *.googleadservices.com bat.bing.com googleads.g.doubleclick.net analytics.webgains.io w-it.m-t.io *.container.webgains.link track.webgains.com *.webgains.io *.amazonaws.com *.instagram.com api.sovendus.com cdn.jsdelivr.net *.googleoptimize.com https://c.paypal.com *.hello-charles.com https://maps.googleapis.com https://*.vbotickets.com https://98m0fp.jako.com; style-src 'self' https://b2b.jako.com localhost:8090 'self' 'unsafe-inline' *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com cdn.jsdelivr.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com https://*.vbotickets.com; img-src 'self' https://b2b.jako.com localhost:8090 'self' data: https://*.amazon.com https://*.amazon.de *.juicer.io *.ggpht.com *.trustedshops.com *.ssl-images-amazon.com https://*.payments-amazon.com https://*.google-analytics.com https://d23yuld0pofhhw.cloudfront.net *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de *.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com bat.bing.com *.amazonaws.com *.atdmt.com *.mollie.com *.myafterpay.com https://c.paypal.com https://b.stats.paypal.com userlike-cdn-operators.userlike.com m.media-amazon.com; font-src 'self' https://b2b.jako.com localhost:8090 'self' data: *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com *.cloudfront.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com; object-src 'self' https://b2b.jako.com localhost:8090 'self'; media-src 'self' https://b2b.jako.com localhost:8090 'self' *.googleapis.com *.gstatic.com *.juicer.io *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com; child-src 'self' https://b2b.jako.com localhost:8090 'self' https://www.computop-paygate.com https://www.fussball.de/static/layout/fbde2/egm//js/widget2.js https://*.amazon.de https://*.amazon.com https://*.payments-amazon.com *.googleapis.com *.hotjar.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com *.amazonaws.com *.webgains.link https://td.doubleclick.net https://*.vbotickets.com *.sovendus.com *.sovendus-connect.com https://c.paypal.com *.instagram.com *.container.webgains.link; form-action 'self' https://b2b.jako.com localhost:8090 payments.amazon.de; frame-ancestors 'self' https://b2b.jako.com localhost:8090 'self' *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com https://www.vbotickets.com; connect-src 'self' https://b2b.jako.com localhost:8090 'self' wss://ws.hotjar.com *.hotjar.io *.hotjar.com *.convertexperiments.com *.googleapis.com *.google.com *.trustedshops.com *.google-analytics.com w-it.m-t.io *.webgains.io *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.userlike.com wss://umd.userlike.com *.bing.com https://integration-api.sovendus.com https://identification-api.sovendus.com *.mollie.com *.algolia.net *.algolianet.com *.facebook.com *.hello-charles.com *.googleadservices.com www.juicer.io https://98m0fp.jako.com; worker-src 'self' https://b2b.jako.com localhost:8090 'self' blob: *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Connection
Upgrade, Keep-Alive
Content-Security-Policy
default-src 'self' https://b2b.jako.com localhost:8090 ws://127.0.0.1:35729 *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://b2b.jako.com localhost:8090 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com *.convertexperiments.com *.juicer.io *.cloudfront.net *.userlike.com *.ssl-images-amazon.com *.amazon.com *.amazon.de *.payments-amazon.com *.googleapis.com googlemaps.github.io *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com *.jquery.com *.googleadservices.com bat.bing.com googleads.g.doubleclick.net analytics.webgains.io w-it.m-t.io *.container.webgains.link track.webgains.com *.webgains.io *.amazonaws.com *.instagram.com api.sovendus.com cdn.jsdelivr.net *.googleoptimize.com https://c.paypal.com *.hello-charles.com https://maps.googleapis.com https://*.vbotickets.com https://98m0fp.jako.com; style-src 'self' https://b2b.jako.com localhost:8090 'self' 'unsafe-inline' *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com cdn.jsdelivr.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com https://*.vbotickets.com; img-src 'self' https://b2b.jako.com localhost:8090 'self' data: https://*.amazon.com https://*.amazon.de *.juicer.io *.ggpht.com *.trustedshops.com *.ssl-images-amazon.com https://*.payments-amazon.com https://*.google-analytics.com https://d23yuld0pofhhw.cloudfront.net *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de *.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com bat.bing.com *.amazonaws.com *.atdmt.com *.mollie.com *.myafterpay.com https://c.paypal.com https://b.stats.paypal.com userlike-cdn-operators.userlike.com m.media-amazon.com; font-src 'self' https://b2b.jako.com localhost:8090 'self' data: *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com *.cloudfront.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com; object-src 'self' https://b2b.jako.com localhost:8090 'self'; media-src 'self' https://b2b.jako.com localhost:8090 'self' *.googleapis.com *.gstatic.com *.juicer.io *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com; child-src 'self' https://b2b.jako.com localhost:8090 'self' https://www.computop-paygate.com https://www.fussball.de/static/layout/fbde2/egm//js/widget2.js https://*.amazon.de https://*.amazon.com https://*.payments-amazon.com *.googleapis.com *.hotjar.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com *.amazonaws.com *.webgains.link https://td.doubleclick.net https://*.vbotickets.com *.sovendus.com *.sovendus-connect.com https://c.paypal.com *.instagram.com *.container.webgains.link; form-action 'self' https://b2b.jako.com localhost:8090 payments.amazon.de; frame-ancestors 'self' https://b2b.jako.com localhost:8090 'self' *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com https://www.vbotickets.com; connect-src 'self' https://b2b.jako.com localhost:8090 'self' wss://ws.hotjar.com *.hotjar.io *.hotjar.com *.convertexperiments.com *.googleapis.com *.google.com *.trustedshops.com *.google-analytics.com w-it.m-t.io *.webgains.io *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.userlike.com wss://umd.userlike.com *.bing.com https://integration-api.sovendus.com https://identification-api.sovendus.com *.mollie.com *.algolia.net *.algolianet.com *.facebook.com *.hello-charles.com *.googleadservices.com www.juicer.io https://98m0fp.jako.com; worker-src 'self' https://b2b.jako.com localhost:8090 'self' blob: *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com;
Content-Type
text/html; charset=utf-8
Date
Mon, 16 Sep 2024 02:04:58 GMT
Keep-Alive
timeout=5, max=100
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Transfer-Encoding
chunked
Upgrade
h2
Vary
Origin
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-XSS-Protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
Date
Mon, 16 Sep 2024 02:04:58 GMT
Keep-Alive
timeout=15, max=100
Location
https://www.jako.com/de-de/herren/_challenge/
Server
Apache
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
egx4gzu.css
use.typekit.net/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/egx4gzu.css
Requested by
Host: www.jako.com
URL: https://www.jako.com/de-de/herren/_challenge/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
cd0961cbfeda2ce776fa6398b930ee0f17b1ab74827bf53cbeba7fcd84e8a0bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
https://www.jako.com/de-de/herren/_challenge/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Mon, 16 Sep 2024 02:04:58 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
879
logo.svg
www.jako.com/layout/assets/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.jako.com/layout/assets/logo.svg
Requested by
Host: www.jako.com
URL: https://www.jako.com/de-de/herren/_challenge/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:488:2000:d201::fb , Germany, ASN20773 (GODADDY, DE),
Reverse DNS
Software
Apache /
Resource Hash
2a3236750b46aff3f504a8f0aa725895b6001e96e9c9a1150bba49958fe6d4ea
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.jako.com/de-de/herren/_challenge/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 02:04:58 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Last-Modified
Wed, 11 Sep 2024 08:30:28 GMT
Server
Apache
ETag
"6d5-621d3cd694f6a"
Vary
Origin
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1749
p.css
p.typekit.net/ 		5 B
173 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=egx4gzu&ht=tk&f=12784.12785.12786.12787.12093.12094.12095&a=82745605&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/egx4gzu.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer
https://use.typekit.net/egx4gzu.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:04:58 GMT
last-modified
Sun, 19 May 2024 12:57:48 GMT
server
nginx
etag
"6649f74c-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
404.jpg
www.jako.com/userdata/images/Basics/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.jako.com/userdata/images/Basics/404.jpg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:488:2000:d201::fb , Germany, ASN20773 (GODADDY, DE),
Reverse DNS
Software
Apache /
Resource Hash
ffbe8a555102c18a83efc29906363b73131d9c769cefe9ceb85c6a9b28f9b464
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.jako.com/de-de/herren/_challenge/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 02:04:58 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Last-Modified
Tue, 09 Jan 2024 10:08:04 GMT
Server
Apache
ETag
"112dfd-60e807d85d782-gzip"
Transfer-Encoding
chunked
Vary
Accept-Encoding,Origin
Content-Type
image/jpeg
Cache-Control
max-age=31622400, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Expires
Tue, 16 Sep 2025 02:04:58 GMT
l
use.typekit.net/af/b825af/0000000000000000000118b1/27/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/b825af/0000000000000000000118b1/27/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/egx4gzu.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
a67e86b7f5b03d2017080fb3d210007b67a13df1e74251d3cba316c0e080ceca

Request headers

Referer
https://use.typekit.net/egx4gzu.css
Origin
https://www.jako.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:04:58 GMT
server
nginx
etag
"63a0071db60cf312ab7849eca9c028c9a26b0827"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
15568
l
use.typekit.net/af/bb00d4/00000000000000003b9b2244/27/ 		19 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/bb00d4/00000000000000003b9b2244/27/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/egx4gzu.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
044142725bc53fd2e526fb410cf5b4ca95e83a58da0229e6ef8025a510724c72

Request headers

Referer
https://use.typekit.net/egx4gzu.css
Origin
https://www.jako.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:04:58 GMT
server
nginx
etag
"f6d796c3a31e99aa85693b8fb75422c32f281cce"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
19912
l
use.typekit.net/af/9cb78a/0000000000000000000118ad/27/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/9cb78a/0000000000000000000118ad/27/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/egx4gzu.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ece Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
ade11a781ff76223c32cdda408ec3af85b07a09d566d797fd137bcd65421d928

Request headers

Referer
https://use.typekit.net/egx4gzu.css
Origin
https://www.jako.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:04:58 GMT
server
nginx
etag
"9a43687b502b4db376e5c8e08dbc50a45aac4f40"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
16176
favicon.ico
www.jako.com/layout/frontend/jako/dist/favicons/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.jako.com/layout/frontend/jako/dist/favicons/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a01:488:2000:d201::fb , Germany, ASN20773 (GODADDY, DE),
Reverse DNS
Software
Apache /
Resource Hash
b808789f81a352bf7f02284ce058605197ca8ae15acc1c2af9751935a2627516
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.jako.com/de-de/herren/_challenge/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 16 Sep 2024 02:04:58 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Last-Modified
Wed, 11 Sep 2024 08:30:28 GMT
Server
Apache
ETag
"3aee-621d3cd71ea9a"
Vary
Origin
Content-Type
image/vnd.microsoft.icon
Upgrade
h2
Cache-Control
max-age=31622400, public
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
15086

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://www.jako.com/de-de/herren/_challenge/
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://b2b.jako.com localhost:8090 ws://127.0.0.1:35729 *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://b2b.jako.com localhost:8090 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com *.convertexperiments.com *.juicer.io *.cloudfront.net *.userlike.com *.ssl-images-amazon.com *.amazon.com *.amazon.de *.payments-amazon.com *.googleapis.com googlemaps.github.io *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com *.jquery.com *.googleadservices.com bat.bing.com googleads.g.doubleclick.net analytics.webgains.io w-it.m-t.io *.container.webgains.link track.webgains.com *.webgains.io *.amazonaws.com *.instagram.com api.sovendus.com cdn.jsdelivr.net *.googleoptimize.com https://c.paypal.com *.hello-charles.com https://maps.googleapis.com https://*.vbotickets.com https://98m0fp.jako.com; style-src 'self' https://b2b.jako.com localhost:8090 'self' 'unsafe-inline' *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com cdn.jsdelivr.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com https://*.vbotickets.com; img-src 'self' https://b2b.jako.com localhost:8090 'self' data: https://*.amazon.com https://*.amazon.de *.juicer.io *.ggpht.com *.trustedshops.com *.ssl-images-amazon.com https://*.payments-amazon.com https://*.google-analytics.com https://d23yuld0pofhhw.cloudfront.net *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de *.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com bat.bing.com *.amazonaws.com *.atdmt.com *.mollie.com *.myafterpay.com https://c.paypal.com https://b.stats.paypal.com userlike-cdn-operators.userlike.com m.media-amazon.com; font-src 'self' https://b2b.jako.com localhost:8090 'self' data: *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com *.cloudfront.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com; object-src 'self' https://b2b.jako.com localhost:8090 'self'; media-src 'self' https://b2b.jako.com localhost:8090 'self' *.googleapis.com *.gstatic.com *.juicer.io *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com; child-src 'self' https://b2b.jako.com localhost:8090 'self' https://www.computop-paygate.com https://www.fussball.de/static/layout/fbde2/egm//js/widget2.js https://*.amazon.de https://*.amazon.com https://*.payments-amazon.com *.googleapis.com *.hotjar.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com *.amazonaws.com *.webgains.link https://td.doubleclick.net https://*.vbotickets.com *.sovendus.com *.sovendus-connect.com https://c.paypal.com *.instagram.com *.container.webgains.link; form-action 'self' https://b2b.jako.com localhost:8090 payments.amazon.de; frame-ancestors 'self' https://b2b.jako.com localhost:8090 'self' *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com https://www.vbotickets.com; connect-src 'self' https://b2b.jako.com localhost:8090 'self' wss://ws.hotjar.com *.hotjar.io *.hotjar.com *.convertexperiments.com *.googleapis.com *.google.com *.trustedshops.com *.google-analytics.com w-it.m-t.io *.webgains.io *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.userlike.com wss://umd.userlike.com *.bing.com https://integration-api.sovendus.com https://identification-api.sovendus.com *.mollie.com *.algolia.net *.algolianet.com *.facebook.com *.hello-charles.com *.googleadservices.com www.juicer.io https://98m0fp.jako.com; worker-src 'self' https://b2b.jako.com localhost:8090 'self' blob: *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.thinkowl.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block