urlscan.io logo urlscan.io
SecurityTrails logo

pauline-lotta.de Open in urlscan Pro
2a01:238:20a:202:1163::  Public Scan

Go To Rescan Add Verdict Report
URL: https://pauline-lotta.de/
Submission Tags: @phishunt_io
Submission: On July 13 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 8 domains to perform 18 HTTP transactions. The main IP is 2a01:238:20a:202:1163::, located in Germany and belongs to STRATO STRATO AG, DE. The main domain is pauline-lotta.de.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on July 13th 2022. Valid for: a year.
This is the only time pauline-lotta.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a01:238:20a:... 6724 (STRATO ST...)
5 144.76.198.40 24940 (HETZNER-AS)
5 18.66.107.112 16509 (AMAZON-02)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f12... 32934 (FACEBOOK)
1 151.101.130.137 54113 (FASTLY)
1 162.247.241.14 23467 (NEWRELIC-...)
18 8
1    2a01:238:20a:202:1163:: (Germany)

ASN6724 (STRATO STRATO AG, DE)
pauline-lotta.de
5    144.76.198.40 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: salon.io
salon.io
5    18.66.107.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-107-112.fra56.r.cloudfront.net
d1vq4hxutb7n2b.cloudfront.net
2    2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.google-analytics.com
2    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    151.101.130.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    162.247.241.14 (Portland, United States)

ASN23467 (NEWRELIC-AS-1, US)
bam.nr-data.net
Apex Domain
Subdomains		 Transfer
5 cloudfront.net
d1vq4hxutb7n2b.cloudfront.net
4 MB
5 salon.io
salon.io
3 MB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 96
388 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 164
110 KB
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 305
716 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 477
14 KB
1 google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 411
17 KB
1 pauline-lotta.de
pauline-lotta.de
614 B
18 8
Domain Requested by
5 d1vq4hxutb7n2b.cloudfront.net salon.io
d1vq4hxutb7n2b.cloudfront.net
5 salon.io pauline-lotta.de
salon.io
d1vq4hxutb7n2b.cloudfront.net
2 www.facebook.com salon.io
2 connect.facebook.net salon.io
connect.facebook.net
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com salon.io
1 ssl.google-analytics.com salon.io
1 pauline-lotta.de
18 8

This site contains no links.

Subject Issuer Validity Valid
www.pauline-lotta.de
Encryption Everywhere DV TLS CA - G1		 2022-07-13 -
2023-07-26		 a year crt.sh
*.salon.io
Thawte RSA CA 2018		 2022-06-21 -
2023-06-21		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-04-21 -
2022-07-20		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-06-27 -
2022-09-19		 3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-07-10 -
2023-08-11		 a year crt.sh
*.nr-data.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-10 -
2023-02-10		 a year crt.sh

This page contains 2 frames:

Primary Page: https://pauline-lotta.de/
Frame ID: FA15EE44C372B30808DE8FE7A478D2ED
Requests: 1 HTTP requests in this frame

Frame: https://salon.io/paulinelotta
Frame ID: 1C768ECAD8058F50F4B3D544FA5E34D1
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

https://pauline-lotta.de/

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

18
Requests

100 %
HTTPS

50 %
IPv6

8
Domains

8
Subdomains

8
IPs

2
Countries

7149 kB
Transfer

7491 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pauline-lotta.de/ 		535 B
614 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pauline-lotta.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:238:20a:202:1163:: , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS
Software
Apache/2.4.54 (Unix) /
Resource Hash
271f10d725b2ea7056f2f7088139d2c3ed05d4e836142477c0deb62e95db2418

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-type
text/html
date
Wed, 13 Jul 2022 13:10:57 GMT
server
Apache/2.4.54 (Unix)
paulinelotta
salon.io/ Frame 1C76 		28 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://salon.io/paulinelotta
Requested by
Host: pauline-lotta.de
URL: https://pauline-lotta.de/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
144.76.198.40 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
salon.io
Software
nginx/1.6.3 + Phusion Passenger 5.0.6 / Phusion Passenger 5.0.6
Resource Hash
7a262d78713f9f3d8b3f14a58c74b581b30fecc8997611e8e3224b567cfedca8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload

Request headers

Referer
https://pauline-lotta.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Server
nginx/1.6.3 + Phusion Passenger 5.0.6
Status
200 OK
Strict-Transport-Security
max-age=63072000; preload
Transfer-Encoding
chunked
X-Powered-By
Phusion Passenger 5.0.6
cache-control
max-age=0, private, must-revalidate
date
Wed, 13 Jul 2022 13:10:59 GMT
x-rack-cache
miss
x-request-id
3dd94eda1b6fe18e11217c29dc0e8c1b
x-runtime
1.382442
x-ua-compatible
IE=Edge,chrome=1
frontend-5c76db9b40aa90473d2fd87196d7dda0.css
d1vq4hxutb7n2b.cloudfront.net/assets/ Frame 1C76 		214 KB
215 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d1vq4hxutb7n2b.cloudfront.net/assets/frontend-5c76db9b40aa90473d2fd87196d7dda0.css
Requested by
Host: salon.io
URL: https://salon.io/paulinelotta
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.107.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-107-112.fra56.r.cloudfront.net
Software
nginx/1.6.3 /
Resource Hash
3f33d2db8b7b40a3c5af2cde3eb97d5d498b5b18bee40d9b53f364a5db747d5a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 19 Oct 2021 18:40:59 GMT
Via
1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
Age
23049000
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
219606
Last-Modified
Wed, 31 Aug 2016 11:04:09 GMT
Server
nginx/1.6.3
ETag
"57c6b9a9-359d6"
Strict-Transport-Security
max-age=63072000; preload
Content-Type
text/css
Cache-Control
max-age=315360000
X-Amz-Cf-Pop
FRA56-P5
Accept-Ranges
bytes
X-Amz-Cf-Id
Oe2Tlrw32ADU7iEiuZnTxDDmJiFAskueHxFDgSc01dIcdobuTsl-og==
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor-8fdf96bcea3a52dd9c5aeb4862bcebb1.css
d1vq4hxutb7n2b.cloudfront.net/assets/ Frame 1C76 		26 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d1vq4hxutb7n2b.cloudfront.net/assets/vendor-8fdf96bcea3a52dd9c5aeb4862bcebb1.css
Requested by
Host: salon.io
URL: https://salon.io/paulinelotta
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.107.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-107-112.fra56.r.cloudfront.net
Software
nginx/1.6.3 /
Resource Hash
f38991e1a727cb5b4b3f9c2858eaeb920aa6102457386b7f86fd791029667f52
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 20 Oct 2021 16:16:31 GMT
Via
1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
Age
22971268
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
27104
Last-Modified
Mon, 30 May 2016 07:35:13 GMT
Server
nginx/1.6.3
ETag
"574bed31-69e0"
Strict-Transport-Security
max-age=63072000; preload
Content-Type
text/css
Cache-Control
max-age=315360000
X-Amz-Cf-Pop
FRA56-P5
Accept-Ranges
bytes
X-Amz-Cf-Id
_cjAgiICyy2cev9b49IXcMv8PX7fg2nKpoquYfoFNkkWsJqbFfNjPg==
Expires
Thu, 31 Dec 2037 23:55:55 GMT
salon-legacy-aa994ac131ee2eae352be77c98ea529a.css
d1vq4hxutb7n2b.cloudfront.net/assets/ Frame 1C76 		8 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d1vq4hxutb7n2b.cloudfront.net/assets/salon-legacy-aa994ac131ee2eae352be77c98ea529a.css
Requested by
Host: salon.io
URL: https://salon.io/paulinelotta
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.107.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-107-112.fra56.r.cloudfront.net
Software
nginx/1.6.3 /
Resource Hash
d4d92f1d0f1ef8156a0c29cecb7c378c874bf3779654781897f1c62033c46ac3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Sun, 10 Apr 2022 02:28:44 GMT
Via
1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
Age
8160135
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
8433
Last-Modified
Mon, 21 Nov 2016 13:06:44 GMT
Server
nginx/1.6.3
ETag
"5832f164-20f1"
Strict-Transport-Security
max-age=63072000; preload
Content-Type
text/css
Cache-Control
max-age=315360000
X-Amz-Cf-Pop
FRA56-P5
Accept-Ranges
bytes
X-Amz-Cf-Id
ehSr3xtz6lAu3eD5UgoknxBbBEQOjXu7TZNB1TKmAr4hWhVKUD9fJA==
Expires
Thu, 31 Dec 2037 23:55:55 GMT
new-frontend-ba0a6d1f11172527351c367c0ecc82d5.js
d1vq4hxutb7n2b.cloudfront.net/assets/ Frame 1C76 		3 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://d1vq4hxutb7n2b.cloudfront.net/assets/new-frontend-ba0a6d1f11172527351c367c0ecc82d5.js
Requested by
Host: salon.io
URL: https://salon.io/paulinelotta
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.107.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-107-112.fra56.r.cloudfront.net
Software
nginx/1.6.3 /
Resource Hash
5d35ff693ecf4b38dfd99a78fcb8b776c563a47f04479298c97f1b6f06585d6e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 09:07:41 GMT
Via
1.1 07a6f7d6fd9710cbcfc60fa67d44f04e.cloudfront.net (CloudFront)
Age
23428998
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
3668394
Last-Modified
Wed, 29 Mar 2017 08:58:54 GMT
Server
nginx/1.6.3
ETag
"58db774e-37f9aa"
Strict-Transport-Security
max-age=63072000; preload
Content-Type
application/javascript
Cache-Control
max-age=315360000
X-Amz-Cf-Pop
FRA56-P5
Accept-Ranges
bytes
X-Amz-Cf-Id
ypSu_zAZ3M8B-vV7D_98Vf7w9IrlJIIN6UAOPPVcPieTQt87sBMmfw==
Expires
Thu, 31 Dec 2037 23:55:55 GMT
logo_drop_h1_006.png
salon.io/images/drops/ Frame 1C76 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://salon.io/images/drops/logo_drop_h1_006.png
Requested by
Host: salon.io
URL: https://salon.io/paulinelotta
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
144.76.198.40 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
salon.io
Software
nginx/1.6.3 /
Resource Hash
9f03d05d63e730a62712315019a568255fb1bd98494b602b2ee2b104b9b6ca86
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/paulinelotta
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 13 Jul 2022 13:10:59 GMT
Last-Modified
Fri, 05 Dec 2014 14:58:43 GMT
Server
nginx/1.6.3
ETag
"5481c823-61a"
Strict-Transport-Security
max-age=63072000; preload
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1562
Expires
Thu, 31 Dec 2037 23:55:55 GMT
fbevents.js
connect.facebook.net/en_US/ Frame 1C76 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: salon.io
URL: https://salon.io/paulinelotta
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ea1dc07a8462adc1de680c13135b4e0365c1c6bb72ccce3f1899527618af0457
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
25940
x-xss-protection
0
pragma
public
x-fb-debug
lTaHXdTBCtAc4BQujyH7DoVmgpyT4JGe3o6FhVwuyiv0oaoKIApeqy2XSFshdh8O5CRLdCgHvePp2f1tGrf2PQ==
x-fb-trip-id
686109401
x-frame-options
DENY
date
Wed, 13 Jul 2022 13:11:00 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
ga.js
ssl.google-analytics.com/ Frame 1C76 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: salon.io
URL: https://salon.io/paulinelotta
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
4796
date
Wed, 13 Jul 2022 11:51:04 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Wed, 13 Jul 2022 13:51:04 GMT
video-lila_253.png
salon.io/system/files/620394/0a342b82f368002175/ Frame 1C76 		3 MB
3 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://salon.io/system/files/620394/0a342b82f368002175/video-lila_253.png
Requested by
Host: salon.io
URL: https://salon.io/paulinelotta
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
144.76.198.40 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
salon.io
Software
nginx/1.6.3 /
Resource Hash
7defaf6b26c3603013f15cadcd1199e2f7203ab95c976b0ff8491290c6fb95e3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/paulinelotta
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 13 Jul 2022 13:11:00 GMT
Last-Modified
Wed, 09 Feb 2022 10:14:34 GMT
Server
nginx/1.6.3
ETag
"6203940a-30e01e"
Strict-Transport-Security
max-age=63072000; preload
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3203102
Expires
Thu, 31 Dec 2037 23:55:55 GMT
style_159303.woff
d1vq4hxutb7n2b.cloudfront.net/fonts/museo_sans_500/webfonts/woff/ Frame 1C76 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://d1vq4hxutb7n2b.cloudfront.net/fonts/museo_sans_500/webfonts/woff/style_159303.woff
Requested by
Host: d1vq4hxutb7n2b.cloudfront.net
URL: https://d1vq4hxutb7n2b.cloudfront.net/assets/frontend-5c76db9b40aa90473d2fd87196d7dda0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.107.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-107-112.fra56.r.cloudfront.net
Software
nginx/1.6.3 /
Resource Hash
089015ac888979b40eba7406a7d538870ea8ef727c36b2e2254c34e0e838a249

Request headers

Referer
https://d1vq4hxutb7n2b.cloudfront.net/assets/frontend-5c76db9b40aa90473d2fd87196d7dda0.css
Origin
https://salon.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 13 Jul 2022 05:33:24 GMT
Via
1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
Last-Modified
Tue, 05 Nov 2013 17:24:16 GMT
Server
nginx/1.6.3
Age
27456
ETag
"527929c0-6007"
X-Cache
Hit from cloudfront
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Amz-Cf-Pop
FRA56-P5
Accept-Ranges
bytes
Content-Length
24583
X-Amz-Cf-Id
dHP23-rin5jLL6Vr3HQjpu_pQ7ksvUXV8Z72wCq7K6Pu_5RMUTo7_A==
paulinelotta.json
salon.io/users/by_name/ Frame 1C76 		4 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://salon.io/users/by_name/paulinelotta.json
Requested by
Host: d1vq4hxutb7n2b.cloudfront.net
URL: https://d1vq4hxutb7n2b.cloudfront.net/assets/new-frontend-ba0a6d1f11172527351c367c0ecc82d5.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
144.76.198.40 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
salon.io
Software
nginx/1.6.3 + Phusion Passenger 5.0.6 / Phusion Passenger 5.0.6
Resource Hash
fc4aaf585769f94a403fdd4794a4d4958a28eac6fb5c6f3ac95935ce5bc28acb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://salon.io/paulinelotta
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-runtime
0.057357
date
Wed, 13 Jul 2022 13:11:00 GMT
etag
"03ac08a6d071391e012f7c43bb5aca05"
x-rack-cache
miss
Server
nginx/1.6.3 + Phusion Passenger 5.0.6
X-Powered-By
Phusion Passenger 5.0.6
Strict-Transport-Security
max-age=63072000; preload
Content-Type
application/json; charset=utf-8
Status
200 OK
cache-control
max-age=0, private, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
x-request-id
66d7f0131aa06fe6e6abd45c5210c6bf
x-ua-compatible
IE=Edge,chrome=1
1041775635913276
connect.facebook.net/signals/config/ Frame 1C76 		291 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1041775635913276?v=2.9.64&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
008f2f5e3811d28b6813756181ce061af92a5534afab550d4d11b88e12eb7624
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
e/Es0Y5fZTrNfqypK2+vMyXwrxoULlYu7cDtyBHaoAJSz1VhPh+ET3LaQWPI32zJ6acIc4Ohy0NRHOG7YOyTaQ==
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 13 Jul 2022 13:11:00 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts
1657717860445
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
canvas_origin_marker_002.png
salon.io/images/canvas_origin/ Frame 1C76 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://salon.io/images/canvas_origin/canvas_origin_marker_002.png
Requested by
Host: salon.io
URL: https://salon.io/paulinelotta
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
144.76.198.40 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
salon.io
Software
nginx/1.6.3 /
Resource Hash
1486624591f9984ca6a005b7758c00311c79f149f2b4fad24b21b6a1af21dddf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/paulinelotta
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 13 Jul 2022 13:11:00 GMT
Last-Modified
Tue, 05 Nov 2013 17:24:16 GMT
Server
nginx/1.6.3
ETag
"527929c0-5e7"
Strict-Transport-Security
max-age=63072000; preload
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1511
Expires
Thu, 31 Dec 2037 23:55:55 GMT
/
www.facebook.com/tr/ Frame 1C76 		44 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1041775635913276&ev=PageView&dl=https%3A%2F%2Fsalon.io%2Fpaulinelotta&rl=https%3A%2F%2Fpauline-lotta.de%2F&if=true&ts=1657717860473&sw=1600&sh=1200&v=2.9.64&r=stable&ec=0&o=30&it=1657717860324&coo=false&exp=u0&rqm=GET
Requested by
Host: salon.io
URL: https://salon.io/paulinelotta
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 13 Jul 2022 13:11:00 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Wed, 13 Jul 2022 13:11:00 GMT
nr-1216.min.js
js-agent.newrelic.com/ Frame 1C76 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1216.min.js
Requested by
Host: salon.io
URL: https://salon.io/paulinelotta
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id
mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-encoding
gzip
etag
"9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-request-id
W2S5A87EG1C89ADE
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
14391
x-amz-id-2
c9P6myFxLLD3IyZ4P2Q59GznMAh/LL0NtRLP/qzmj57pyyLc8LBRAjUQIZZNiJ5WMagYxPOHvUs=
x-served-by
cache-hhn4035-HHN
last-modified
Thu, 14 Apr 2022 16:45:57 GMT
server
AmazonS3
x-timer
S1657717861.537883,VS0,VE0
date
Wed, 13 Jul 2022 13:11:00 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
10200
1b46c45da0
bam.nr-data.net/1/ Frame 1C76 		49 B
716 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/1b46c45da0?a=687921&v=1216.487a282&to=JwlXRBBaCA1VREsTRQEUSh8RXQsWb1QdOUMXA0teA1gB&rst=2625&ck=1&ref=https://salon.io/paulinelotta&ap=1382&be=1827&fe=2586&dc=2342&perf=%7B%22timing%22:%7B%22of%22:1657717857924,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:27,%22c%22:328,%22s%22:339,%22ce%22:408,%22rq%22:408,%22rp%22:1808,%22rpe%22:1819,%22dl%22:1811,%22di%22:2341,%22ds%22:2341,%22de%22:2388,%22dc%22:2586,%22l%22:2586,%22le%22:2586%7D,%22navigation%22:%7B%7D%7D&fp=2346&fcp=2346&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1216.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a83848cf5c3d96caefe490c19e41659609b3691dd4c531cf925016c084d8e1b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 13 Jul 2022 13:11:00 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
72a24314aca86907-FRA
/
www.facebook.com/tr/ Frame 1C76 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1041775635913276&ev=Microdata&dl=https%3A%2F%2Fsalon.io%2Fpaulinelotta&rl=https%3A%2F%2Fpauline-lotta.de%2F&if=true&ts=1657717860977&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Salon.io%20-%20paulinelotta%20-%20%22%2C%22meta%3Akeywords%22%3A%22Salon.io%2C%20images%2C%20presentation%2C%20photographers%2C%20artists%2C%20designers%2C%20art%22%2C%22meta%3Adescription%22%3A%22Salon.io%20is%20a%20web-based%20application%20made%20for%20photographers%2C%20designers%20and%20artists.%20It%20allows%20you%20to%20easily%20create%20beautiful%20websites%2C%20image%20galleries%20and%20portfolios%20without%20any%20coding%20knowledge%20using%20an%20entirely%20drag%20%26%20drop%20interface.%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Asite_name%22%3A%22salon.io%22%2C%22og%3Atitle%22%3A%22Pauline-Lotta%20Langmaack%22%2C%22og%3Aurl%22%3A%22http%3A%2F%2Fsalon.io%2Fpaulinelotta%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.64&r=stable&ec=1&o=30&it=1657717860324&coo=false&es=automatic&tm=3&exp=u0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://salon.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Wed, 13 Jul 2022 13:11:00 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Wed, 13 Jul 2022 13:11:00 GMT

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

1 Cookies

Domain/Path Name / Value
.nr-data.net/ Name: JSESSIONID
Value: ef44ec8ff824f89d

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.nr-data.net
connect.facebook.net
d1vq4hxutb7n2b.cloudfront.net
js-agent.newrelic.com
pauline-lotta.de
salon.io
ssl.google-analytics.com
www.facebook.com
144.76.198.40
151.101.130.137
162.247.241.14
18.66.107.112
2a00:1450:4001:80f::2008
2a01:238:20a:202:1163::
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
008f2f5e3811d28b6813756181ce061af92a5534afab550d4d11b88e12eb7624
089015ac888979b40eba7406a7d538870ea8ef727c36b2e2254c34e0e838a249
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1486624591f9984ca6a005b7758c00311c79f149f2b4fad24b21b6a1af21dddf
271f10d725b2ea7056f2f7088139d2c3ed05d4e836142477c0deb62e95db2418
3f33d2db8b7b40a3c5af2cde3eb97d5d498b5b18bee40d9b53f364a5db747d5a
5d35ff693ecf4b38dfd99a78fcb8b776c563a47f04479298c97f1b6f06585d6e
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
7a262d78713f9f3d8b3f14a58c74b581b30fecc8997611e8e3224b567cfedca8
7defaf6b26c3603013f15cadcd1199e2f7203ab95c976b0ff8491290c6fb95e3
9f03d05d63e730a62712315019a568255fb1bd98494b602b2ee2b104b9b6ca86
a83848cf5c3d96caefe490c19e41659609b3691dd4c531cf925016c084d8e1b0
d4d92f1d0f1ef8156a0c29cecb7c378c874bf3779654781897f1c62033c46ac3
ea1dc07a8462adc1de680c13135b4e0365c1c6bb72ccce3f1899527618af0457
f38991e1a727cb5b4b3f9c2858eaeb920aa6102457386b7f86fd791029667f52
fc4aaf585769f94a403fdd4794a4d4958a28eac6fb5c6f3ac95935ce5bc28acb