caritas.hintbox.at Open in urlscan Pro
49.12.22.242 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://caritas.hintbox.at/
Submission: On February 06 via manual (February 6th 2024, 11:28:53 am UTC) from AT — Scanned from AT

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 49.12.22.242, located in Germany and belongs to HETZNER-AS, DE. The main domain is caritas.hintbox.at.
TLS certificate: Issued by R3 on January 28th 2024. Valid for: 3 months.

This is the only time caritas.hintbox.at was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
19	49.12.22.242 49.12.22.242		24940 (HETZNER-AS) (HETZNER-AS)
19	2

19 49.12.22.242 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.242.22.12.49.clients.your-server.de

caritas.hintbox.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	hintbox.at caritas.hintbox.at	8 MB
19	1

	Domain	Requested by
19	caritas.hintbox.at	caritas.hintbox.at
19	1

This site contains no links.

Subject Issuer	Validity	Valid
*.hintbox.at R3	`2024-01-28` - `2024-04-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://caritas.hintbox.at/
Frame ID: 77C8D64D81E5A79B28668067B0CEC91E
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hintbox

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

7870 kB
Transfer

21941 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
caritas.hintbox.at/ 366 B
1 KB 112ms
31ms Document
text/html 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

6a02d3727e413444e42deae0027083dcf4da6cda326e92b7d5896b7cf61e06b6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-AT,de;q=0.9

Response headers

access-control-allow-methods: GET
access-control-allow-origin: https://buy.hintbox.de
cache-control: no-cache
content-encoding: gzip
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
content-type: text/html
date: Tue, 06 Feb 2024 11:28:43 GMT
etag: W/"65a02d17-16e"
expires: Thu, 01 Jan 1970 00:00:01 GMT
last-modified: Thu, 11 Jan 2024 18:01:59 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
referrer-policy: no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-robots-tag: noindex
x-xss-protection: 1; mode=block

GET
H2 200 main.3488cf38.js Show response
caritas.hintbox.at/static/js/ 20 MB
6 MB 42ms
41ms Script
application/javascript 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/static/js/main.3488cf38.js

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

6a2fe18c5f90547d45614b0534bb905fd041350a4c51933c91f7c0f0811fabe8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-AT,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 11:28:43 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 11 Jan 2024 18:01:59 GMT
etag: W/"65a02d17-13a3b1b"
x-frame-options: DENY
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://buy.hintbox.de
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main.b373442d.css
caritas.hintbox.at/static/css/ 27 KB
7 KB 28ms
28ms Stylesheet
text/css 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/static/css/main.b373442d.css

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

73d443808529b96c21c0e7e9954aed983c63eea02fd60cfffd81d64ee681fad5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-AT,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 11:28:43 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 11 Jan 2024 18:01:59 GMT
etag: W/"65a02d17-6ab3"
x-frame-options: DENY
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: https://buy.hintbox.de
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 building-blocks-anim.svg
caritas.hintbox.at/static/img/ 2 KB
3 KB 27ms
26ms Image
image/svg+xml 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://caritas.hintbox.at/static/img/building-blocks-anim.svg

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

a7912032881e416c7c15b087dc18ca516c4d179bc15411313d8d33087700a3df

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-AT,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 11:28:44 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 2122
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 11 Jan 2024 17:56:18 GMT
etag: "65a02bc2-84a"
x-frame-options: DENY
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: https://buy.hintbox.de
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
accept-ranges: bytes
x-robots-tag: noindex
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
caritas.hintbox.at/api/settings/ 476 B
1 KB 46ms
46ms Fetch
application/json 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/api/settings/?key=basic_settings

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/js/main.3488cf38.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

6af42d4eb69469b4fef51fc7783f7d0c603fda832fbe570346a94b3ceaa2157d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
sentry-trace: 72ab3e406dc84f3b923a3de28e4ba5e6-87c4a01613ef9bb1-0

Response headers

date: Tue, 06 Feb 2024 11:28:44 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
allow: GET, POST, HEAD, OPTIONS
content-type: application/json
vary: Origin
access-control-allow-origin: https://buy.hintbox.de
access-control-allow-methods: GET
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
content-length: 476
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
caritas.hintbox.at/api/settings/tenant_quantity/ 22 B
804 B 39ms
38ms Fetch
application/json 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/api/settings/tenant_quantity/

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/js/main.3488cf38.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

6de03bd2524d085a2b36ab7740e01661bce5674ecddfd2f26827bd6c37ffe77c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
sentry-trace: 72ab3e406dc84f3b923a3de28e4ba5e6-817a134364d026fc-0

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
allow: GET, HEAD, OPTIONS
content-type: application/json
vary: Origin
access-control-allow-origin: https://buy.hintbox.de
access-control-allow-methods: GET
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
content-length: 22
x-xss-protection: 1; mode=block

GET
H2 200 nunito-v20-latin-regular.f0f97349170ecf46ba43.woff2
caritas.hintbox.at/static/media/ 14 KB
14 KB 27ms
26ms Font
font/woff2 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/static/media/nunito-v20-latin-regular.f0f97349170ecf46ba43.woff2

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/css/main.b373442d.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

cb8dfe31c1772278d6e6c6237aa0bdf1d686bf1464cc3c40ed925c6193ec62f1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://caritas.hintbox.at
accept-language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 14004
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 11 Jan 2024 18:01:59 GMT
etag: "65a02d17-36b4"
x-frame-options: DENY
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: https://buy.hintbox.de
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
accept-ranges: bytes
x-robots-tag: noindex

GET
H2 200 / Show response
caritas.hintbox.at/api/areas/ 6 KB
6 KB 75ms
74ms Fetch
application/json 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/api/areas/?fields=id,name,title,description,logo,has_published_forms,related_tenants

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/js/main.3488cf38.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

3452937303db3b40b50e83781cef9097dea82fc4bfd776e7e7d309684b7f6263

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
sentry-trace: 72ab3e406dc84f3b923a3de28e4ba5e6-990c4d1693ad53f0-0

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
allow: GET, POST, HEAD, OPTIONS
content-type: application/json
vary: Origin
access-control-allow-origin: https://buy.hintbox.de
access-control-allow-methods: GET
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
content-length: 5666
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
caritas.hintbox.at/api/category/ 58 KB
59 KB 152ms
151ms Fetch
application/json 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/api/category/?deactivated=false

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/js/main.3488cf38.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

0643b07a3afda714d6e7b7d69602c6a748067092a69d4acc6a5506a1acee7ed5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
sentry-trace: 72ab3e406dc84f3b923a3de28e4ba5e6-9e342ff12565a625-0

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
allow: GET, POST, HEAD, OPTIONS
content-type: application/json
vary: Origin
access-control-allow-origin: https://buy.hintbox.de
access-control-allow-methods: GET
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
content-length: 59445
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
caritas.hintbox.at/api/tenants/ 1 KB
2 KB 47ms
47ms Fetch
application/json 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/api/tenants/?deactivated=false&page_size=100&fields=id,name,country,deactivated,default,licensed

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/js/main.3488cf38.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

65656b69dbfcfc383645899d2872a53e9ea3c4109345d2028ad6e18a3109e657

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
sentry-trace: 72ab3e406dc84f3b923a3de28e4ba5e6-bcd895369d4f6a51-0

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
allow: GET, POST, HEAD, OPTIONS
content-type: application/json
vary: Origin
access-control-allow-origin: https://buy.hintbox.de
access-control-allow-methods: GET
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
content-length: 1092
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
caritas.hintbox.at/api/supported_languages/active/ 344 B
1 KB 43ms
43ms Fetch
application/json 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/api/supported_languages/active/

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/js/main.3488cf38.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

0c40aa9377bea4937a7b5caa1675f30dba049d59d35b2c3d5214674edb8af1a3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
sentry-trace: 72ab3e406dc84f3b923a3de28e4ba5e6-8771a4e96273013d-0

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
allow: GET
content-type: application/json
vary: Origin
access-control-allow-origin: https://buy.hintbox.de
access-control-allow-methods: GET
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
content-length: 344
x-xss-protection: 1; mode=block

GET
H2 200 b8898eb0-a3d.jpg
caritas.hintbox.at/api/data/public/settings/ 96 KB
97 KB 64ms
63ms Image
image/jpeg 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://caritas.hintbox.at/api/data/public/settings/b8898eb0-a3d.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

be6c29d07271c25f676a030286c3f9179388f1b70ebbe5d368615d6a1038494d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-AT,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 98344
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 24 Oct 2023 09:43:38 GMT
etag: "653791ca-18028"
x-frame-options: DENY
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: https://buy.hintbox.de
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
accept-ranges: bytes
x-robots-tag: noindex

GET
H2 200 98a5bf60-768.jpg
caritas.hintbox.at/api/data/public/settings/ 1 MB
1 MB 51ms
50ms Image
image/jpeg 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://caritas.hintbox.at/api/data/public/settings/98a5bf60-768.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

b122260f265022313bcba5db89713b9ff0f7b628cce68a71bc255225edf5e771

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-AT,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 1516473
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 02 Oct 2023 10:56:13 GMT
etag: "651aa1cd-1723b9"
x-frame-options: DENY
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: https://buy.hintbox.de
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
accept-ranges: bytes
x-robots-tag: noindex

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 33196a891125cafa0be3b0eb6ef2a07a9e3d1b969b3d097e76c3162a59827881

Request headers

accept-language: de-AT,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
caritas.hintbox.at/api/custom_content/ 2 B
788 B 177ms
176ms Fetch
application/json 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/api/custom_content/?key=frequentlyAskedQuestions&fields=state

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/js/main.3488cf38.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
sentry-trace: 72ab3e406dc84f3b923a3de28e4ba5e6-84345767f85da195-0

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
allow: GET, POST, HEAD, OPTIONS
content-type: application/json
vary: Origin
access-control-allow-origin: https://buy.hintbox.de
access-control-allow-methods: GET
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
content-length: 2
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
caritas.hintbox.at/api/custom_content/applicationTitle/ 3 KB
4 KB 174ms
174ms Fetch
application/json 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/api/custom_content/applicationTitle/

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/js/main.3488cf38.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

594ecad170e67b27b0381aade3db8c427dbee45b478d1b6da60b695e2d893b53

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
sentry-trace: 72ab3e406dc84f3b923a3de28e4ba5e6-bf0dd11b0ef35f30-0

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
content-type: application/json
vary: Origin
access-control-allow-origin: https://buy.hintbox.de
access-control-allow-methods: GET
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
content-length: 3478
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
caritas.hintbox.at/api/custom_content/legalClarification/ 113 KB
114 KB 178ms
178ms Fetch
application/json 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/api/custom_content/legalClarification/

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/js/main.3488cf38.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

e24ee94f3a3719863228670000e71ff960abb3f3516affa08ee506c3bacdddca

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
sentry-trace: 72ab3e406dc84f3b923a3de28e4ba5e6-9f003d8e0846f9f4-0

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
content-type: application/json
vary: Origin
access-control-allow-origin: https://buy.hintbox.de
access-control-allow-methods: GET
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
content-length: 115685
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
caritas.hintbox.at/api/custom_content/footer/ 6 KB
7 KB 171ms
171ms Fetch
application/json 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/api/custom_content/footer/

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/js/main.3488cf38.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

6950a21de62ba11ed49013a5554eaa6c1a91d0ad71a751d9f3d7c36272a7e9c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
sentry-trace: 72ab3e406dc84f3b923a3de28e4ba5e6-915244cd18bb7068-0

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
content-type: application/json
vary: Origin
access-control-allow-origin: https://buy.hintbox.de
access-control-allow-methods: GET
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
content-length: 6270
x-xss-protection: 1; mode=block

GET
H2 200 nunito-v20-latin-700.5205e9be0f8bded7ec75.woff2
caritas.hintbox.at/static/media/ 14 KB
14 KB 36ms
35ms Font
font/woff2 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/static/media/nunito-v20-latin-700.5205e9be0f8bded7ec75.woff2

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/css/main.b373442d.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

3f25db091965438aa936435aacdcc436eeeff7029b9b5efc3fab3d2c5479b36c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://caritas.hintbox.at
accept-language: de-AT,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 11:28:45 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 13912
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 11 Jan 2024 18:01:59 GMT
etag: "65a02d17-3658"
x-frame-options: DENY
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: https://buy.hintbox.de
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
accept-ranges: bytes
x-robots-tag: noindex

GET
H2 200 / Show response
caritas.hintbox.at/api/custom_content/footer/ 6 KB
7 KB 67ms
66ms Fetch
application/json 49.12.22.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://caritas.hintbox.at/api/custom_content/footer/

Requested by

Host: caritas.hintbox.at
URL: https://caritas.hintbox.at/static/js/main.3488cf38.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

49.12.22.242 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.242.22.12.49.clients.your-server.de

Software

Resource Hash

6950a21de62ba11ed49013a5554eaa6c1a91d0ad71a751d9f3d7c36272a7e9c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-AT,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 11:28:46 GMT
content-security-policy: default-src 'self' *.hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: *.hintbox.at;
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
content-type: application/json
vary: Origin
access-control-allow-origin: https://buy.hintbox.de
access-control-allow-methods: GET
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=()
x-robots-tag: noindex
content-length: 6270
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	error	URL: https://caritas.hintbox.at/static/js/main.3488cf38.js(Line 1) Message: Refused to connect to 'https://sentry.hintbox.de/api/2/envelope/?sentry_key=2bf92c53b45147b289cba2eb45f7e6c9&sentry_version=7' because it violates the following Content Security Policy directive: "connect-src 'self' data: *.hintbox.at".
javascript	error	URL: https://caritas.hintbox.at/static/js/main.3488cf38.js(Line 1) Message: Refused to connect to 'https://sentry.hintbox.de/api/2/envelope/?sentry_key=2bf92c53b45147b289cba2eb45f7e6c9&sentry_version=7' because it violates the document's Content Security Policy.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' .hintbox.at blob:;script-src 'self' ;img-src https://buy-master.hintbox.de https://buy-staging.hintbox.de https://buy-develop.hintbox.de https://buy-demo.hintbox.de https://buy.hintbox.de 'self' data: blob:;font-src 'self';style-src 'self' 'unsafe-inline';object-src 'none';connect-src 'self' data: .hintbox.at;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

caritas.hintbox.at
49.12.22.242
0643b07a3afda714d6e7b7d69602c6a748067092a69d4acc6a5506a1acee7ed5
0c40aa9377bea4937a7b5caa1675f30dba049d59d35b2c3d5214674edb8af1a3
33196a891125cafa0be3b0eb6ef2a07a9e3d1b969b3d097e76c3162a59827881
3452937303db3b40b50e83781cef9097dea82fc4bfd776e7e7d309684b7f6263
3f25db091965438aa936435aacdcc436eeeff7029b9b5efc3fab3d2c5479b36c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
594ecad170e67b27b0381aade3db8c427dbee45b478d1b6da60b695e2d893b53
65656b69dbfcfc383645899d2872a53e9ea3c4109345d2028ad6e18a3109e657
6950a21de62ba11ed49013a5554eaa6c1a91d0ad71a751d9f3d7c36272a7e9c4
6a02d3727e413444e42deae0027083dcf4da6cda326e92b7d5896b7cf61e06b6
6a2fe18c5f90547d45614b0534bb905fd041350a4c51933c91f7c0f0811fabe8
6af42d4eb69469b4fef51fc7783f7d0c603fda832fbe570346a94b3ceaa2157d
6de03bd2524d085a2b36ab7740e01661bce5674ecddfd2f26827bd6c37ffe77c
73d443808529b96c21c0e7e9954aed983c63eea02fd60cfffd81d64ee681fad5
a7912032881e416c7c15b087dc18ca516c4d179bc15411313d8d33087700a3df
b122260f265022313bcba5db89713b9ff0f7b628cce68a71bc255225edf5e771
be6c29d07271c25f676a030286c3f9179388f1b70ebbe5d368615d6a1038494d
cb8dfe31c1772278d6e6c6237aa0bdf1d686bf1464cc3c40ed925c6193ec62f1
e24ee94f3a3719863228670000e71ff960abb3f3516affa08ee506c3bacdddca

caritas.hintbox.at Open in urlscan Pro 49.12.22.242 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

7870 kBTransfer

21941 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

0 Cookies

4 Console Messages

Security Headers

Indicators

caritas.hintbox.at Open in urlscan Pro
49.12.22.242 Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

7870 kB
Transfer

21941 kB
Size

0
Cookies

19 HTTP transactions
1 data transactions