discourse.festnoz.de Open in urlscan Pro
2a01:4f8:c0c:1eb0::1  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response discourse.festnoz.de/	17 KB 4 KB	126ms 70ms	Document text/html	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Flarum Resource Hash bcd44070101ee4d1152f7799c63cf62e8a1d32c86ec6bcd5feaf06f549bc93f9 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; content-type text/html; charset=utf-8 date Sat, 10 Feb 2024 05:26:25 GMT permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() referrer-policy same-origin server nginx strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding x-content-type-options nosniff x-csrf-token cDEdszjDI3AomqJlDJw2krKdQ9Ci1IpZh8ueJvSN x-download-options noopen x-frame-options SAMEORIGIN x-permitted-cross-domain-policies none x-powered-by Flarum x-sso-wat You've just been SSOed x-xss-protection 1; mode=block
GET H2	200	forum.css discourse.festnoz.de/assets/	170 KB 35 KB	25ms 24ms	Stylesheet text/css	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/assets/forum.css?v=8e641fc2 Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash d4dc3edca5d17d4cf93cb1b98fa5d814aab8ff330ba876b94b7869f43b2116fd Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://discourse.festnoz.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Sat, 10 Feb 2024 05:26:25 GMT content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip x-permitted-cross-domain-policies none x-xss-protection 1; mode=block last-modified Mon, 25 Sep 2023 13:31:18 GMT server nginx etag W/"65118ba6-2a83b" x-download-options noopen vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css cache-control max-age=31536000 permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() x-sso-wat You've just been SSOed
GET H2	200	forum.js Show response discourse.festnoz.de/assets/	772 KB 226 KB	37ms 36ms	Script application/javascript	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/assets/forum.js?v=b591af2f Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash b2653bfd2f8c276c786ef26c595d0a2d7ef16e6e5111c634a05a94461b000f00 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://discourse.festnoz.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Sat, 10 Feb 2024 05:26:25 GMT content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip x-permitted-cross-domain-policies none x-xss-protection 1; mode=block last-modified Mon, 25 Sep 2023 13:31:17 GMT server nginx etag W/"65118ba5-c0fa1" x-download-options noopen vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript cache-control max-age=31536000 permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() x-sso-wat You've just been SSOed
GET H2	200	forum-de.js Show response discourse.festnoz.de/assets/	38 KB 9 KB	37ms 37ms	Script application/javascript	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/assets/forum-de.js?v=09e0e5f7 Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash a9d9f1954629e26a6ec6b538103c1fc07a268d60162d9b5c08e551bc97314db4 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://discourse.festnoz.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Sat, 10 Feb 2024 05:26:25 GMT content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip x-permitted-cross-domain-policies none x-xss-protection 1; mode=block last-modified Mon, 25 Sep 2023 13:31:17 GMT server nginx etag W/"65118ba5-9968" x-download-options noopen vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript cache-control max-age=31536000 permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() x-sso-wat You've just been SSOed
GET H2	200	fa-solid-900.woff2 discourse.festnoz.de/assets/fonts/	76 KB 77 KB	38ms 37ms	Font application/octet-stream	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/assets/fonts/fa-solid-900.woff2 Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash 9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://discourse.festnoz.de/ Origin https://discourse.festnoz.de accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Sat, 10 Feb 2024 05:26:25 GMT content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload x-permitted-cross-domain-policies none content-length 78268 x-xss-protection 1; mode=block last-modified Thu, 14 Sep 2023 09:04:02 GMT server nginx etag "6502cc82-131bc" x-download-options noopen x-frame-options SAMEORIGIN content-type application/octet-stream cache-control max-age=2592000 permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() x-sso-wat You've just been SSOed accept-ranges bytes
GET H2	200	fa-regular-400.woff2 discourse.festnoz.de/assets/fonts/	13 KB 14 KB	38ms 37ms	Font application/octet-stream	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/assets/fonts/fa-regular-400.woff2 Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://discourse.festnoz.de/ Origin https://discourse.festnoz.de accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Sat, 10 Feb 2024 05:26:25 GMT content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload x-permitted-cross-domain-policies none content-length 13224 x-xss-protection 1; mode=block last-modified Thu, 14 Sep 2023 09:04:02 GMT server nginx etag "6502cc82-33a8" x-download-options noopen x-frame-options SAMEORIGIN content-type application/octet-stream cache-control max-age=2592000 permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() x-sso-wat You've just been SSOed accept-ranges bytes
GET H2	200	logo-sugqatdz.png discourse.festnoz.de/assets/	3 KB 4 KB	38ms 38ms	Image image/png	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://discourse.festnoz.de/assets/logo-sugqatdz.png Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash 93adae1b83acd996686646384ea1ab8ab20c0d1cd1c4530a0abb8c61d1ad9f69 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://discourse.festnoz.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Sat, 10 Feb 2024 05:26:25 GMT content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload x-permitted-cross-domain-policies none content-length 3525 x-xss-protection 1; mode=block last-modified Thu, 21 Sep 2023 05:41:58 GMT server nginx etag "650bd7a6-dc5" x-download-options noopen x-frame-options SAMEORIGIN content-type image/png cache-control max-age=2592000 permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() x-sso-wat You've just been SSOed accept-ranges bytes
GET H2	200	discussions Show response discourse.festnoz.de/api/	76 KB 77 KB	59ms 59ms	XHR application/vnd.api+json	2a01:4f8:c0c:1eb0::1 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://discourse.festnoz.de/api/discussions?sort=-commentCount&page%5Blimit%5D=3&include=firstPost%2Cuser%2Ctags Requested by Host: discourse.festnoz.de URL: https://discourse.festnoz.de/assets/forum.js?v=b591af2f Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:c0c:1eb0::1 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash 33b16da1a8368a86cf8048a990baa85f01fb82c583124b2f4eb13e158836c758 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://discourse.festnoz.de/ X-CSRF-Token cDEdszjDI3AomqJlDJw2krKdQ9Ci1IpZh8ueJvSN accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Sat, 10 Feb 2024 05:26:26 GMT content-security-policy upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload x-csrf-token cDEdszjDI3AomqJlDJw2krKdQ9Ci1IpZh8ueJvSN server nginx x-permitted-cross-domain-policies none x-download-options noopen x-frame-options SAMEORIGIN content-type application/vnd.api+json permissions-policy fullscreen=(), geolocation=(), payment=(), accelerometer=(), battery=(), magnetometer=(), usb=(), interest-cohort=() x-sso-wat You've just been SSOed x-xss-protection 1; mode=block

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| flarum object| module function| $ function| jQuery function| m function| dayjs object| punycode function| ColorThief object| regeneratorRuntime object| app object| s9e undefined| error

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			discourse.festnoz.de/	1970-01-20 18:19:09	Name: flarum_session Value: i0Yda1l2q4fY8xzDnQywP856gIHH50Iw1ijmXfRR

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

discourse.festnoz.de
2a01:4f8:c0c:1eb0::1
33b16da1a8368a86cf8048a990baa85f01fb82c583124b2f4eb13e158836c758
93adae1b83acd996686646384ea1ab8ab20c0d1cd1c4530a0abb8c61d1ad9f69
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
a9d9f1954629e26a6ec6b538103c1fc07a268d60162d9b5c08e551bc97314db4
b2653bfd2f8c276c786ef26c595d0a2d7ef16e6e5111c634a05a94461b000f00
bcd44070101ee4d1152f7799c63cf62e8a1d32c86ec6bcd5feaf06f549bc93f9
d4dc3edca5d17d4cf93cb1b98fa5d814aab8ff330ba876b94b7869f43b2116fd
e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca