staging.heylogin.app Open in urlscan Pro
2a01:4f8:1c0c:82d4::1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.staging.heylogin.app/
Effective URL:
https://staging.heylogin.app/
Submission: On August 29 via automatic, source certstream-suspicious (August 29th 2021, 7:19:48 am UTC)

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 2a01:4f8:1c0c:82d4::1, located in Germany and belongs to HETZNER-AS, DE. The main domain is staging.heylogin.app.
TLS certificate: Issued by R3 on August 29th 2021. Valid for: 3 months.

This is the only time staging.heylogin.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 12	2a01:4f8:1c0c... 2a01:4f8:1c0c:82d4::1	24940 (HETZNER-AS) (HETZNER-AS)
1	116.203.17.3 116.203.17.3	24940 (HETZNER-AS) (HETZNER-AS)
12	2

12 2a01:4f8:1c0c:82d4::1 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

www.staging.heylogin.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
staging.heylogin.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 116.203.17.3 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.3.17.203.116.clients.your-server.de

sentry.heylogin.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	heylogin.app 1 redirects www.staging.heylogin.app staging.heylogin.app sentry.heylogin.app	646 KB
12	1

	Domain	Requested by
11	staging.heylogin.app	staging.heylogin.app
1	sentry.heylogin.app	staging.heylogin.app
1	www.staging.heylogin.app	1 redirects
12	3

This site contains no links.

Subject Issuer	Validity	Valid
staging.heylogin.app R3	`2021-08-29` - `2021-11-27`	3 months	crt.sh
sentry.heylogin.app R3	`2021-07-07` - `2021-10-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://staging.heylogin.app/
Frame ID: 0E1D47D4ED55D9CAF91FB6451955ECBE
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

heylogin

Page URL History Show full URLs

https://www.staging.heylogin.app/ HTTP 301
https://staging.heylogin.app/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

3
Subdomains

2
IPs

1
Countries

646 kB
Transfer

2164 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.staging.heylogin.app/ HTTP 301
https://staging.heylogin.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
staging.heylogin.app/
Redirect Chain

https://www.staging.heylogin.app/
https://staging.heylogin.app/

962 B
1 KB

4ms
4ms

Document
text/html

2a01:4f8:1c0c:82d4::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://staging.heylogin.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a01:4f8:1c0c:82d4::1 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.19.1 /

Resource Hash

cd17abcb52dd8e5e6cdc2d98bcd84e4f73b144c07d6a85d82ccd7164d4718d92

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:method: GET
:authority: staging.heylogin.app
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=300
content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
content-type: text/html
date: Sun, 29 Aug 2021 07:19:31 GMT
expires: Sun, 29 Aug 2021 07:24:31 GMT
last-modified: Fri, 27 Aug 2021 16:33:48 GMT
permissions-policy
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.19.1
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
content-length: 962

Redirect headers

location: https://staging.heylogin.app/
content-type: text/plain; charset=utf-8
content-length: 17
date: Sun, 29 Aug 2021 07:19:31 GMT

GET
H2 200 main.4448e22a.chunk.css
staging.heylogin.app/static/css/ 43 KB
14 KB 22ms
21ms Stylesheet
text/css 2a01:4f8:1c0c:82d4::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://staging.heylogin.app/static/css/main.4448e22a.chunk.css

Requested by

Host: staging.heylogin.app
URL: https://staging.heylogin.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a01:4f8:1c0c:82d4::1 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.19.1 /

Resource Hash

eccda7c94314c011c84ec8c00567351269a6cedc1670f3ed522ec04bf663f529

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /static/css/main.4448e22a.chunk.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: staging.heylogin.app
referer: https://staging.heylogin.app/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://staging.heylogin.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.19.1
date: Sun, 29 Aug 2021 07:19:31 GMT
x-frame-options: DENY
content-type: text/css
cache-control: public, max-age=31536000, immutable
permissions-policy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 runtime-main.dd00ee09.js Show response
staging.heylogin.app/static/js/ 4 KB
2 KB 6ms
6ms Script
application/javascript 2a01:4f8:1c0c:82d4::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://staging.heylogin.app/static/js/runtime-main.dd00ee09.js

Requested by

Host: staging.heylogin.app
URL: https://staging.heylogin.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a01:4f8:1c0c:82d4::1 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.19.1 /

Resource Hash

15ff550a94cd01ffec9751f28db00710fe00453788182f901ce713322ea3bc6a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /static/js/runtime-main.dd00ee09.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: staging.heylogin.app
referer: https://staging.heylogin.app/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://staging.heylogin.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.19.1
date: Sun, 29 Aug 2021 07:19:31 GMT
x-frame-options: DENY
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
permissions-policy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 5.e5497a6f.chunk.js Show response
staging.heylogin.app/static/js/ 1 MB
391 KB 25ms
24ms Script
application/javascript 2a01:4f8:1c0c:82d4::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://staging.heylogin.app/static/js/5.e5497a6f.chunk.js

Requested by

Host: staging.heylogin.app
URL: https://staging.heylogin.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a01:4f8:1c0c:82d4::1 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.19.1 /

Resource Hash

0d9bdc7c850e39a953dddde47993a9a62c3f00dbf8eb3a2d02f3cadd9ead6929

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /static/js/5.e5497a6f.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: staging.heylogin.app
referer: https://staging.heylogin.app/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://staging.heylogin.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.19.1
date: Sun, 29 Aug 2021 07:19:31 GMT
x-frame-options: DENY
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
permissions-policy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 main.40322dfa.chunk.js Show response
staging.heylogin.app/static/js/ 680 KB
145 KB 7ms
7ms Script
application/javascript 2a01:4f8:1c0c:82d4::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://staging.heylogin.app/static/js/main.40322dfa.chunk.js

Requested by

Host: staging.heylogin.app
URL: https://staging.heylogin.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a01:4f8:1c0c:82d4::1 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.19.1 /

Resource Hash

34116aa1f24581a2669a48e17801adaa2a5dd04d687564b3d905bb8661c293c3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /static/js/main.40322dfa.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: staging.heylogin.app
referer: https://staging.heylogin.app/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://staging.heylogin.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.19.1
date: Sun, 29 Aug 2021 07:19:31 GMT
x-frame-options: DENY
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
permissions-policy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 22.ec817b78.chunk.js Show response
staging.heylogin.app/static/js/ 32 KB
9 KB 6ms
5ms Script
application/javascript 2a01:4f8:1c0c:82d4::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://staging.heylogin.app/static/js/22.ec817b78.chunk.js

Requested by

Host: staging.heylogin.app
URL: https://staging.heylogin.app/static/js/runtime-main.dd00ee09.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a01:4f8:1c0c:82d4::1 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.19.1 /

Resource Hash

ef4abd9aa2e724fc17bf00736ea01f293f792f0674eda38b4530d2b7b000fe34

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /static/js/22.ec817b78.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: staging.heylogin.app
referer: https://staging.heylogin.app/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://staging.heylogin.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.19.1
date: Sun, 29 Aug 2021 07:19:31 GMT
x-frame-options: DENY
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
permissions-policy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 9.c28fb1d9.chunk.css
staging.heylogin.app/static/css/ 10 KB
3 KB 7ms
6ms Stylesheet
text/css 2a01:4f8:1c0c:82d4::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://staging.heylogin.app/static/css/9.c28fb1d9.chunk.css

Requested by

Host: staging.heylogin.app
URL: https://staging.heylogin.app/static/js/runtime-main.dd00ee09.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a01:4f8:1c0c:82d4::1 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.19.1 /

Resource Hash

a348598f3988aee591d730c4d8a469f727763895b484ceb29ed609ae1947d559

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /static/css/9.c28fb1d9.chunk.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: staging.heylogin.app
referer: https://staging.heylogin.app/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://staging.heylogin.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.19.1
date: Sun, 29 Aug 2021 07:19:31 GMT
x-frame-options: DENY
content-type: text/css
cache-control: public, max-age=31536000, immutable
permissions-policy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 9.2ae8dd67.chunk.js Show response
staging.heylogin.app/static/js/ 39 KB
14 KB 8ms
8ms Script
application/javascript 2a01:4f8:1c0c:82d4::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://staging.heylogin.app/static/js/9.2ae8dd67.chunk.js

Requested by

Host: staging.heylogin.app
URL: https://staging.heylogin.app/static/js/runtime-main.dd00ee09.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a01:4f8:1c0c:82d4::1 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.19.1 /

Resource Hash

f7cb20fa14288c9affb734b05dfdf427f1741989768ddc3fecd74abba78cea68

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /static/js/9.2ae8dd67.chunk.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: staging.heylogin.app
referer: https://staging.heylogin.app/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://staging.heylogin.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.19.1
date: Sun, 29 Aug 2021 07:19:31 GMT
x-frame-options: DENY
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
permissions-policy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff

POST
H2 200 / Show response
sentry.heylogin.app/api/5336737/store/ 41 B
208 B 104ms
24ms Fetch
application/json 116.203.17.3
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sentry.heylogin.app/api/5336737/store/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_version=7
Requested by: Host: staging.heylogin.app
URL: https://staging.heylogin.app/static/js/5.e5497a6f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 116.203.17.3 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.3.17.203.116.clients.your-server.de
Software: sentry-relay/21.5.1 /
Resource Hash: 0a0ff80c3a51fd3c0a6eb51036fd34f1905fd6c206be289b1332f845b46efc7a

Request headers

Referer: https://staging.heylogin.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://staging.heylogin.app
access-control-expose-headers: x-sentry-rate-limits, retry-after, x-sentry-error
server: sentry-relay/21.5.1
date: Sun, 29 Aug 2021 07:19:32 GMT
content-length: 41
vary: Origin
content-type: application/json

GET
H2 200 roboto-v20-latin-ext_latin-900.dd237707.dd237707.woff2
staging.heylogin.app/static/media/ 22 KB
22 KB 6ms
5ms Font
font/woff2 2a01:4f8:1c0c:82d4::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://staging.heylogin.app/static/media/roboto-v20-latin-ext_latin-900.dd237707.dd237707.woff2

Requested by

Host: staging.heylogin.app
URL: https://staging.heylogin.app/static/css/main.4448e22a.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a01:4f8:1c0c:82d4::1 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.19.1 /

Resource Hash

304c5ca9e5c60827c0d96a1c08ff3977ab346ecf4e9759c50c03ab62a0ecd3d5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /static/media/roboto-v20-latin-ext_latin-900.dd237707.dd237707.woff2
pragma: no-cache
origin: https://staging.heylogin.app
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: staging.heylogin.app
referer: https://staging.heylogin.app/static/css/main.4448e22a.chunk.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://staging.heylogin.app
Referer: https://staging.heylogin.app/static/css/main.4448e22a.chunk.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.19.1
date: Sun, 29 Aug 2021 07:19:31 GMT
x-frame-options: DENY
content-type: font/woff2
cache-control: public, max-age=31536000, immutable
permissions-policy
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 22608
x-content-type-options: nosniff

GET
H2 200 roboto-v20-latin-ext_latin-regular.5cb5c8f0.5cb5c8f0.woff2
staging.heylogin.app/static/media/ 22 KB
22 KB 5ms
5ms Font
font/woff2 2a01:4f8:1c0c:82d4::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://staging.heylogin.app/static/media/roboto-v20-latin-ext_latin-regular.5cb5c8f0.5cb5c8f0.woff2

Requested by

Host: staging.heylogin.app
URL: https://staging.heylogin.app/static/css/main.4448e22a.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a01:4f8:1c0c:82d4::1 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.19.1 /

Resource Hash

b86b128b0701a436d02aa06fb2027845a0e69e4bebdd22012c1e0578508e34d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /static/media/roboto-v20-latin-ext_latin-regular.5cb5c8f0.5cb5c8f0.woff2
pragma: no-cache
origin: https://staging.heylogin.app
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: staging.heylogin.app
referer: https://staging.heylogin.app/static/css/main.4448e22a.chunk.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://staging.heylogin.app
Referer: https://staging.heylogin.app/static/css/main.4448e22a.chunk.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.19.1
date: Sun, 29 Aug 2021 07:19:31 GMT
x-frame-options: DENY
content-type: font/woff2
cache-control: public, max-age=31536000, immutable
permissions-policy
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 22644
x-content-type-options: nosniff

GET
H2 200 roboto-v20-latin-ext_latin-500.0b457213.0b457213.woff2
staging.heylogin.app/static/media/ 22 KB
22 KB 7ms
7ms Font
font/woff2 2a01:4f8:1c0c:82d4::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://staging.heylogin.app/static/media/roboto-v20-latin-ext_latin-500.0b457213.0b457213.woff2

Requested by

Host: staging.heylogin.app
URL: https://staging.heylogin.app/static/css/main.4448e22a.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a01:4f8:1c0c:82d4::1 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.19.1 /

Resource Hash

fa074f87d637e60c5639e30dc8f11787bb2400bc759e56fa7ddae1c28bdb4278

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /static/media/roboto-v20-latin-ext_latin-500.0b457213.0b457213.woff2
pragma: no-cache
origin: https://staging.heylogin.app
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: staging.heylogin.app
referer: https://staging.heylogin.app/static/css/main.4448e22a.chunk.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://staging.heylogin.app
Referer: https://staging.heylogin.app/static/css/main.4448e22a.chunk.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.19.1
date: Sun, 29 Aug 2021 07:19:31 GMT
x-frame-options: DENY
content-type: font/woff2
cache-control: public, max-age=31536000, immutable
permissions-policy
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 22732
x-content-type-options: nosniff

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://staging.heylogin.app/static/js/5.e5497a6f.chunk.js(Line 2) Message: TypeError: Cannot set property 'showLoggedIn' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'none'; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://sentry.heylogin.app https://heylogin.de; report-uri https://sentry.heylogin.app/api/5336737/security/?sentry_key=810de5ea2a9d46eda69671169517cc3a&sentry_environment=csp-reports
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sentry.heylogin.app
staging.heylogin.app
www.staging.heylogin.app
116.203.17.3
2a01:4f8:1c0c:82d4::1
0a0ff80c3a51fd3c0a6eb51036fd34f1905fd6c206be289b1332f845b46efc7a
0d9bdc7c850e39a953dddde47993a9a62c3f00dbf8eb3a2d02f3cadd9ead6929
15ff550a94cd01ffec9751f28db00710fe00453788182f901ce713322ea3bc6a
304c5ca9e5c60827c0d96a1c08ff3977ab346ecf4e9759c50c03ab62a0ecd3d5
34116aa1f24581a2669a48e17801adaa2a5dd04d687564b3d905bb8661c293c3
a348598f3988aee591d730c4d8a469f727763895b484ceb29ed609ae1947d559
b86b128b0701a436d02aa06fb2027845a0e69e4bebdd22012c1e0578508e34d1
cd17abcb52dd8e5e6cdc2d98bcd84e4f73b144c07d6a85d82ccd7164d4718d92
eccda7c94314c011c84ec8c00567351269a6cedc1670f3ed522ec04bf663f529
ef4abd9aa2e724fc17bf00736ea01f293f792f0674eda38b4530d2b7b000fe34
f7cb20fa14288c9affb734b05dfdf427f1741989768ddc3fecd74abba78cea68
fa074f87d637e60c5639e30dc8f11787bb2400bc759e56fa7ddae1c28bdb4278

staging.heylogin.app Open in urlscan Pro 2a01:4f8:1c0c:82d4::1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

50 %IPv6

1 Domains

3 Subdomains

2 IPs

1 Countries

646 kBTransfer

2164 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

staging.heylogin.app Open in urlscan Pro
2a01:4f8:1c0c:82d4::1 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

3
Subdomains

2
IPs

1
Countries

646 kB
Transfer

2164 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions