urlscan.io logo urlscan.io
SecurityTrails logo

auth.devel.blueflagsecurity.com Open in urlscan Pro
18.66.192.2  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://2362c06806-is.devel.blueflagsecurity.com/
Effective URL: https://auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/protocol/openid-connect/auth?client_id=2362c068061fe8209...
Submission: On September 20 via automatic, source certstream-suspicious — Scanned from IS
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 3 domains to perform 13 HTTP transactions. The main IP is 18.66.192.2, located in United States and belongs to AMAZON-02, US. The main domain is auth.devel.blueflagsecurity.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on March 14th 2024. Valid for: a year.
This is the only time auth.devel.blueflagsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 3.165.206.29 16509 (AMAZON-02)
4 172.217.16.202 15169 (GOOGLE)
4 18.66.192.2 16509 (AMAZON-02)
2 18.239.69.107 16509 (AMAZON-02)
13 5
Domain Requested by
4 auth.devel.blueflagsecurity.com 2362c06806-is.devel.blueflagsecurity.com
auth.devel.blueflagsecurity.com
4 fonts.googleapis.com 2362c06806-is.devel.blueflagsecurity.com
auth.devel.blueflagsecurity.com
3 2362c06806-is.devel.blueflagsecurity.com 2362c06806-is.devel.blueflagsecurity.com
2 cdn.identityscience.ai
13 4

This site contains no links.

Subject Issuer Validity Valid
2362c06806-is.devel.identityscience.ai
Amazon RSA 2048 M02		 2024-03-14 -
2025-04-12		 a year crt.sh
upload.video.google.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
auth.devel.identityscience.ai
Amazon RSA 2048 M03		 2024-03-14 -
2025-04-12		 a year crt.sh
cdn.identityscience.ai
Amazon RSA 2048 M02		 2023-11-28 -
2024-12-26		 a year crt.sh

This page contains 1 frames:

Primary Page: https://auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/protocol/openid-connect/auth?client_id=2362c068061fe82090ca8a533da0eecf-id&redirect_uri=https%3A%2F%2F2362c06806-is.devel.blueflagsecurity.com%2F&state=41ee7c41-ad51-4648-84ec-c1e2c3a0686b&response_mode=fragment&response_type=code&scope=openid&nonce=a472e7e8-6f49-420a-b515-fdee889e922a&code_challenge=jaWWd3RkGAFWFjIZE1dqIBUvXy4lhTo-Nd69QAVPSLg&code_challenge_method=S256
Frame ID: 78F865C589819BFF682C31F0640137E8
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In - BlueFlag SecuritySign in to yasha-devel

Page URL History Show full URLs

  1. https://2362c06806-is.devel.blueflagsecurity.com/ Page URL
  2. https://auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/protocol/openid-connect/auth?client_... Page URL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

1
Countries

1411 kB
Transfer

5314 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://2362c06806-is.devel.blueflagsecurity.com/ Page URL
  2. https://auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/protocol/openid-connect/auth?client_id=2362c068061fe82090ca8a533da0eecf-id&redirect_uri=https%3A%2F%2F2362c06806-is.devel.blueflagsecurity.com%2F&state=41ee7c41-ad51-4648-84ec-c1e2c3a0686b&response_mode=fragment&response_type=code&scope=openid&nonce=a472e7e8-6f49-420a-b515-fdee889e922a&code_challenge=jaWWd3RkGAFWFjIZE1dqIBUvXy4lhTo-Nd69QAVPSLg&code_challenge_method=S256 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
2362c06806-is.devel.blueflagsecurity.com/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://2362c06806-is.devel.blueflagsecurity.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.165.206.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-165-206-29.vie50.r.cloudfront.net
Software
CloudFront /
Resource Hash
8f73791e53f799f24252f60a9629f79db594eda2675537f610cfb2f77146bd50
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-TsjSCX4yUK50HmnZXTe4FVW3iPTz1cIqzuXQu1ozcFU=' https://cdn.jsdelivr.net; style-src 'sha256-qN0d6FT3pRyau7L14JEHQMn8Ti4djslDh02iZNwfxjM=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-vCpS8VyHtSqXbN/JkDhke+jauUq+p7lBAVCL+C75wZo=' 'sha256-zgSxRnZhYL95SrlCCT5dv1FrNDaGYumofAC9vu36i5E=' 'sha256-1bzGMkEeI+/kFRn7HejIz9jDRdwW65cDGWZqgX3CTcQ=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-lGP/R5jOMXytzwBHVEM5Nv4XbT9fuH6V2dET/0dje2s=' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' https://cdn.identityscience.ai https://fastapi.tiangolo.com data:; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' github.com; connect-src 'self' cdn.identityscience.ai localhost:3000 *.devel.identityscience.ai *.devel.blueflagsecurity.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, must-revalidate, max-age=0
content-encoding
br
content-security-policy
default-src 'self'; script-src 'self' 'sha256-TsjSCX4yUK50HmnZXTe4FVW3iPTz1cIqzuXQu1ozcFU=' https://cdn.jsdelivr.net; style-src 'sha256-qN0d6FT3pRyau7L14JEHQMn8Ti4djslDh02iZNwfxjM=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-vCpS8VyHtSqXbN/JkDhke+jauUq+p7lBAVCL+C75wZo=' 'sha256-zgSxRnZhYL95SrlCCT5dv1FrNDaGYumofAC9vu36i5E=' 'sha256-1bzGMkEeI+/kFRn7HejIz9jDRdwW65cDGWZqgX3CTcQ=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-lGP/R5jOMXytzwBHVEM5Nv4XbT9fuH6V2dET/0dje2s=' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' https://cdn.identityscience.ai https://fastapi.tiangolo.com data:; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' github.com; connect-src 'self' cdn.identityscience.ai localhost:3000 *.devel.identityscience.ai *.devel.blueflagsecurity.com;
content-type
text/html
date
Fri, 20 Sep 2024 19:58:14 GMT
etag
W/"a75bcbe135288e52cd5a85a35f2df55c"
last-modified
Fri, 20 Sep 2024 19:51:56 GMT
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self, "https://*.devel.identityscience.ai", "https://*.devel.blueflagsecurity.com"), clipboard-write=(self, "https://*.devel.identityscience.ai", "https://*.devel.blueflagsecurity.com"), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
pragma
no-cache
server
CloudFront
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Origin
via
1.1 6941fd25181b0a23e67d60483416069a.cloudfront.net (CloudFront)
x-amz-cf-id
KVZ4zAQEa-7qc_QRsvZs4r8olYIwR9GJMEUikqka2avGoFkWhHRobA==
x-amz-cf-pop
VIE50-P3
x-amz-server-side-encryption
AES256
x-amz-version-id
OZ5Vhr1pldpK_eb77tupihgvqZYbxsKY
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
css2
fonts.googleapis.com/ 		4 KB
913 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,300;0,400;0,500;1,600;1,700&display=swap
Requested by
Host: 2362c06806-is.devel.blueflagsecurity.com
URL: https://2362c06806-is.devel.blueflagsecurity.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f202.1e100.net
Software
ESF /
Resource Hash
c405d35d906280c38812d0368419c0a99c10245910be02ff68999593accab7a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://2362c06806-is.devel.blueflagsecurity.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 20 Sep 2024 19:58:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 19:58:13 GMT
content-type
text/css; charset=utf-8
last-modified
Fri, 20 Sep 2024 19:58:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css2
fonts.googleapis.com/ 		27 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&family=Poppins:ital,wght@0,100;0,200;0,300;0,400;1,100;1,200;1,300;1,400&display=swap
Requested by
Host: 2362c06806-is.devel.blueflagsecurity.com
URL: https://2362c06806-is.devel.blueflagsecurity.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f202.1e100.net
Software
ESF /
Resource Hash
9b21d843504557d73e2971bc5e781c1eb24e0d1578aa3c14575705b7ed5a41c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://2362c06806-is.devel.blueflagsecurity.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 20 Sep 2024 19:58:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 19:58:13 GMT
content-type
text/css; charset=utf-8
last-modified
Fri, 20 Sep 2024 19:58:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css2
fonts.googleapis.com/ 		40 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&family=Roboto+Mono:ital,wght@0,100;0,200;0,300;0,400;1,100;1,200;1,300;1,400&display=swap
Requested by
Host: 2362c06806-is.devel.blueflagsecurity.com
URL: https://2362c06806-is.devel.blueflagsecurity.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f202.1e100.net
Software
ESF /
Resource Hash
9fbe2ddfe9258a97597fdff88d2278f3fb5d5a320e029f4f62206924382787f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://2362c06806-is.devel.blueflagsecurity.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 20 Sep 2024 19:58:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 19:58:13 GMT
content-type
text/css; charset=utf-8
last-modified
Fri, 20 Sep 2024 19:58:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
main.695301af.js
2362c06806-is.devel.blueflagsecurity.com/static/js/ 		5 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://2362c06806-is.devel.blueflagsecurity.com/static/js/main.695301af.js
Requested by
Host: 2362c06806-is.devel.blueflagsecurity.com
URL: https://2362c06806-is.devel.blueflagsecurity.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.165.206.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-165-206-29.vie50.r.cloudfront.net
Software
CloudFront /
Resource Hash
779c958224aeb095e53643ea55ea71b96cd198f1f8538d0e4c5865f85f845071
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-TsjSCX4yUK50HmnZXTe4FVW3iPTz1cIqzuXQu1ozcFU=' https://cdn.jsdelivr.net; style-src 'sha256-qN0d6FT3pRyau7L14JEHQMn8Ti4djslDh02iZNwfxjM=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-vCpS8VyHtSqXbN/JkDhke+jauUq+p7lBAVCL+C75wZo=' 'sha256-zgSxRnZhYL95SrlCCT5dv1FrNDaGYumofAC9vu36i5E=' 'sha256-1bzGMkEeI+/kFRn7HejIz9jDRdwW65cDGWZqgX3CTcQ=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-lGP/R5jOMXytzwBHVEM5Nv4XbT9fuH6V2dET/0dje2s=' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' https://cdn.identityscience.ai https://fastapi.tiangolo.com data:; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' github.com; connect-src 'self' cdn.identityscience.ai localhost:3000 *.devel.identityscience.ai *.devel.blueflagsecurity.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://2362c06806-is.devel.blueflagsecurity.com/

Response headers

content-encoding
br
x-amz-version-id
V3FXdKByUR5dA_hndCKfWjZLMohRp16A
etag
W/"f848e6180854dd83356758b9a26377fa"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
h9QGwVqiSaKVy-VT4W3E8D4AU6UlBU77q5T9-LyYkwe217Z1AcEkxQ==
date
Fri, 20 Sep 2024 19:58:14 GMT
content-type
text/javascript
vary
Accept-Encoding, Origin
last-modified
Fri, 20 Sep 2024 19:51:57 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; script-src 'self' 'sha256-TsjSCX4yUK50HmnZXTe4FVW3iPTz1cIqzuXQu1ozcFU=' https://cdn.jsdelivr.net; style-src 'sha256-qN0d6FT3pRyau7L14JEHQMn8Ti4djslDh02iZNwfxjM=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-vCpS8VyHtSqXbN/JkDhke+jauUq+p7lBAVCL+C75wZo=' 'sha256-zgSxRnZhYL95SrlCCT5dv1FrNDaGYumofAC9vu36i5E=' 'sha256-1bzGMkEeI+/kFRn7HejIz9jDRdwW65cDGWZqgX3CTcQ=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-lGP/R5jOMXytzwBHVEM5Nv4XbT9fuH6V2dET/0dje2s=' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' https://cdn.identityscience.ai https://fastapi.tiangolo.com data:; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' github.com; connect-src 'self' cdn.identityscience.ai localhost:3000 *.devel.identityscience.ai *.devel.blueflagsecurity.com;
cache-control
no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
via
1.1 6941fd25181b0a23e67d60483416069a.cloudfront.net (CloudFront)
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self, "https://*.devel.identityscience.ai", "https://*.devel.blueflagsecurity.com"), clipboard-write=(self, "https://*.devel.identityscience.ai", "https://*.devel.blueflagsecurity.com"), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-amz-cf-pop
VIE50-P3
server
CloudFront
x-amz-server-side-encryption
AES256
main.df16f38a.css
2362c06806-is.devel.blueflagsecurity.com/static/css/ 		44 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://2362c06806-is.devel.blueflagsecurity.com/static/css/main.df16f38a.css
Requested by
Host: 2362c06806-is.devel.blueflagsecurity.com
URL: https://2362c06806-is.devel.blueflagsecurity.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.165.206.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-165-206-29.vie50.r.cloudfront.net
Software
CloudFront /
Resource Hash
c63ab584cf736178121b37af1352e19763588c5955cc2511bc90ebe7a20b2864
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-TsjSCX4yUK50HmnZXTe4FVW3iPTz1cIqzuXQu1ozcFU=' https://cdn.jsdelivr.net; style-src 'sha256-qN0d6FT3pRyau7L14JEHQMn8Ti4djslDh02iZNwfxjM=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-vCpS8VyHtSqXbN/JkDhke+jauUq+p7lBAVCL+C75wZo=' 'sha256-zgSxRnZhYL95SrlCCT5dv1FrNDaGYumofAC9vu36i5E=' 'sha256-1bzGMkEeI+/kFRn7HejIz9jDRdwW65cDGWZqgX3CTcQ=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-lGP/R5jOMXytzwBHVEM5Nv4XbT9fuH6V2dET/0dje2s=' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' https://cdn.identityscience.ai https://fastapi.tiangolo.com data:; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' github.com; connect-src 'self' cdn.identityscience.ai localhost:3000 *.devel.identityscience.ai *.devel.blueflagsecurity.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://2362c06806-is.devel.blueflagsecurity.com/

Response headers

content-encoding
br
x-amz-version-id
kyzbAoBchNkuUNDSYwCB.zEDRvoSdCMC
etag
W/"2c48134016e532f424b280f8f1bc88a4"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
0Cn_eKdj8W1X8NT9eGevkPo6KFD9Hh1_npHbWC6m9VCZSPS8CK2wQQ==
date
Fri, 20 Sep 2024 19:58:14 GMT
content-type
text/css
vary
Accept-Encoding, Origin
last-modified
Fri, 20 Sep 2024 19:51:56 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; script-src 'self' 'sha256-TsjSCX4yUK50HmnZXTe4FVW3iPTz1cIqzuXQu1ozcFU=' https://cdn.jsdelivr.net; style-src 'sha256-qN0d6FT3pRyau7L14JEHQMn8Ti4djslDh02iZNwfxjM=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-vCpS8VyHtSqXbN/JkDhke+jauUq+p7lBAVCL+C75wZo=' 'sha256-zgSxRnZhYL95SrlCCT5dv1FrNDaGYumofAC9vu36i5E=' 'sha256-1bzGMkEeI+/kFRn7HejIz9jDRdwW65cDGWZqgX3CTcQ=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-lGP/R5jOMXytzwBHVEM5Nv4XbT9fuH6V2dET/0dje2s=' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' https://cdn.identityscience.ai https://fastapi.tiangolo.com data:; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' github.com; connect-src 'self' cdn.identityscience.ai localhost:3000 *.devel.identityscience.ai *.devel.blueflagsecurity.com;
cache-control
no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
via
1.1 6941fd25181b0a23e67d60483416069a.cloudfront.net (CloudFront)
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self, "https://*.devel.identityscience.ai", "https://*.devel.blueflagsecurity.com"), clipboard-write=(self, "https://*.devel.identityscience.ai", "https://*.devel.blueflagsecurity.com"), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
x-amz-cf-pop
VIE50-P3
server
CloudFront
x-amz-server-side-encryption
AES256
truncated
/ 		38 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/webp
Primary Request auth
auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/protocol/openid-connect/ 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/protocol/openid-connect/auth?client_id=2362c068061fe82090ca8a533da0eecf-id&redirect_uri=https%3A%2F%2F2362c06806-is.devel.blueflagsecurity.com%2F&state=41ee7c41-ad51-4648-84ec-c1e2c3a0686b&response_mode=fragment&response_type=code&scope=openid&nonce=a472e7e8-6f49-420a-b515-fdee889e922a&code_challenge=jaWWd3RkGAFWFjIZE1dqIBUvXy4lhTo-Nd69QAVPSLg&code_challenge_method=S256
Requested by
Host: 2362c06806-is.devel.blueflagsecurity.com
URL: https://2362c06806-is.devel.blueflagsecurity.com/static/js/main.695301af.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-2.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
43c6010945177d88a7a45afed1b8dfa06b06e2d6fd0bb8323e3e1874fa70b276
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' https://cdn.identityscience.ai https://cdn.blueflagsecurity.com; script-src 'self' 'unsafe-inline' https://www.google.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2362c06806-is.devel.blueflagsecurity.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, must-revalidate, max-age=0
content-encoding
gzip
content-language
en
content-security-policy
default-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' https://cdn.identityscience.ai https://cdn.blueflagsecurity.com; script-src 'self' 'unsafe-inline' https://www.google.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;
content-type
text/html;charset=utf-8
date
Fri, 20 Sep 2024 19:58:15 GMT
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
pragma
no-cache
referrer-policy
no-referrer
server
CloudFront
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Origin
via
1.1 77aa8087323921dee0b130bc0589bda8.cloudfront.net (CloudFront)
x-amz-cf-id
SyEpPHb24B1g6bJbJZeNrVu5Hi2aZ5mrBW8D4aBVN9DCIGfbPytLKA==
x-amz-cf-pop
MUC50-P1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
none
x-xss-protection
1; mode=block
css2
fonts.googleapis.com/ 		40 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&family=Roboto+Mono:ital,wght@0,100;0,200;0,300;0,400;1,100;1,200;1,300;1,400&display=swap
Requested by
Host: auth.devel.blueflagsecurity.com
URL: https://auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/protocol/openid-connect/auth?client_id=2362c068061fe82090ca8a533da0eecf-id&redirect_uri=https%3A%2F%2F2362c06806-is.devel.blueflagsecurity.com%2F&state=41ee7c41-ad51-4648-84ec-c1e2c3a0686b&response_mode=fragment&response_type=code&scope=openid&nonce=a472e7e8-6f49-420a-b515-fdee889e922a&code_challenge=jaWWd3RkGAFWFjIZE1dqIBUvXy4lhTo-Nd69QAVPSLg&code_challenge_method=S256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f202.1e100.net
Software
ESF /
Resource Hash
9fbe2ddfe9258a97597fdff88d2278f3fb5d5a320e029f4f62206924382787f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 20 Sep 2024 19:58:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 19:58:13 GMT
content-type
text/css; charset=utf-8
last-modified
Fri, 20 Sep 2024 19:58:13 GMT
x-frame-options
SAMEORIGIN
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
style.css
auth.devel.blueflagsecurity.com/resources/zjyg9/login/idscience/css/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.devel.blueflagsecurity.com/resources/zjyg9/login/idscience/css/style.css
Requested by
Host: auth.devel.blueflagsecurity.com
URL: https://auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/protocol/openid-connect/auth?client_id=2362c068061fe82090ca8a533da0eecf-id&redirect_uri=https%3A%2F%2F2362c06806-is.devel.blueflagsecurity.com%2F&state=41ee7c41-ad51-4648-84ec-c1e2c3a0686b&response_mode=fragment&response_type=code&scope=openid&nonce=a472e7e8-6f49-420a-b515-fdee889e922a&code_challenge=jaWWd3RkGAFWFjIZE1dqIBUvXy4lhTo-Nd69QAVPSLg&code_challenge_method=S256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-2.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
e97503801fa4d08db7c0b9dba243b4cb142e835300fde487f5eb0772d96f6dd1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' https://cdn.identityscience.ai; script-src 'self' 'unsafe-inline' https://www.google.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
bHVGkl8BcGkegBNmf4Ejoyjtv80q9rtimhwxuLWqnWHeZzA8Tke1dQ==
date
Fri, 20 Sep 2024 19:58:16 GMT
content-type
text/css
vary
Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' https://cdn.identityscience.ai; script-src 'self' 'unsafe-inline' https://www.google.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;
cache-control
no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
referrer-policy
no-referrer
via
1.1 77aa8087323921dee0b130bc0589bda8.cloudfront.net (CloudFront)
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
1034
x-xss-protection
1; mode=block
x-amz-cf-pop
MUC50-P1
server
CloudFront
passwordVisibility.js
auth.devel.blueflagsecurity.com/resources/zjyg9/login/idscience/js/ 		714 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.devel.blueflagsecurity.com/resources/zjyg9/login/idscience/js/passwordVisibility.js
Requested by
Host: auth.devel.blueflagsecurity.com
URL: https://auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/protocol/openid-connect/auth?client_id=2362c068061fe82090ca8a533da0eecf-id&redirect_uri=https%3A%2F%2F2362c06806-is.devel.blueflagsecurity.com%2F&state=41ee7c41-ad51-4648-84ec-c1e2c3a0686b&response_mode=fragment&response_type=code&scope=openid&nonce=a472e7e8-6f49-420a-b515-fdee889e922a&code_challenge=jaWWd3RkGAFWFjIZE1dqIBUvXy4lhTo-Nd69QAVPSLg&code_challenge_method=S256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-2.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
10452e0774b024679c33339a65e6983826a41cf08395164f33b7179c9171702b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' https://cdn.identityscience.ai; script-src 'self' 'unsafe-inline' https://www.google.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://auth.devel.blueflagsecurity.com
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
jTCjejWb0Ifpm9lTCssSxW5oEfEQyAiCh4o8Lbx0zUyXozebBPfCKQ==
date
Fri, 20 Sep 2024 19:58:16 GMT
content-type
text/javascript
vary
Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' https://cdn.identityscience.ai; script-src 'self' 'unsafe-inline' https://www.google.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;
cache-control
no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
access-control-allow-credentials
true
referrer-policy
no-referrer
via
1.1 77aa8087323921dee0b130bc0589bda8.cloudfront.net (CloudFront)
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
access-control-allow-origin
https://auth.devel.blueflagsecurity.com
content-length
312
x-xss-protection
1; mode=block
x-amz-cf-pop
MUC50-P1
server
CloudFront
logo.png
auth.devel.blueflagsecurity.com/resources/zjyg9/login/idscience/ 		658 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.devel.blueflagsecurity.com/resources/zjyg9/login/idscience/logo.png
Requested by
Host: auth.devel.blueflagsecurity.com
URL: https://auth.devel.blueflagsecurity.com/resources/zjyg9/login/idscience/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-2.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
c294f870348135802279bf995e6db948181542f268c8e372eb3be458c878a7bc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' https://cdn.identityscience.ai; script-src 'self' 'unsafe-inline' https://www.google.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
Ng7qhCIJgkdc3CHnWEc4ZlhcnOdXLT03zwzvZvoYPIj0P2TfGKfVOQ==
date
Fri, 20 Sep 2024 19:58:16 GMT
content-type
image/png
vary
Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' https://cdn.identityscience.ai; script-src 'self' 'unsafe-inline' https://www.google.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;
cache-control
no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
referrer-policy
no-referrer
via
1.1 77aa8087323921dee0b130bc0589bda8.cloudfront.net (CloudFront)
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()
content-length
658
x-xss-protection
1; mode=block
x-amz-cf-pop
MUC50-P1
server
CloudFront
BFS_LogoBlack.png
cdn.identityscience.ai/images/ 		45 KB
45 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.identityscience.ai/images/BFS_LogoBlack.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.69.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-69-107.ams58.r.cloudfront.net
Software
CloudFront /
Resource Hash
ac8d8bf5f4271acbe49fb43a62624ce1894e026039ba42489cac49a35bdd96f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

x-amz-version-id
YxNEAR2prMDBF6GsOgO615ek1AMpz6UO
etag
"48adb211a7bc184b5e3f6b35499ea47f"
age
50129
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
P88dIwRVJFuhfxOSRob5OaibI4evaA6PO7swEYZ1VaAEU2p6mPR3kw==
date
Fri, 20 Sep 2024 06:02:49 GMT
content-type
image/png
vary
Accept-Encoding, Origin
last-modified
Thu, 07 Mar 2024 23:30:18 GMT
strict-transport-security
max-age=31536000
via
1.1 36f7726d79b9a22a1e91ae6451962028.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
45832
x-amz-cf-pop
AMS58-P4
server
CloudFront
x-amz-server-side-encryption
AES256
BFS_LogoBlack.png
cdn.identityscience.ai/images/ 		45 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.identityscience.ai/images/BFS_LogoBlack.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.69.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-69-107.ams58.r.cloudfront.net
Software
CloudFront /
Resource Hash
ac8d8bf5f4271acbe49fb43a62624ce1894e026039ba42489cac49a35bdd96f7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

x-amz-version-id
YxNEAR2prMDBF6GsOgO615ek1AMpz6UO
etag
"48adb211a7bc184b5e3f6b35499ea47f"
age
50129
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
P88dIwRVJFuhfxOSRob5OaibI4evaA6PO7swEYZ1VaAEU2p6mPR3kw==
date
Fri, 20 Sep 2024 06:02:49 GMT
content-type
image/png
vary
Accept-Encoding, Origin
last-modified
Thu, 07 Mar 2024 23:30:18 GMT
via
1.1 36f7726d79b9a22a1e91ae6451962028.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
45832
x-amz-cf-pop
AMS58-P4
server
CloudFront
x-amz-server-side-encryption
AES256

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Domain/Path Name / Value
auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/ Name: AUTH_SESSION_ID
Value: 75a01490-9194-48cb-baec-4809dec681ad.ip-172-29-88-84-27516
auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/ Name: AUTH_SESSION_ID_LEGACY
Value: 75a01490-9194-48cb-baec-4809dec681ad.ip-172-29-88-84-27516
auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmYjcxODRkZC0zMDhlLTQwMjYtYmZlOS1kZDJkMDAyY2ZlOGUifQ.eyJjaWQiOiIyMzYyYzA2ODA2MWZlODIwOTBjYThhNTMzZGEwZWVjZi1pZCIsInB0eSI6Im9wZW5pZC1jb25uZWN0IiwicnVyaSI6Imh0dHBzOi8vMjM2MmMwNjgwNi1pcy5kZXZlbC5ibHVlZmxhZ3NlY3VyaXR5LmNvbS8iLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHBzOi8vYXV0aC5kZXZlbC5ibHVlZmxhZ3NlY3VyaXR5LmNvbS9yZWFsbXMvMjM2MmMwNjgwNjFmZTgyMDkwY2E4YTUzM2RhMGVlY2YiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJyZWRpcmVjdF91cmkiOiJodHRwczovLzIzNjJjMDY4MDYtaXMuZGV2ZWwuYmx1ZWZsYWdzZWN1cml0eS5jb20vIiwic3RhdGUiOiI0MWVlN2M0MS1hZDUxLTQ2NDgtODRlYy1jMWUyYzNhMDY4NmIiLCJub25jZSI6ImE0NzJlN2U4LTZmNDktNDIwYS1iNTE1LWZkZWU4ODllOTIyYSIsImNvZGVfY2hhbGxlbmdlIjoiamFXV2QzUmtHQUZXRmpJWkUxZHFJQlV2WHk0bGhUby1OZDY5UUFWUFNMZyIsInJlc3BvbnNlX21vZGUiOiJmcmFnbWVudCJ9fQ.627FWeJJYjXX-_TTVTdkkenLq7lFMY57B6vmbkhop7c

17 Console Messages

Source Level URL
Text
security error
Message:
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'speaker-selection'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'conversion-measurement'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'focus-without-user-activation'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'sync-script'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'trust-token-redemption'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'window-placement'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'vertical-scroll'.
security error URL: https://auth.devel.blueflagsecurity.com/realms/2362c068061fe82090ca8a533da0eecf/protocol/openid-connect/auth?client_id=2362c068061fe82090ca8a533da0eecf-id&redirect_uri=https%3A%2F%2F2362c06806-is.devel.blueflagsecurity.com%2F&state=41ee7c41-ad51-4648-84ec-c1e2c3a0686b&response_mode=fragment&response_type=code&scope=openid&nonce=a472e7e8-6f49-420a-b515-fdee889e922a&code_challenge=jaWWd3RkGAFWFjIZE1dqIBUvXy4lhTo-Nd69QAVPSLg&code_challenge_method=S256(Line 5)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://fonts.googleapis.com". Either the 'unsafe-inline' keyword, a hash ('sha256-8StCreKOXyVw7LMCrXhhbQflD/ArdjzjAyqG0BJkwSE='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-TsjSCX4yUK50HmnZXTe4FVW3iPTz1cIqzuXQu1ozcFU=' https://cdn.jsdelivr.net; style-src 'sha256-qN0d6FT3pRyau7L14JEHQMn8Ti4djslDh02iZNwfxjM=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-vCpS8VyHtSqXbN/JkDhke+jauUq+p7lBAVCL+C75wZo=' 'sha256-zgSxRnZhYL95SrlCCT5dv1FrNDaGYumofAC9vu36i5E=' 'sha256-1bzGMkEeI+/kFRn7HejIz9jDRdwW65cDGWZqgX3CTcQ=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-wkY2X5hecQzbhnFCqvTpwrUJ1f4X8LH5WFjYUzv1wmU=' 'sha256-lGP/R5jOMXytzwBHVEM5Nv4XbT9fuH6V2dET/0dje2s=' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' https://cdn.identityscience.ai https://fastapi.tiangolo.com data:; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' github.com; connect-src 'self' cdn.identityscience.ai localhost:3000 *.devel.identityscience.ai *.devel.blueflagsecurity.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY