test.hallo.strix-clients.net Open in urlscan Pro
2a01:4f8:271:28a8::2  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response test.hallo.strix-clients.net/	148 KB 12 KB	189ms 64ms	Document text/html	2a01:4f8:271:28a8::2 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://test.hallo.strix-clients.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:271:28a8::2 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash 11fb485d213be80ab6a8a5abf5fa39f4cbf27c2bdd032ac3ff9ec997091e6983 Security Headers Name Value Content-Security-Policy default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src data: blob:; frame-ancestors *; form-action *; base-uri *; manifest-src *; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block; Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache, private content-encoding br content-security-policy default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src data: blob:; frame-ancestors *; form-action *; base-uri *; manifest-src *; content-type text/html; charset=UTF-8 date Mon, 29 Jan 2024 11:28:11 GMT expect-ct max-age=0 expires Mon, 29 Jan 2024 11:28:11 GMT feature-policy autoplay 'self'; referrer-policy strict-origin-when-cross-origin no-referrer-when-downgrade server nginx strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding x-content-type-options nosniff x-environment Hipex/3 main x-frame-options deny x-xss-protection 1; mode=block;
GET H2	200	all.css test.hallo.strix-clients.net/theme/e80d3d11f82653139bec9bdf3d5d8bda/css/	378 KB 46 KB	38ms 33ms	Stylesheet text/css	2a01:4f8:271:28a8::2 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://test.hallo.strix-clients.net/theme/e80d3d11f82653139bec9bdf3d5d8bda/css/all.css?1706015792 Requested by Host: test.hallo.strix-clients.net URL: https://test.hallo.strix-clients.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:271:28a8::2 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash 0038fb0349b23a300e3842b91bf7fd150ddb22ed76a7a0342eb9a3802ed5d79f Request headers accept-language de-DE,de;q=0.9 Referer https://test.hallo.strix-clients.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 11:28:11 GMT content-encoding br last-modified Tue, 23 Jan 2024 13:16:32 GMT server nginx etag W/"65afbc30-5e7d6" vary Accept-Encoding content-type text/css cache-control max-age=604800, public expires Mon, 05 Feb 2024 11:28:11 GMT
GET H2	200	all.js Show response test.hallo.strix-clients.net/theme/e80d3d11f82653139bec9bdf3d5d8bda/js/	625 KB 159 KB	63ms 57ms	Script application/x-javascript	2a01:4f8:271:28a8::2 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://test.hallo.strix-clients.net/theme/e80d3d11f82653139bec9bdf3d5d8bda/js/all.js?1706015792 Requested by Host: test.hallo.strix-clients.net URL: https://test.hallo.strix-clients.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:271:28a8::2 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash 88975949c73c507b6204fb537b64d7cb8d99b9973e04eb2f998f81a6c073bc9a Request headers accept-language de-DE,de;q=0.9 Referer https://test.hallo.strix-clients.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 11:28:11 GMT content-encoding br last-modified Tue, 23 Jan 2024 13:16:32 GMT server nginx etag W/"65afbc30-9c366" vary Accept-Encoding content-type application/x-javascript cache-control max-age=604800, public expires Mon, 05 Feb 2024 11:28:11 GMT
GET H2	404	demostore-logo.png test.hallo.strix-clients.net/media/1f/cf/df/1706013260/	548 B 548 B	62ms 57ms	Image text/html	2a01:4f8:271:28a8::2 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://test.hallo.strix-clients.net/media/1f/cf/df/1706013260/demostore-logo.png Requested by Host: test.hallo.strix-clients.net URL: https://test.hallo.strix-clients.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:271:28a8::2 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090 Request headers accept-language de-DE,de;q=0.9 Referer https://test.hallo.strix-clients.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 11:28:11 GMT content-encoding br server nginx vary Accept-Encoding content-type text/html
GET DATA	200 OK	truncated /	183 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d2a55fea8291fb7ef57424007d15efa2653f0ea504b05e0b0ac3b34a17d1e404 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	Inter-Variable-Roman-Latin.woff2 test.hallo.strix-clients.net/theme/018d36507d2b71c49458c417fa76e08c/assets/font/	32 KB 33 KB	27ms 24ms	Font font/woff2	2a01:4f8:271:28a8::2 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://test.hallo.strix-clients.net/theme/018d36507d2b71c49458c417fa76e08c/assets/font/Inter-Variable-Roman-Latin.woff2 Requested by Host: test.hallo.strix-clients.net URL: https://test.hallo.strix-clients.net/theme/e80d3d11f82653139bec9bdf3d5d8bda/css/all.css?1706015792 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:271:28a8::2 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash fc8490c5c909d250c55bd9f238ad883fc0d1bb67ad13e31eef30ef25636f8350 Security Headers Name Value Content-Security-Policy default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src data: blob:; frame-ancestors *; form-action *; base-uri *; manifest-src *; X-Xss-Protection 1; mode=block; Request headers Referer https://test.hallo.strix-clients.net/theme/e80d3d11f82653139bec9bdf3d5d8bda/css/all.css?1706015792 Origin https://test.hallo.strix-clients.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 11:28:11 GMT content-security-policy default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src data: blob:; frame-ancestors *; form-action *; base-uri *; manifest-src *; referrer-policy no-referrer-when-downgrade last-modified Tue, 23 Jan 2024 13:16:32 GMT server nginx x-environment Hipex/3 general etag W/"65afbc30-80a0" expect-ct max-age=0 vary Accept-Encoding content-type font/woff2 content-encoding br feature-policy autoplay 'self'; x-xss-protection 1; mode=block;
GET H2	204	info Show response test.hallo.strix-clients.net/widgets/checkout/	0 837 B	39ms 39ms	XHR text/plain	2a01:4f8:271:28a8::2 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://test.hallo.strix-clients.net/widgets/checkout/info Requested by Host: test.hallo.strix-clients.net URL: https://test.hallo.strix-clients.net/theme/e80d3d11f82653139bec9bdf3d5d8bda/js/all.js?1706015792 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a01:4f8:271:28a8::2 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src data: blob:; frame-ancestors *; form-action *; base-uri *; manifest-src *; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block; Request headers Referer https://test.hallo.strix-clients.net/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-type application/json Response headers date Mon, 29 Jan 2024 11:28:11 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff referrer-policy strict-origin-when-cross-origin, no-referrer-when-downgrade server nginx content-security-policy default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src data: blob:; frame-ancestors *; form-action *; base-uri *; manifest-src *; x-environment Hipex/3 main expect-ct max-age=0 x-frame-options deny cache-control no-cache, private feature-policy autoplay 'self'; x-xss-protection 1; mode=block; expires Mon, 29 Jan 2024 11:28:11 GMT

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| features boolean| useDefaultCookieConsent string| activeNavigationId object| router string| salesChannelId object| breakpoints string| themeAssetsPublicPath object| webpackChunk function| clearImmediate function| setImmediate number| uidEvent function| PluginConfigManager function| PluginManager function| PluginBaseClass function| Hammer function| flatpickr object| eventEmitter object| bootstrap function| Feature

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			test.hallo.strix-clients.net/	1969-12-31 23:59:59	Name: session- Value: 39dab7bad1e65517bfb5c9799e459567
			test.hallo.strix-clients.net/	1970-01-20 18:45:19	Name: timezone Value: Europe/Berlin

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://test.hallo.strix-clients.net/ Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
network	error	URL: https://test.hallo.strix-clients.net/media/1f/cf/df/1706013260/demostore-logo.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src data: blob:; frame-ancestors *; form-action *; base-uri *; manifest-src *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

test.hallo.strix-clients.net
2a01:4f8:271:28a8::2
0038fb0349b23a300e3842b91bf7fd150ddb22ed76a7a0342eb9a3802ed5d79f
11fb485d213be80ab6a8a5abf5fa39f4cbf27c2bdd032ac3ff9ec997091e6983
88975949c73c507b6204fb537b64d7cb8d99b9973e04eb2f998f81a6c073bc9a
d2a55fea8291fb7ef57424007d15efa2653f0ea504b05e0b0ac3b34a17d1e404
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc8490c5c909d250c55bd9f238ad883fc0d1bb67ad13e31eef30ef25636f8350