urlscan.io logo urlscan.io
SecurityTrails logo

fbdlspstableb2c.b2clogin.com Open in urlscan Pro
2603:1037:1:8::6  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://carina.dev.apps.lsp.freshfields.com/
Effective URL: https://fbdlspstableb2c.b2clogin.com/fbdlspstableb2c.onmicrosoft.com/b2c_1a_sign_in/oauth2/v2.0/authorize?response_type=code&response...
Submission: On January 01 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 20 HTTP transactions. The main IP is 2603:1037:1:8::6, located in and belongs to . The main domain is fbdlspstableb2c.b2clogin.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on November 10th 2023. Valid for: a year.
This is the only time fbdlspstableb2c.b2clogin.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 20.54.188.142 8075 (MICROSOFT...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2603:1037:1:8::6 ()
20 5
Domain Requested by
15 carina.dev.apps.lsp.freshfields.com carina.dev.apps.lsp.freshfields.com
2 fbdlspstableb2c.b2clogin.com carina.dev.apps.lsp.freshfields.com
fbdlspstableb2c.b2clogin.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com carina.dev.apps.lsp.freshfields.com
0 fbdlspstable.blob.core.windows.net Failed fbdlspstableb2c.b2clogin.com
20 5

This site contains no links.

Subject Issuer Validity Valid
carina.dev.apps.lsp.freshfields.com
R3		 2023-11-29 -
2024-02-27		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
graph.windows.net
DigiCert SHA2 Secure Server CA		 2023-11-10 -
2024-11-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://fbdlspstableb2c.b2clogin.com/fbdlspstableb2c.onmicrosoft.com/b2c_1a_sign_in/oauth2/v2.0/authorize?response_type=code&response_mode=query&client_id=c6304da8-2ff0-4380-93e5-69c0111fe7f4&redirect_uri=https%3A%2F%2Fcarina.dev.apps.lsp.freshfields.com%2Foauth%2Fv2%2Fcallback&display=page&scope=openid%20openid&state=dca2933e-5f8d-4f80-87da-c1752add1d13
Frame ID: 6B0B7E10A1072B9C2339742C53CED7DA
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Freshfields

Page URL History Show full URLs

  1. https://carina.dev.apps.lsp.freshfields.com/ Page URL
  2. https://fbdlspstableb2c.b2clogin.com/fbdlspstableb2c.onmicrosoft.com/b2c_1a_sign_in/oauth2/v2.0/authorize?respons... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

95 %
HTTPS

75 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

2233 kB
Transfer

8404 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://carina.dev.apps.lsp.freshfields.com/ Page URL
  2. https://fbdlspstableb2c.b2clogin.com/fbdlspstableb2c.onmicrosoft.com/b2c_1a_sign_in/oauth2/v2.0/authorize?response_type=code&response_mode=query&client_id=c6304da8-2ff0-4380-93e5-69c0111fe7f4&redirect_uri=https%3A%2F%2Fcarina.dev.apps.lsp.freshfields.com%2Foauth%2Fv2%2Fcallback&display=page&scope=openid%20openid&state=dca2933e-5f8d-4f80-87da-c1752add1d13 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
carina.dev.apps.lsp.freshfields.com/ 		8 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1e18eccc4f3bee27f222ed36a30eeb9ab9c72840fe4f44dbca57296011a3a6d3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-cache
content-encoding
gzip
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-type
text/html
date
Mon, 01 Jan 2024 21:16:42 GMT
expires
Sun, 01 Jan 2023 21:16:42 UTC
last-modified
Wed, 27 Dec 2023 09:58:34 UTC
strict-transport-security
max-age=15724800; includeSubDomains
theme.compiled.css
carina.dev.apps.lsp.freshfields.com/ 		948 KB
147 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/theme.compiled.css?638392678240868426
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8ff2352f916ff78a805e62c061e14303be2151ea8a3957871654e98bb62ba1c0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://carina.dev.apps.lsp.freshfields.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 21:16:42 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 27 Dec 2023 09:58:34 UTC
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-type
text/css
cache-control
max-age=31536000
expires
Tue, 31 Dec 2024 21:16:42 GMT
powerbi.min.js
carina.dev.apps.lsp.freshfields.com/external/ 		129 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/external/powerbi.min.js?638392678240868426
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c0b050e29233f642dbf8c9cd267f318cf655b18f91557a2f51347cd9ecce44d2
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://carina.dev.apps.lsp.freshfields.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 21:16:42 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 27 Dec 2023 09:58:34 UTC
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-type
application/javascript
cache-control
max-age=31536000
expires
Tue, 31 Dec 2024 21:16:42 GMT
mxui.js
carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/ 		1 MB
353 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/mxui.js?638392678240868426
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
09d5f23cd3e31ced36ded17e61150192b372ac7956fd15fd4a7e258b5a9f5380
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://carina.dev.apps.lsp.freshfields.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 21:16:42 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 22 Sep 2023 11:39:42 UTC
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-type
application/javascript
cache-control
max-age=31536000
expires
Tue, 31 Dec 2024 21:16:42 GMT
css
fonts.googleapis.com/ 		12 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat:100,200,300,400,500,600,700
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/theme.compiled.css?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6a351583981ca79fa4afd63fa3249ed2c8b3a1b851f77ddde3ceede1728ea38f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://carina.dev.apps.lsp.freshfields.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 01 Jan 2024 21:16:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 01 Jan 2024 20:59:22 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 01 Jan 2024 21:16:43 GMT
metamodel.json
carina.dev.apps.lsp.freshfields.com/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/metamodel.json?638392678240868426
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/mxui.js?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
734ffcdb4221c2a260eaa365ced139658211171cc374b51145378b50d489bd08
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

x-mx-reqtoken
1704143803508-0
Referer
https://carina.dev.apps.lsp.freshfields.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires
Sun, 01 Jan 2023 21:16:43 UTC
date
Mon, 01 Jan 2024 21:16:43 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 27 Dec 2023 09:58:34 UTC
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-type
application/json
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type
image/gif
/
carina.dev.apps.lsp.freshfields.com/xas/ 		23 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/xas/
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/mxui.js?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ff3c8b911f3c23a017375d5cef42efb627fbde4f202a2495ff6a5d9477ec68b5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

x-mx-reqtoken
1704143803675-1
accept
application/json
Referer
https://carina.dev.apps.lsp.freshfields.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

expires
Thu, 01 Jan 1970 00:00:00 GMT
date
Mon, 01 Jan 2024 21:16:46 GMT
cache-control
no-store
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-type
application/json;charset=utf-8
widgets.css
carina.dev.apps.lsp.freshfields.com/widgets/ 		190 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/widgets/widgets.css?638392678240868426
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/mxui.js?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
bbfc29789d59188f14d3412a199d989fc840a2b60d76741412f1e64151364881
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://carina.dev.apps.lsp.freshfields.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 21:16:46 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 27 Dec 2023 09:58:34 UTC
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-type
text/css
cache-control
max-age=31536000
expires
Tue, 31 Dec 2024 21:16:46 GMT
widgets.js
carina.dev.apps.lsp.freshfields.com/widgets/ 		5 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/widgets/widgets.js?638392678240868426
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/mxui.js?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e5f37d196e5fdb4c92b455b85b315300a309cd530cdb519f953fad24da06a9d7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://carina.dev.apps.lsp.freshfields.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 21:16:46 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 27 Dec 2023 09:58:34 UTC
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-type
application/javascript
cache-control
max-age=31536000
expires
Tue, 31 Dec 2024 21:16:46 GMT
widgets_en-us.js
carina.dev.apps.lsp.freshfields.com/widgets/nls/ 		12 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/widgets/nls/widgets_en-us.js?638392678240868426
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/mxui.js?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
97d72454a871a5e5932cb297e057ddb4127e2cc1c833a22d4ef27ebe2fd735a9
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://carina.dev.apps.lsp.freshfields.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 21:16:47 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 27 Dec 2023 09:58:35 UTC
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-type
application/javascript
cache-control
max-age=31536000
expires
Tue, 31 Dec 2024 21:16:47 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 		32 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,200,300,400,500,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://carina.dev.apps.lsp.freshfields.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 26 Dec 2023 18:34:59 GMT
x-content-type-options
nosniff
age
528108
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33092
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:51:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Dec 2024 18:34:59 GMT
PAGE_Login_Anonymous.page.xml
carina.dev.apps.lsp.freshfields.com/pages/en_US/EAMUserManagement/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/pages/en_US/EAMUserManagement/PAGE_Login_Anonymous.page.xml?638392678240868426
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/mxui.js?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c7168da4287b46feedc69b2031f9d3a4920de22cf620b46d86023d750a6838c9
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

x-mx-reqtoken
1704143807632-2
Referer
https://carina.dev.apps.lsp.freshfields.com/
x-csrf-token
b29eb91a-d7a0-4709-80dd-5c0f6677461b
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 21:16:47 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 27 Dec 2023 09:58:35 UTC
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-type
application/xml
cache-control
max-age=31536000
expires
Tue, 31 Dec 2024 21:16:47 GMT
Layout_Blank.layout.xml
carina.dev.apps.lsp.freshfields.com/pages/en_US/FreshfieldsStyleGuide/ 		713 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/pages/en_US/FreshfieldsStyleGuide/Layout_Blank.layout.xml?638392678240868426
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/mxui.js?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

x-mx-reqtoken
1704143807908-3
Referer
https://carina.dev.apps.lsp.freshfields.com/
x-csrf-token
b29eb91a-d7a0-4709-80dd-5c0f6677461b
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 21:16:47 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
last-modified
Wed, 27 Dec 2023 09:58:35 UTC
content-type
application/xml
cache-control
max-age=31536000
content-length
713
expires
Tue, 31 Dec 2024 21:16:47 GMT
fa-solid-900.woff2
carina.dev.apps.lsp.freshfields.com/webfonts/ 		264 KB
265 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/webfonts/fa-solid-900.woff2
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/theme.compiled.css?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://carina.dev.apps.lsp.freshfields.com/theme.compiled.css?638392678240868426
Origin
https://carina.dev.apps.lsp.freshfields.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires
Sun, 01 Jan 2023 21:16:48 UTC
date
Mon, 01 Jan 2024 21:16:48 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
last-modified
Wed, 27 Dec 2023 09:58:34 UTC
content-type
font/woff2
/
carina.dev.apps.lsp.freshfields.com/xas/ 		598 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/xas/
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/mxui.js?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

x-mx-reqtoken
1704143808249-4
accept
application/json
Referer
https://carina.dev.apps.lsp.freshfields.com/
x-csrf-token
b29eb91a-d7a0-4709-80dd-5c0f6677461b
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Mon, 01 Jan 2024 21:16:48 GMT
cache-control
no-store
strict-transport-security
max-age=15724800; includeSubDomains
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-length
598
content-type
application/json;charset=utf-8
jsactions.js
carina.dev.apps.lsp.freshfields.com/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/jsactions.js?638392678240868426
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/mxui.js?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://carina.dev.apps.lsp.freshfields.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 21:16:48 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 27 Dec 2023 09:58:34 UTC
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-type
application/javascript
cache-control
max-age=31536000
expires
Tue, 31 Dec 2024 21:16:48 GMT
/
carina.dev.apps.lsp.freshfields.com/xas/ 		517 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://carina.dev.apps.lsp.freshfields.com/xas/
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/mxclientsystem/mxui/mxui.js?638392678240868426
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.54.188.142 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

x-mx-reqtoken
1704143808725-5
accept
application/json
Referer
https://carina.dev.apps.lsp.freshfields.com/
x-csrf-token
b29eb91a-d7a0-4709-80dd-5c0f6677461b
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Mon, 01 Jan 2024 21:16:49 GMT
cache-control
no-store
strict-transport-security
max-age=15724800; includeSubDomains
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
content-length
517
content-type
application/json;charset=utf-8
Primary Request authorize
fbdlspstableb2c.b2clogin.com/fbdlspstableb2c.onmicrosoft.com/b2c_1a_sign_in/oauth2/v2.0/ 		31 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fbdlspstableb2c.b2clogin.com/fbdlspstableb2c.onmicrosoft.com/b2c_1a_sign_in/oauth2/v2.0/authorize?response_type=code&response_mode=query&client_id=c6304da8-2ff0-4380-93e5-69c0111fe7f4&redirect_uri=https%3A%2F%2Fcarina.dev.apps.lsp.freshfields.com%2Foauth%2Fv2%2Fcallback&display=page&scope=openid%20openid&state=dca2933e-5f8d-4f80-87da-c1752add1d13
Requested by
Host: carina.dev.apps.lsp.freshfields.com
URL: https://carina.dev.apps.lsp.freshfields.com/jsactions.js?638392678240868426
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1037:1:8::6 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
6c187c0e918b4307e84accc8d24c780dc494de4c7cf2c319db36effb9fa15f8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://carina.dev.apps.lsp.freshfields.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Allow
OPTIONS TRACE GET HEAD POST
Cache-Control
no-store, must-revalidate, no-cache
Content-Encoding
gzip
Content-Length
13736
Content-Type
text/html; charset=utf-8
Date
Mon, 01 Jan 2024 21:16:50 GMT
Expires
-1
Public
OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Build
1.1.19.0
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Request-ID
7049ec5c-7317-45b0-9f58-9f86de18d043
X-UA-Compatible
IE=edge
X-XSS-Protection
1; mode=block
x-ms-gateway-requestid
ef39f7ab-3bd6-4480-a985-b602033916e6
jquery-bundle-1.10.2.min.js
fbdlspstableb2c.b2clogin.com/static/bundles/ 		100 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fbdlspstableb2c.b2clogin.com/static/bundles/jquery-bundle-1.10.2.min.js?slice=001-000&dc=DB3
Requested by
Host: fbdlspstableb2c.b2clogin.com
URL: https://fbdlspstableb2c.b2clogin.com/fbdlspstableb2c.onmicrosoft.com/b2c_1a_sign_in/oauth2/v2.0/authorize?response_type=code&response_mode=query&client_id=c6304da8-2ff0-4380-93e5-69c0111fe7f4&redirect_uri=https%3A%2F%2Fcarina.dev.apps.lsp.freshfields.com%2Foauth%2Fv2%2Fcallback&display=page&scope=openid%20openid&state=dca2933e-5f8d-4f80-87da-c1752add1d13
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1037:1:8::6 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
a035f5bc873960a65bcb6493b4d18782247a5a5d8cad443d297c853b09ea7bb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fbdlspstableb2c.b2clogin.com/fbdlspstableb2c.onmicrosoft.com/b2c_1a_sign_in/oauth2/v2.0/authorize?response_type=code&response_mode=query&client_id=c6304da8-2ff0-4380-93e5-69c0111fe7f4&redirect_uri=https%3A%2F%2Fcarina.dev.apps.lsp.freshfields.com%2Foauth%2Fv2%2Fcallback&display=page&scope=openid%20openid&state=dca2933e-5f8d-4f80-87da-c1752add1d13
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Mon, 01 Jan 2024 21:16:51 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 08 Dec 2023 10:04:40 GMT
ETag
"06c30f5bd29da1:0"
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
application/javascript
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Accept-Ranges
bytes
Content-Length
101973
X-XSS-Protection
1; mode=block
pageTemplate.html
fbdlspstable.blob.core.windows.net/ief-ui/ief-ui/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fbdlspstable.blob.core.windows.net
URL
https://fbdlspstable.blob.core.windows.net/ief-ui/ief-ui/pageTemplate.html

Verdicts & Comments Add Verdict or Comment

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| dojoConfig object| powerbi object| powerbi-client function| define function| require object| dojo object| dijit object| dojox object| mxJsonp number| __mobxInstanceCount object| __mobxGlobals function| dojoDynamicRequire object| mendix object| mxui object| mx object| logger function| $ function| jQuery object| hljs object| MicroflowTimer object| SimpleCheckboxSetSelector object| SetAttribute object| DataviewLoader object| KeyboardShortcut object| GridSearch object| regeneratorRuntime object| StructureGraph string| CKEDITOR_BASEPATH object| CKEDITOR object| CKEditorForMendix object| CKEditorViewer object| webpackJsonp object| HTMLSnippet object| jQuery1112023336663320793072 object| BootstrapMultiSelectForMendix object| BootstrapTooltip object| Mansystems

6 Cookies

Domain/Path Name / Value
carina.dev.apps.lsp.freshfields.com/ Name: originURI
Value: /login.html
carina.dev.apps.lsp.freshfields.com/ Name: __Host-SessionTimeZoneOffset
Value: 600
carina.dev.apps.lsp.freshfields.com/ Name: __Host-XASSESSIONID
Value: 12d6d608-cbb7-4778-97cc-0ed0eab14731
carina.dev.apps.lsp.freshfields.com/ Name: xasid
Value: 0.8c7659e3-f6c2-4c40-92e5-8678c8e23d10
carina.dev.apps.lsp.freshfields.com/ Name: __Host-DeviceType
Value: Desktop
carina.dev.apps.lsp.freshfields.com/ Name: __Host-Profile
Value: Responsive

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; manifest-src 'self'; frame-src 'self' https://app.powerbi.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://apmmanager100.mendixcloud.com/resources/agents/apd/; connect-src https://cdn.plot.ly/ 'self'; img-src data: http://www.w3.org/2000/svg https://fbdmendixappsprod.blob.core.windows.net/public-images/ 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/s/ ; frame-ancestors 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains