discourse.festnoz.de Open in urlscan Pro
2a01:4f8:c0c:1eb0::1  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response discourse.festnoz.de/	17 KB 4 KB	175ms 106ms	Document text/html	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Flarum Resource Hash cfcd02cc6f0684ea5e9d4430ed2060fecaabdac0ce8254114365cb7787dd24b9 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers content-encoding gzip content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; content-type text/html; charset=utf-8 date Sat, 21 Sep 2024 05:45:05 GMT permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() referrer-policy same-origin server nginx strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding x-content-type-options nosniff x-csrf-token PEcnK714pl77vQ9HxL3YABvY1cLTVZOURG57asvX x-download-options noopen x-frame-options SAMEORIGIN x-permitted-cross-domain-policies none x-powered-by Flarum x-sso-wat You've just been SSOed x-xss-protection 1; mode=block
GET H2	200	forum.css discourse.festnoz.de/assets/	170 KB 35 KB	56ms 55ms	Stylesheet text/css	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/assets/forum.css?v=132d2924 Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash d4dc3edca5d17d4cf93cb1b98fa5d814aab8ff330ba876b94b7869f43b2116fd Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://discourse.festnoz.de/ Response headers content-encoding gzip etag W/"667c2a26-2a83b" x-permitted-cross-domain-policies none x-content-type-options nosniff x-sso-wat You've just been SSOed date Sat, 21 Sep 2024 05:45:05 GMT content-type text/css last-modified Wed, 26 Jun 2024 14:48:06 GMT vary Accept-Encoding x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; cache-control max-age=31536000 x-download-options noopen permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() x-xss-protection 1; mode=block server nginx
GET H2	200	forum.js Show response discourse.festnoz.de/assets/	772 KB 226 KB	79ms 79ms	Script application/javascript	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/assets/forum.js?v=a83f6170 Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash b2653bfd2f8c276c786ef26c595d0a2d7ef16e6e5111c634a05a94461b000f00 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://discourse.festnoz.de/ Response headers content-encoding gzip etag W/"667c2a25-c0fa1" x-permitted-cross-domain-policies none x-content-type-options nosniff x-sso-wat You've just been SSOed date Sat, 21 Sep 2024 05:45:05 GMT content-type application/javascript last-modified Wed, 26 Jun 2024 14:48:05 GMT vary Accept-Encoding x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; cache-control max-age=31536000 x-download-options noopen permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() x-xss-protection 1; mode=block server nginx
GET H2	200	forum-de.js Show response discourse.festnoz.de/assets/	38 KB 9 KB	80ms 80ms	Script application/javascript	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/assets/forum-de.js?v=b10b367d Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash a9d9f1954629e26a6ec6b538103c1fc07a268d60162d9b5c08e551bc97314db4 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://discourse.festnoz.de/ Response headers content-encoding gzip etag W/"667c2a25-9968" x-permitted-cross-domain-policies none x-content-type-options nosniff x-sso-wat You've just been SSOed date Sat, 21 Sep 2024 05:45:05 GMT content-type application/javascript last-modified Wed, 26 Jun 2024 14:48:05 GMT vary Accept-Encoding x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; cache-control max-age=31536000 x-download-options noopen permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() x-xss-protection 1; mode=block server nginx
GET H2	200	fa-solid-900.woff2 discourse.festnoz.de/assets/fonts/	76 KB 77 KB	81ms 80ms	Font application/octet-stream	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/assets/fonts/fa-solid-900.woff2 Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash 9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://discourse.festnoz.de Referer https://discourse.festnoz.de/ Response headers etag "6502cc82-131bc" x-permitted-cross-domain-policies none x-content-type-options nosniff x-sso-wat You've just been SSOed date Sat, 21 Sep 2024 05:45:05 GMT content-type application/octet-stream last-modified Thu, 14 Sep 2023 09:04:02 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; cache-control max-age=2592000 x-download-options noopen permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() accept-ranges bytes content-length 78268 x-xss-protection 1; mode=block server nginx
GET H2	200	fa-regular-400.woff2 discourse.festnoz.de/assets/fonts/	13 KB 14 KB	81ms 80ms	Font application/octet-stream	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/assets/fonts/fa-regular-400.woff2 Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://discourse.festnoz.de Referer https://discourse.festnoz.de/ Response headers etag "6502cc82-33a8" x-permitted-cross-domain-policies none x-content-type-options nosniff x-sso-wat You've just been SSOed date Sat, 21 Sep 2024 05:45:05 GMT content-type application/octet-stream last-modified Thu, 14 Sep 2023 09:04:02 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; cache-control max-age=2592000 x-download-options noopen permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() accept-ranges bytes content-length 13224 x-xss-protection 1; mode=block server nginx
GET H2	200	logo-sugqatdz.png discourse.festnoz.de/assets/	3 KB 4 KB	81ms 81ms	Image image/png	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://discourse.festnoz.de/assets/logo-sugqatdz.png Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash 93adae1b83acd996686646384ea1ab8ab20c0d1cd1c4530a0abb8c61d1ad9f69 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://discourse.festnoz.de/ Response headers etag "650bd7a6-dc5" x-permitted-cross-domain-policies none x-content-type-options nosniff x-sso-wat You've just been SSOed date Sat, 21 Sep 2024 05:45:05 GMT content-type image/png last-modified Thu, 21 Sep 2023 05:41:58 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; cache-control max-age=2592000 x-download-options noopen permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() accept-ranges bytes content-length 3525 x-xss-protection 1; mode=block server nginx
GET H2	200	discussions Show response discourse.festnoz.de/api/	76 KB 77 KB	105ms 105ms	XHR application/vnd.api+json	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/api/discussions?sort=-commentCount&page%5Blimit%5D=3&include=firstPost%2Cuser%2Ctags Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/assets/forum.js?v=a83f6170 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash 33b16da1a8368a86cf8048a990baa85f01fb82c583124b2f4eb13e158836c758 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 X-CSRF-Token PEcnK714pl77vQ9HxL3YABvY1cLTVZOURG57asvX Referer https://discourse.festnoz.de/ Response headers strict-transport-security max-age=63072000; includeSubDomains; preload x-csrf-token PEcnK714pl77vQ9HxL3YABvY1cLTVZOURG57asvX content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; x-permitted-cross-domain-policies none x-content-type-options nosniff x-download-options noopen x-sso-wat You've just been SSOed permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() date Sat, 21 Sep 2024 05:45:05 GMT x-xss-protection 1; mode=block content-type application/vnd.api+json server nginx x-frame-options SAMEORIGIN
GET H2	404	favicon.ico discourse.festnoz.de/	548 B 772 B	26ms 25ms	Other text/html	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Bad Soden-Salmuenster, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://discourse.festnoz.de/ Response headers strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; cache-control max-age=2592000 content-encoding gzip x-permitted-cross-domain-policies none x-content-type-options nosniff x-download-options noopen x-sso-wat You've just been SSOed permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() date Sat, 21 Sep 2024 05:45:05 GMT x-xss-protection 1; mode=block content-type text/html vary Accept-Encoding server nginx x-frame-options SAMEORIGIN

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| flarum object| module function| $ function| jQuery function| m function| dayjs object| punycode function| ColorThief object| regeneratorRuntime object| app object| s9e

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			discourse.festnoz.de/	1970-01-20 23:41:44	Name: flarum_session Value: uSQ68Bd0TtnGpSg8xAwtbVKGVK5U8pJFvqATI9x7

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
network	error	URL: https://discourse.festnoz.de/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

discourse.festnoz.de
2a01:4f8:c0c:1eb0::1
33b16da1a8368a86cf8048a990baa85f01fb82c583124b2f4eb13e158836c758
93adae1b83acd996686646384ea1ab8ab20c0d1cd1c4530a0abb8c61d1ad9f69
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
a9d9f1954629e26a6ec6b538103c1fc07a268d60162d9b5c08e551bc97314db4
b2653bfd2f8c276c786ef26c595d0a2d7ef16e6e5111c634a05a94461b000f00
cfcd02cc6f0684ea5e9d4430ed2060fecaabdac0ce8254114365cb7787dd24b9
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
d4dc3edca5d17d4cf93cb1b98fa5d814aab8ff330ba876b94b7869f43b2116fd
e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca