urlscan.io logo urlscan.io
SecurityTrails logo

www.h4l.hvac-portal.com Open in urlscan Pro
138.197.166.221  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.h4l.hvac-portal.com/
Effective URL: https://www.h4l.hvac-portal.com/login?logout=true
Submission: On October 09 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 20 HTTP transactions. The main IP is 138.197.166.221, located in Toronto, Canada and belongs to DIGITALOCEAN-ASN, US. The main domain is www.h4l.hvac-portal.com.
TLS certificate: Issued by R10 on October 9th 2024. Valid for: 3 months.
This is the only time www.h4l.hvac-portal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 12 138.197.166.221 14061 (DIGITALOC...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 34.120.195.249 396982 (GOOGLE-CL...)
4 2607:f8b0:400... 15169 (GOOGLE)
20 6
12    138.197.166.221 (Toronto, Canada)

ASN14061 (DIGITALOCEAN-ASN, US)
www.h4l.hvac-portal.com
1    2607:f8b0:4004:c1b::5f (Washington, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700:3036::ac43:b89e (United States)

ASN13335 (CLOUDFLARENET, US)
fonts.cdnfonts.com
2    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o464686.ingest.us.sentry.io
4    2607:f8b0:4004:c1f::5e (Washington, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
12 hvac-portal.com
www.h4l.hvac-portal.com
504 KB
4 gstatic.com
fonts.gstatic.com
73 KB
2 sentry.io
o464686.ingest.us.sentry.io
601 B
1 cdnfonts.com
fonts.cdnfonts.com — Cisco Umbrella Rank: 8059
648 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
4 KB
20 5
Domain Requested by
12 www.h4l.hvac-portal.com 1 redirects www.h4l.hvac-portal.com
4 fonts.gstatic.com fonts.googleapis.com
2 o464686.ingest.us.sentry.io www.h4l.hvac-portal.com
1 fonts.cdnfonts.com www.h4l.hvac-portal.com
1 fonts.googleapis.com www.h4l.hvac-portal.com
20 5

This site contains no links.

Subject Issuer Validity Valid
h4l.hvac-portal.com
R10		 2024-10-09 -
2025-01-07		 3 months crt.sh
upload.video.google.com
WR2		 2024-09-16 -
2024-12-09		 3 months crt.sh
cdnfonts.com
WE1		 2024-09-20 -
2024-12-19		 3 months crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-10-03 -
2025-07-29		 10 months crt.sh
*.gstatic.com
WR2		 2024-09-16 -
2024-12-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.h4l.hvac-portal.com/login?logout=true
Frame ID: DCF4839D7E01FECDF84EE5DDAF729C21
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. https://www.h4l.hvac-portal.com/ HTTP 302
    https://www.h4l.hvac-portal.com/login?logout=true Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

20
Requests

95 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

580 kB
Transfer

1999 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.h4l.hvac-portal.com/ HTTP 302
    https://www.h4l.hvac-portal.com/login?logout=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
www.h4l.hvac-portal.com/
Redirect Chain
  • https://www.h4l.hvac-portal.com/
  • https://www.h4l.hvac-portal.com/login?logout=true
72 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.h4l.hvac-portal.com/login?logout=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.197.166.221 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
73bf7bc0e0f4899ac3b7f852aab3112f6fbe54ddf4f5acdabe4a2e93d4d20a84
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, private
content-encoding
br
content-type
text/html; charset=UTF-8
cross-origin-opener-policy
same-origin
date
Wed, 09 Oct 2024 12:37:46 GMT
referrer-policy
same-origin
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload;
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, private
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
date
Wed, 09 Oct 2024 12:37:46 GMT
location
https://www.h4l.hvac-portal.com/login?logout=true
referrer-policy
same-origin
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload;
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
h4l_logo_small.png
www.h4l.hvac-portal.com/images/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.h4l.hvac-portal.com/images/h4l_logo_small.png
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/login?logout=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.197.166.221 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
dd047cf2dac52330dbb1d6816b466f17658203ec9d5da37bb59556f542c6d06f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.h4l.hvac-portal.com/login?logout=true

Response headers

cache-control
max-age=315360000, public
etag
"67062bbb-4ef1"
pragma
public
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
20209
date
Wed, 09 Oct 2024 12:37:46 GMT
content-type
image/png
last-modified
Wed, 09 Oct 2024 07:07:39 GMT
server
nginx
vary
Accept-Encoding
index-BI4iBHdl.css
www.h4l.hvac-portal.com/build/assets/ 		268 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.h4l.hvac-portal.com/build/assets/index-BI4iBHdl.css
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/login?logout=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.197.166.221 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
1f829b0249d2c3cc777d35ab6cdbddf6ce5a3be10eedb4057a2842ff48d4b772

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.h4l.hvac-portal.com/login?logout=true

Response headers

cache-control
max-age=604800, public
content-encoding
br
etag
W/"67063369-4318e"
expires
Wed, 16 Oct 2024 12:37:46 GMT
date
Wed, 09 Oct 2024 12:37:46 GMT
content-type
text/css
last-modified
Wed, 09 Oct 2024 07:40:25 GMT
server
nginx
index-Bfu_qFsn.js
www.h4l.hvac-portal.com/build/assets/ 		1 MB
407 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.h4l.hvac-portal.com/build/assets/index-Bfu_qFsn.js
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/login?logout=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.197.166.221 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
951c4bdea281004c17a4c1c3d701c29e50b9f02c18d3a3c5de8a519dd766f776

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.h4l.hvac-portal.com
Referer
https://www.h4l.hvac-portal.com/login?logout=true

Response headers

cache-control
max-age=604800, public
content-encoding
br
etag
W/"67063369-16e982"
expires
Wed, 16 Oct 2024 12:37:46 GMT
date
Wed, 09 Oct 2024 12:37:46 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 09 Oct 2024 07:40:25 GMT
server
nginx
css2
fonts.googleapis.com/ 		81 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Coda&family=Taprom&family=Fasthand&family=PT+MonoBarlow:wght@100;200;300;400;500;600;700;800;900&family=Roboto:wght@100;200;300;400;500;600;700;800;900&family=Source+Sans+Pro:wght@100;200;300;400;500;600;700;800;900&family=Open+Sans:wght@100;200;300;400;500;600;700;800;900&family=IBM+Plex+Sans:wght@100;200;300;400;500;600;700;800;900&family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@24,400,1,0&display=swap
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/build/assets/index-BI4iBHdl.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
56330202faaf39f658a5ca51490daeb03275e63c0c6bf993ad3d41a074b9e35f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 09 Oct 2024 12:37:46 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 12:37:46 GMT
content-type
text/css; charset=utf-8
last-modified
Wed, 09 Oct 2024 12:37:46 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
rage-italic
fonts.cdnfonts.com/css/ 		161 B
648 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.cdnfonts.com/css/rage-italic
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/build/assets/index-BI4iBHdl.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:b89e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84d03a22e66ca58a98bc66325b41524e0ddd10342078b7a2741821c1652d6e0f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=2678400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-bgj
minify
cf-cache-status
HIT
age
18119538
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X0bod35MXgtLy7H3whyG7FngZkbultXxKkMLcq78KztMFFkDtTdN06TehWtaWchA67iPXgR1scSkQ9Ovt8XW6xecmUyhZIZOp%2Fxek2Rr6YGlk7TitGv%2FkG88QMD33aedl85iMKbGHROaHpEoIsUi9R8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cfe6c877b2cc3ff-EWR
cf-polished
origSize=196
access-control-allow-origin
*
date
Wed, 09 Oct 2024 12:37:46 GMT
content-type
text/css;charset=UTF-8
vary
Accept-Encoding
server
cloudflare
last-modified
Wed, 13 Mar 2024 19:25:28 GMT
ac7f41ba-e249-4ab4-840c-ba5f51d5431a
https://www.h4l.hvac-portal.com/ 		0
0
/
o464686.ingest.us.sentry.io/api/4507762977210368/envelope/ 		2 B
300 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o464686.ingest.us.sentry.io/api/4507762977210368/envelope/?sentry_key=f32e50abdd883b94a2dd7582181220be&sentry_version=7&sentry_client=sentry.javascript.vue%2F8.27.0
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/build/assets/index-Bfu_qFsn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.h4l.hvac-portal.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Wed, 09 Oct 2024 12:37:47 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
logout
www.h4l.hvac-portal.com/ 		62 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.h4l.hvac-portal.com/logout
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/build/assets/index-Bfu_qFsn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.197.166.221 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
3c68014d46c1dc0b3049242edc07dcaf34efa09d1a4976c60d8d0d7b7c4f4069
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sentry-trace
d6cafeb3efd74c7bab08dd8e028159f0-b5f9dc41d1b88b61-1
Referer
https://www.h4l.hvac-portal.com/login?logout=true
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
baggage
sentry-environment=production,sentry-release=8f2f224945527c0015bcb69465a14d2bab9ff8c0,sentry-public_key=f32e50abdd883b94a2dd7582181220be,sentry-trace_id=d6cafeb3efd74c7bab08dd8e028159f0,sentry-sample_rate=1,sentry-sampled=true

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload;
cache-control
no-cache, private
cross-origin-opener-policy
same-origin
content-encoding
br
x-content-type-options
nosniff
referrer-policy
same-origin
date
Wed, 09 Oct 2024 12:37:47 GMT
x-xss-protection
1; mode=block
content-type
application/json
server
nginx
x-frame-options
SAMEORIGIN
zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Coda&family=Taprom&family=Fasthand&family=PT+MonoBarlow:wght@100;200;300;400;500;600;700;800;900&family=Roboto:wght@100;200;300;400;500;600;700;800;900&family=Source+Sans+Pro:wght@100;200;300;400;500;600;700;800;900&family=Open+Sans:wght@100;200;300;400;500;600;700;800;900&family=IBM+Plex+Sans:wght@100;200;300;400;500;600;700;800;900&family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@24,400,1,0&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1f::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.h4l.hvac-portal.com
Referer
https://fonts.googleapis.com/

Response headers

age
442090
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 04 Oct 2025 09:49:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 09:49:37 GMT
last-modified
Tue, 02 May 2023 16:04:22 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
19156
x-xss-protection
0
server
sffe
login-DVUPyO45.js
www.h4l.hvac-portal.com/build/assets/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.h4l.hvac-portal.com/build/assets/login-DVUPyO45.js
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/build/assets/index-Bfu_qFsn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.197.166.221 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
d731b104324dea45b67ec89257f62e57998d1952d39aa22bbbca343d0348f965

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.h4l.hvac-portal.com
Referer

Response headers

cache-control
max-age=604800, public
content-encoding
br
etag
W/"67063369-b2e"
expires
Wed, 16 Oct 2024 12:37:47 GMT
date
Wed, 09 Oct 2024 12:37:47 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 09 Oct 2024 07:40:25 GMT
server
nginx
auto-row-Bs27ZuOI.js
www.h4l.hvac-portal.com/build/assets/ 		761 B
639 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.h4l.hvac-portal.com/build/assets/auto-row-Bs27ZuOI.js
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/build/assets/index-Bfu_qFsn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.197.166.221 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
273409817a1da83d66154ffcb0f28f8aa6f1961537844ff62e8edefed0cf2e53

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.h4l.hvac-portal.com
Referer

Response headers

cache-control
max-age=604800, public
content-encoding
br
etag
W/"67063369-2f9"
expires
Wed, 16 Oct 2024 12:37:47 GMT
date
Wed, 09 Oct 2024 12:37:47 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 09 Oct 2024 07:40:25 GMT
server
nginx
useTitle-AlAM4Qsh.js
www.h4l.hvac-portal.com/build/assets/ 		537 B
524 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.h4l.hvac-portal.com/build/assets/useTitle-AlAM4Qsh.js
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/build/assets/index-Bfu_qFsn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.197.166.221 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
49b078e4339ea265f2ac2b5787a5d6de0ff1d314a3c02d39a7c20e3c7b353d14

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.h4l.hvac-portal.com
Referer

Response headers

cache-control
max-age=604800, public
content-encoding
br
etag
W/"67063369-219"
expires
Wed, 16 Oct 2024 12:37:47 GMT
date
Wed, 09 Oct 2024 12:37:47 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 09 Oct 2024 07:40:25 GMT
server
nginx
logout
www.h4l.hvac-portal.com/ 		62 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.h4l.hvac-portal.com/logout
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/build/assets/index-Bfu_qFsn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.197.166.221 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
3c68014d46c1dc0b3049242edc07dcaf34efa09d1a4976c60d8d0d7b7c4f4069
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sentry-trace
d6cafeb3efd74c7bab08dd8e028159f0-93130874f4a02d9c-1
Referer
https://www.h4l.hvac-portal.com/login?logout=true
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
baggage
sentry-environment=production,sentry-release=8f2f224945527c0015bcb69465a14d2bab9ff8c0,sentry-public_key=f32e50abdd883b94a2dd7582181220be,sentry-trace_id=d6cafeb3efd74c7bab08dd8e028159f0,sentry-sample_rate=1,sentry-transaction=login,sentry-sampled=true

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload;
cache-control
no-cache, private
cross-origin-opener-policy
same-origin
content-encoding
br
x-content-type-options
nosniff
referrer-policy
same-origin
date
Wed, 09 Oct 2024 12:37:47 GMT
x-xss-protection
1; mode=block
content-type
application/json
server
nginx
x-frame-options
SAMEORIGIN
csrfToken
www.h4l.hvac-portal.com/ 		105 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.h4l.hvac-portal.com/csrfToken
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/build/assets/index-Bfu_qFsn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.197.166.221 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
50adfdc16960750e4d78220eb74d339e8a65108e6d27b772deb3895faa7eea9a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sentry-trace
d6cafeb3efd74c7bab08dd8e028159f0-a1a2670ee5568702-1
Referer
https://www.h4l.hvac-portal.com/login?logout=true
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
baggage
sentry-environment=production,sentry-release=8f2f224945527c0015bcb69465a14d2bab9ff8c0,sentry-public_key=f32e50abdd883b94a2dd7582181220be,sentry-trace_id=d6cafeb3efd74c7bab08dd8e028159f0,sentry-sample_rate=1,sentry-transaction=login,sentry-sampled=true

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload;
cache-control
no-cache, private
cross-origin-opener-policy
same-origin
content-encoding
br
x-content-type-options
nosniff
referrer-policy
same-origin
date
Wed, 09 Oct 2024 12:37:47 GMT
x-xss-protection
1; mode=block
content-type
application/json
server
nginx
x-frame-options
SAMEORIGIN
zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Coda&family=Taprom&family=Fasthand&family=PT+MonoBarlow:wght@100;200;300;400;500;600;700;800;900&family=Roboto:wght@100;200;300;400;500;600;700;800;900&family=Source+Sans+Pro:wght@100;200;300;400;500;600;700;800;900&family=Open+Sans:wght@100;200;300;400;500;600;700;800;900&family=IBM+Plex+Sans:wght@100;200;300;400;500;600;700;800;900&family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@24,400,1,0&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1f::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
31535a91ce3f6b8ed3ddedadab1e49957e2220263a640df1a3f14f6fdfe15eb6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.h4l.hvac-portal.com
Referer
https://fonts.googleapis.com/

Response headers

age
441179
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 04 Oct 2025 10:04:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 10:04:48 GMT
last-modified
Tue, 02 May 2023 16:19:23 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
20356
x-xss-protection
0
server
sffe
zYX9KVElMYYaJe8bpLHnCwDKjSL9AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjSL9AIFsdA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Coda&family=Taprom&family=Fasthand&family=PT+MonoBarlow:wght@100;200;300;400;500;600;700;800;900&family=Roboto:wght@100;200;300;400;500;600;700;800;900&family=Source+Sans+Pro:wght@100;200;300;400;500;600;700;800;900&family=Open+Sans:wght@100;200;300;400;500;600;700;800;900&family=IBM+Plex+Sans:wght@100;200;300;400;500;600;700;800;900&family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@24,400,1,0&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1f::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5ef914e59b0047a261844d96acabb60c34d3acab6b85ea24198726ce4781fd37
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.h4l.hvac-portal.com
Referer
https://fonts.googleapis.com/

Response headers

age
439385
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 04 Oct 2025 10:34:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 10:34:42 GMT
last-modified
Tue, 02 May 2023 15:58:54 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
20064
x-xss-protection
0
server
sffe
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Coda&family=Taprom&family=Fasthand&family=PT+MonoBarlow:wght@100;200;300;400;500;600;700;800;900&family=Roboto:wght@100;200;300;400;500;600;700;800;900&family=Source+Sans+Pro:wght@100;200;300;400;500;600;700;800;900&family=Open+Sans:wght@100;200;300;400;500;600;700;800;900&family=IBM+Plex+Sans:wght@100;200;300;400;500;600;700;800;900&family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@24,400,1,0&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1f::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.h4l.hvac-portal.com
Referer
https://fonts.googleapis.com/

Response headers

age
424590
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 04 Oct 2025 14:41:17 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 14:41:17 GMT
last-modified
Thu, 01 Jun 2023 22:52:55 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
14824
x-xss-protection
0
server
sffe
favicon.ico
www.h4l.hvac-portal.com/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.h4l.hvac-portal.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
138.197.166.221 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
2eadc02f1a93e8ab7abb358a7a6ed30618cdd8542655fd2a39cc055b61e660fe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.h4l.hvac-portal.com/login?logout=true

Response headers

cache-control
max-age=315360000, public
etag
"65558791-3aee"
pragma
public
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
15086
date
Wed, 09 Oct 2024 12:37:47 GMT
content-type
image/x-icon
last-modified
Thu, 16 Nov 2023 03:08:01 GMT
server
nginx
vary
Accept-Encoding
/
o464686.ingest.us.sentry.io/api/4507762977210368/envelope/ 		198 B
301 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o464686.ingest.us.sentry.io/api/4507762977210368/envelope/?sentry_key=f32e50abdd883b94a2dd7582181220be&sentry_version=7&sentry_client=sentry.javascript.vue%2F8.27.0
Requested by
Host: www.h4l.hvac-portal.com
URL: https://www.h4l.hvac-portal.com/build/assets/index-Bfu_qFsn.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.h4l.hvac-portal.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-sentry-rate-limits
60:transaction;profile;span;span_indexed:organization:span_usage_exceeded
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
retry-after
60
content-encoding
zstd
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 12:37:50 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers, accept-encoding
server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.h4l.hvac-portal.com
URL
blob:https://www.h4l.hvac-portal.com/ac7f41ba-e249-4ab4-840c-ba5f51d5431a

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _sentryDebugIds string| _sentryDebugIdIdentifier object| SENTRY_RELEASE object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__ function| flatpickr boolean| __VUE__ object| __SENTRY__

3 Cookies

Domain/Path Name / Value
www.h4l.hvac-portal.com/ Name: __ga4
Value: LtLTGoFQSfPulxGzU9bBmF6bycRJDEP5WNgpjErX
www.h4l.hvac-portal.com/ Name: XSRF-TOKEN
Value: eyJpdiI6InRIV0JaSjJ5QnZBUlJpNklvbGFRdnc9PSIsInZhbHVlIjoidkgrZzh5ZHZuSU9tUzBvcW9EdGRHTzFWQnNaWHdib2hDU2Z1UVVqRkk1WHVoYXlzeGFBeHRuOWRJb0YvQjNiaTBIbVBmakpCaVJuUFJVTEJHZC9HbjB3UTlqZGh3bE9NQ3l2M2NEMFhpYThWZGo3dHZvUnFOeWZuY3pHb2t0R3ciLCJtYWMiOiJlZjhkMWFlODhhNmRlODc4YThkNjhlNzU1MjU2N2E3ZjYxMjViZDhjMzY0ZGUyYjQ1NDg0MDA5OGFkMWVkZjRiIiwidGFnIjoiIn0%3D
www.h4l.hvac-portal.com/ Name: LtLTGoFQSfPulxGzU9bBmF6bycRJDEP5WNgpjErX
Value: %7B%22data%22%3A%22eyJpdiI6IjJ2M01NM01WazNWNkxxZ2lERlBucXc9PSIsInZhbHVlIjoiK1pUSEpBM050VytPL2NIQmYvRmJrMmlRbi9tWHloZHozcks0akpZQWdlSVJhM2k2V3E5ZFQvamhSYWJoWTV2a014S2FlV3FSaEZBU0tMdVlCMU9pcXN4OGJpRHMwN3ZJMWZHc1hTWUMwTHpXUDkwM1AwRCtEZWFLdEcwbk1yOGxEbk5ZUkJHQmh5VEJldy9DMWFyQ2QvaEdwR01GK2RNRXBsbStETEpqaGk4MGQ4K1VjS1J0WC9WaTlkd0hDeGxVYnhRNENEOVVsckFMM1Nmd0JiY2JWTjBjMk5xM1lkbldtS21SMEdMWHdjeS9VQVlnVFIzelNUSXdHTVFDcXVWWXQybnpNR2VCQ28zRjY3UGVYemIwK3ZlODVlaUk1eEcza3lWOER1T1Z3OGM9IiwibWFjIjoiOTA4ODNmNzhkOTczNDJmNjNmMjI1MmQ5OWJjNDRmZDQyMTE4YTk5ODQ4NTUzNWY3OTllZmRlNzZhMTUwMzVjMiIsInRhZyI6IiJ9%22%2C%22expires%22%3A1729125467%7D

2 Console Messages

Source Level URL
Text
network error URL: https://o464686.ingest.us.sentry.io/api/4507762977210368/envelope/?sentry_key=f32e50abdd883b94a2dd7582181220be&sentry_version=7&sentry_client=sentry.javascript.vue%2F8.27.0
Message:
Failed to load resource: the server responded with a status of 429 ()
javascript warning URL: https://www.h4l.hvac-portal.com/login?logout=true
Message:
The resource https://www.h4l.hvac-portal.com/images/h4l_logo_small.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.cdnfonts.com
fonts.googleapis.com
fonts.gstatic.com
o464686.ingest.us.sentry.io
www.h4l.hvac-portal.com
www.h4l.hvac-portal.com
138.197.166.221
2606:4700:3036::ac43:b89e
2607:f8b0:4004:c1b::5f
2607:f8b0:4004:c1f::5e
34.120.195.249
1f829b0249d2c3cc777d35ab6cdbddf6ce5a3be10eedb4057a2842ff48d4b772
273409817a1da83d66154ffcb0f28f8aa6f1961537844ff62e8edefed0cf2e53
2eadc02f1a93e8ab7abb358a7a6ed30618cdd8542655fd2a39cc055b61e660fe
31535a91ce3f6b8ed3ddedadab1e49957e2220263a640df1a3f14f6fdfe15eb6
3c68014d46c1dc0b3049242edc07dcaf34efa09d1a4976c60d8d0d7b7c4f4069
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
49b078e4339ea265f2ac2b5787a5d6de0ff1d314a3c02d39a7c20e3c7b353d14
50adfdc16960750e4d78220eb74d339e8a65108e6d27b772deb3895faa7eea9a
56330202faaf39f658a5ca51490daeb03275e63c0c6bf993ad3d41a074b9e35f
5ef914e59b0047a261844d96acabb60c34d3acab6b85ea24198726ce4781fd37
73bf7bc0e0f4899ac3b7f852aab3112f6fbe54ddf4f5acdabe4a2e93d4d20a84
84d03a22e66ca58a98bc66325b41524e0ddd10342078b7a2741821c1652d6e0f
951c4bdea281004c17a4c1c3d701c29e50b9f02c18d3a3c5de8a519dd766f776
bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
d731b104324dea45b67ec89257f62e57998d1952d39aa22bbbca343d0348f965
db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922
dd047cf2dac52330dbb1d6816b466f17658203ec9d5da37bb59556f542c6d06f