LeakIX - Host heichal.net

Open service 35.92.202.168:80 · apps.heichal.net

2026-01-25 07:33

HTTP/1.1 308 Permanent Redirect
Date: Sun, 25 Jan 2026 07:33:27 GMT
Content-Type: text/html
Content-Length: 164
Connection: close
Location: https://apps.heichal.net

Page title: 308 Permanent Redirect

<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2026-01-25 by HttpPlugin

Create report

Open service 35.92.202.168:443 · apps.heichal.net

2026-01-25 07:33

HTTP/1.1 200 OK
Date: Sun, 25 Jan 2026 07:33:27 GMT
Content-Type: text/html
Content-Length: 7064
Connection: close
Vary: Accept-Encoding
Last-Modified: Thu, 22 Jan 2026 21:10:17 GMT
ETag: "69729239-1b98"
Cache-control: max-age=0, stale-while-revalidate=86400
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Robots-Tag: noindex
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains


<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <meta name="referrer" content="origin" />
    <meta name="theme-color" content="#fff" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    
    <link id="pwa-manifest-placeholder" rel="manifest" href="" />
    <script>
      
      window.RETOOL_FRONTEND_FAKE_BACKEND_MODE = false;
      

      // #PageVisibility
      // Here we detect if user has suspended the browser page / tab since loading
      // See https://developer.mozilla.org/en-US/docs/Web/API/Page_Visibility_API
      window.RETOOL_PAGE_SUSPEND_DETECTED = document.visibilityState === 'hidden'
      function _detectVisibilityChange() {
        if (document.visibilityState === 'hidden') {
          window.RETOOL_PAGE_SUSPEND_DETECTED = true
          // Remove listener because we only detect it once
          document.removeEventListener('visibilitychange', _detectVisibilityChange)
        }
      }
      // Only listen for change if page is not already hidden
      if (document.visibilityState === 'visible') {
        document.addEventListener('visibilitychange', _detectVisibilityChange)
      }
    </script>
    <script>
      // https://stackoverflow.com/a/24103596
      function _getCookie(name) {
        var nameEq = (name += '=')
        var ca = document.cookie.split(';')
        for (var i = 0; i < ca.length; i++) {
          var c = ca[i]
          while (c.charAt(0) === ' ') c = c.substring(1, c.length)
          if (c.indexOf(nameEq) === 0) return c.substring(nameEq.length, c.length)
        }
      }

      // Here we do an eager fetch of user data as a performance optimization. By doing the
      // fetch here, in an inline script, we can fire it asap while the initial webpack
      // bundle loads and evals. This is strictly for performance optimization and non-essential,
      // if this fails to run or has errors then the normal application flow will handle the
      // fetch for user data.

      if (
        !RETOOL_FRONTEND_FAKE_BACKEND_MODE &&
        _getCookie('xsrfToken') && // presence of xsrf token means user is already authed
        window.fetch !== undefined && // make sure fetch api is available
        !new URL(location.origin).host.startsWith('login.') // avoid special login domain
      ) {
        window.RETOOL_USER_FETCH = fetch('/api/user', {
          credentials: 'same-origin',
          headers: {
            Accept: 'application/json',
            'Content-Type': 'application/json',
            'Relax-Login-Subdomain-Restrictions': false,
            'X-Xsrf-Token': _getCookie('xsrfToken'),
            'X-Retool-Client-Version': '3.329.0-2ac04be (Build 298436)',
          },
        }).then((r) => {
          if (r.ok) {
            return r.json()
          }
          return
        })
      }
    </script>
    <script>
      function parseAsBool(envValue, defaultValue) {
        if (envValue === 'true') {
          return true
        } else if (envValue === 'false') {
          return false
        } else {
          return defaultValue
        }
      }

      // Webpack uses slightly unconventional EJS templating which is why we need to duplicate this
      // snippet. ViteJS does it the "right way" and will be the what we keep once migration to
      // Vite is done, so lets just keep this duplicated for now.
      
      SANDBOX_DOMAIN = "https://retool-edge.com"
      ALLOW_SAME_ORIGIN_OPTION = parseAsBool("true", false)
      MAIN_DOMAIN = "retool.com"
      SAML_ENABLED = parseAsBool("false", false)
      CLIENT_ID = "716367306867-d861tjqj92gjb0uphcjt8gu2nvtf6e9t.apps.googleusercontent.com"
      RESTRICTED_DOMAIN = ""
      DISABLE_USER_PASS_LOGIN = parseAsBool("false", false)
      INCLUDE_COOKIES_IN_API_CALLS = ""
      VERSION_CONTROL_LOCKED = parseAsBool("false", false)
      IS_ADMIN = parseAsBool("false", false)
      WEBPACK_SHARED_BUILD_VERSION = "298436_2ac04be"
      STATSD_HOST = "__STATSD_HOST__"
      RETOOL_APP_VARIANT = 'vite'
      const retoolVersionForServiceWorker = '3.329.0-2ac04be (Build

Found 2026-01-25 by HttpPlugin

Create report

Open service 35.92.202.170:443 · apps.heichal.net

2026-01-25 07:33

HTTP/1.1 200 OK
Date: Sun, 25 Jan 2026 07:33:27 GMT
Content-Type: text/html
Content-Length: 7064
Connection: close
Vary: Accept-Encoding
Last-Modified: Thu, 22 Jan 2026 21:10:13 GMT
ETag: "69729235-1b98"
Cache-control: max-age=0, stale-while-revalidate=86400
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Robots-Tag: noindex
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains


<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <meta name="referrer" content="origin" />
    <meta name="theme-color" content="#fff" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    
    <link id="pwa-manifest-placeholder" rel="manifest" href="" />
    <script>
      
      window.RETOOL_FRONTEND_FAKE_BACKEND_MODE = false;
      

      // #PageVisibility
      // Here we detect if user has suspended the browser page / tab since loading
      // See https://developer.mozilla.org/en-US/docs/Web/API/Page_Visibility_API
      window.RETOOL_PAGE_SUSPEND_DETECTED = document.visibilityState === 'hidden'
      function _detectVisibilityChange() {
        if (document.visibilityState === 'hidden') {
          window.RETOOL_PAGE_SUSPEND_DETECTED = true
          // Remove listener because we only detect it once
          document.removeEventListener('visibilitychange', _detectVisibilityChange)
        }
      }
      // Only listen for change if page is not already hidden
      if (document.visibilityState === 'visible') {
        document.addEventListener('visibilitychange', _detectVisibilityChange)
      }
    </script>
    <script>
      // https://stackoverflow.com/a/24103596
      function _getCookie(name) {
        var nameEq = (name += '=')
        var ca = document.cookie.split(';')
        for (var i = 0; i < ca.length; i++) {
          var c = ca[i]
          while (c.charAt(0) === ' ') c = c.substring(1, c.length)
          if (c.indexOf(nameEq) === 0) return c.substring(nameEq.length, c.length)
        }
      }

      // Here we do an eager fetch of user data as a performance optimization. By doing the
      // fetch here, in an inline script, we can fire it asap while the initial webpack
      // bundle loads and evals. This is strictly for performance optimization and non-essential,
      // if this fails to run or has errors then the normal application flow will handle the
      // fetch for user data.

      if (
        !RETOOL_FRONTEND_FAKE_BACKEND_MODE &&
        _getCookie('xsrfToken') && // presence of xsrf token means user is already authed
        window.fetch !== undefined && // make sure fetch api is available
        !new URL(location.origin).host.startsWith('login.') // avoid special login domain
      ) {
        window.RETOOL_USER_FETCH = fetch('/api/user', {
          credentials: 'same-origin',
          headers: {
            Accept: 'application/json',
            'Content-Type': 'application/json',
            'Relax-Login-Subdomain-Restrictions': false,
            'X-Xsrf-Token': _getCookie('xsrfToken'),
            'X-Retool-Client-Version': '3.329.0-2ac04be (Build 298436)',
          },
        }).then((r) => {
          if (r.ok) {
            return r.json()
          }
          return
        })
      }
    </script>
    <script>
      function parseAsBool(envValue, defaultValue) {
        if (envValue === 'true') {
          return true
        } else if (envValue === 'false') {
          return false
        } else {
          return defaultValue
        }
      }

      // Webpack uses slightly unconventional EJS templating which is why we need to duplicate this
      // snippet. ViteJS does it the "right way" and will be the what we keep once migration to
      // Vite is done, so lets just keep this duplicated for now.
      
      SANDBOX_DOMAIN = "https://retool-edge.com"
      ALLOW_SAME_ORIGIN_OPTION = parseAsBool("true", false)
      MAIN_DOMAIN = "retool.com"
      SAML_ENABLED = parseAsBool("false", false)
      CLIENT_ID = "716367306867-d861tjqj92gjb0uphcjt8gu2nvtf6e9t.apps.googleusercontent.com"
      RESTRICTED_DOMAIN = ""
      DISABLE_USER_PASS_LOGIN = parseAsBool("false", false)
      INCLUDE_COOKIES_IN_API_CALLS = ""
      VERSION_CONTROL_LOCKED = parseAsBool("false", false)
      IS_ADMIN = parseAsBool("false", false)
      WEBPACK_SHARED_BUILD_VERSION = "298436_2ac04be"
      STATSD_HOST = "__STATSD_HOST__"
      RETOOL_APP_VARIANT = 'vite'
      const retoolVersionForServiceWorker = '3.329.0-2ac04be (Build

Found 2026-01-25 by HttpPlugin

Create report

Open service 35.92.202.169:80 · apps.heichal.net

2026-01-25 07:33

HTTP/1.1 308 Permanent Redirect
Date: Sun, 25 Jan 2026 07:33:27 GMT
Content-Type: text/html
Content-Length: 164
Connection: close
Location: https://apps.heichal.net

Page title: 308 Permanent Redirect

<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2026-01-25 by HttpPlugin

Create report

Open service 35.92.202.170:80 · apps.heichal.net

2026-01-25 07:33

HTTP/1.1 308 Permanent Redirect
Date: Sun, 25 Jan 2026 07:33:27 GMT
Content-Type: text/html
Content-Length: 164
Connection: close
Location: https://apps.heichal.net

Page title: 308 Permanent Redirect

<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2026-01-25 by HttpPlugin

Create report

Open service 35.92.202.169:443 · apps.heichal.net

2026-01-25 07:33

HTTP/1.1 200 OK
Date: Sun, 25 Jan 2026 07:33:27 GMT
Content-Type: text/html
Content-Length: 7064
Connection: close
Vary: Accept-Encoding
Last-Modified: Thu, 22 Jan 2026 21:11:00 GMT
ETag: "69729264-1b98"
Cache-control: max-age=0, stale-while-revalidate=86400
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Robots-Tag: noindex
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains


<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <meta name="referrer" content="origin" />
    <meta name="theme-color" content="#fff" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    
    <link id="pwa-manifest-placeholder" rel="manifest" href="" />
    <script>
      
      window.RETOOL_FRONTEND_FAKE_BACKEND_MODE = false;
      

      // #PageVisibility
      // Here we detect if user has suspended the browser page / tab since loading
      // See https://developer.mozilla.org/en-US/docs/Web/API/Page_Visibility_API
      window.RETOOL_PAGE_SUSPEND_DETECTED = document.visibilityState === 'hidden'
      function _detectVisibilityChange() {
        if (document.visibilityState === 'hidden') {
          window.RETOOL_PAGE_SUSPEND_DETECTED = true
          // Remove listener because we only detect it once
          document.removeEventListener('visibilitychange', _detectVisibilityChange)
        }
      }
      // Only listen for change if page is not already hidden
      if (document.visibilityState === 'visible') {
        document.addEventListener('visibilitychange', _detectVisibilityChange)
      }
    </script>
    <script>
      // https://stackoverflow.com/a/24103596
      function _getCookie(name) {
        var nameEq = (name += '=')
        var ca = document.cookie.split(';')
        for (var i = 0; i < ca.length; i++) {
          var c = ca[i]
          while (c.charAt(0) === ' ') c = c.substring(1, c.length)
          if (c.indexOf(nameEq) === 0) return c.substring(nameEq.length, c.length)
        }
      }

      // Here we do an eager fetch of user data as a performance optimization. By doing the
      // fetch here, in an inline script, we can fire it asap while the initial webpack
      // bundle loads and evals. This is strictly for performance optimization and non-essential,
      // if this fails to run or has errors then the normal application flow will handle the
      // fetch for user data.

      if (
        !RETOOL_FRONTEND_FAKE_BACKEND_MODE &&
        _getCookie('xsrfToken') && // presence of xsrf token means user is already authed
        window.fetch !== undefined && // make sure fetch api is available
        !new URL(location.origin).host.startsWith('login.') // avoid special login domain
      ) {
        window.RETOOL_USER_FETCH = fetch('/api/user', {
          credentials: 'same-origin',
          headers: {
            Accept: 'application/json',
            'Content-Type': 'application/json',
            'Relax-Login-Subdomain-Restrictions': false,
            'X-Xsrf-Token': _getCookie('xsrfToken'),
            'X-Retool-Client-Version': '3.329.0-2ac04be (Build 298436)',
          },
        }).then((r) => {
          if (r.ok) {
            return r.json()
          }
          return
        })
      }
    </script>
    <script>
      function parseAsBool(envValue, defaultValue) {
        if (envValue === 'true') {
          return true
        } else if (envValue === 'false') {
          return false
        } else {
          return defaultValue
        }
      }

      // Webpack uses slightly unconventional EJS templating which is why we need to duplicate this
      // snippet. ViteJS does it the "right way" and will be the what we keep once migration to
      // Vite is done, so lets just keep this duplicated for now.
      
      SANDBOX_DOMAIN = "https://retool-edge.com"
      ALLOW_SAME_ORIGIN_OPTION = parseAsBool("true", false)
      MAIN_DOMAIN = "retool.com"
      SAML_ENABLED = parseAsBool("false", false)
      CLIENT_ID = "716367306867-d861tjqj92gjb0uphcjt8gu2nvtf6e9t.apps.googleusercontent.com"
      RESTRICTED_DOMAIN = ""
      DISABLE_USER_PASS_LOGIN = parseAsBool("false", false)
      INCLUDE_COOKIES_IN_API_CALLS = ""
      VERSION_CONTROL_LOCKED = parseAsBool("false", false)
      IS_ADMIN = parseAsBool("false", false)
      WEBPACK_SHARED_BUILD_VERSION = "298436_2ac04be"
      STATSD_HOST = "__STATSD_HOST__"
      RETOOL_APP_VARIANT = 'vite'
      const retoolVersionForServiceWorker = '3.329.0-2ac04be (Build

Found 2026-01-25 by HttpPlugin

Create report

Open service 104.21.112.1:443 · www.heichal.net

2026-01-22 23:13

HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Jan 2026 23:13:28 GMT
Content-Length: 0
Connection: close
Location: https://heichal.net/
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=L2n%2BOYKvwyx3gSeAKWFlAdoV8UIAK7Dw4N6budTSWOx5fypWf56B7LwMnnHiGBPbOW10fORnS5YrqfGrX04a36NWM8exrWKggQR0BRp66g%3D%3D"}]}
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server: cloudflare
CF-RAY: 9c22bdfb39cb4d63-YYZ

Found 2026-01-22 by HttpPlugin

Create report

Open service 104.21.32.1:80 · www.heichal.net

2026-01-22 21:11

HTTP/1.1 403 Forbidden
Date: Thu, 22 Jan 2026 21:11:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Server: cloudflare
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
X-Cache: Error from cloudfront
Via: 1.1 bafba29f1325f15932567e0ae2d444a4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P3
X-Amz-Cf-Id: hWcBVOiDOdbHx82Qch2ft180Cywgbo9NZVHOhcmCWHGdcq7GY1ev4A==
cf-cache-status: DYNAMIC
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0SPgDFMI13dKWG0nEI9pOGPVXuvk2OPXEAnx0Mj2crWbMhBxkyqRhdo9rt1f%2FFwYUGjxGX2TYit%2BQl82QjyHUorykjcM6yGPSP8XIOgCQw%3D%3D"}]}
CF-RAY: 9c220ae17dee37f7-FRA
alt-svc: h3=":443"; ma=86400

Page title: ERROR: The request could not be satisfied

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: hWcBVOiDOdbHx82Qch2ft180Cywgbo9NZVHOhcmCWHGdcq7GY1ev4A==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

Found 2026-01-22 by HttpPlugin

Create report

Open service 104.21.32.1:80 · heichal.net

2026-01-22 20:29

HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Jan 2026 20:29:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Server: cloudflare
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Location: https://heichal.net/
X-Cache: Redirect from cloudfront
Via: 1.1 3bdef981159de9c713020c64476ba0e4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P2
X-Amz-Cf-Id: 73vMRu8DeubR-ixi8vdPgF6socUvOQro52T7XFeLcLVG8xPv6DitvQ==
cf-cache-status: DYNAMIC
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dqLiFsJxup6XeMncvHXcbf972k4dWZamkU8Ws94zhp2OscqmcR%2F%2FaEgBHPV9zSCu7z75X2HyAWdEumkQNszTVxXitHkzqvrg9n63"}]}
CF-RAY: 9c21ce257fa4560e-AMS
alt-svc: h3=":443"; ma=86400

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

Found 2026-01-22 by HttpPlugin

Create report

Open service 104.21.96.1:443 · heichal.net

2026-01-22 20:23

HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Jan 2026 20:23:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Server: cloudflare
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Location: https://heichal.net/
X-Cache: Redirect from cloudfront
Via: 1.1 236fbed8f1be57bca7880d295ff3916c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: JFK50-P15
X-Amz-Cf-Id: pNSJ-OqJxPYdu1hYvUoOWQufI_HxTMjw8pWE2aM-dl9T0hhzCi8ZRg==
cf-cache-status: DYNAMIC
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rVs6etXreMMnr2xtBzf6hKShrrSi9JPK7w70kbInETc1fwi1lKG%2FTTiTaj7Nscj81ULBzVfhgIA3kgmwMQ2pQzPxBnlxQ4E6167Z"}]}
CF-RAY: 9c21c5646d2fc52b-EWR
alt-svc: h3=":443"; ma=86400

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

Found 2026-01-22 by HttpPlugin