my.origin.net Open in urlscan Pro
207.200.31.55  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	403 Forbidden	Primary Request / Show response my.origin.net/	9 KB 3 KB	529ms 257ms	Document text/html	207.200.31.55 LIGHTEDGE-AS-02
General Check archive.org Show headers Download Go to Full URL https://my.origin.net/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 207.200.31.55 , United States, ASN11320 (LIGHTEDGE-AS-02, US), Reverse DNS host55.acciodata.com Software Apache / Resource Hash 32fbd54b840e7effc50dbc714ed935d0d708a652ee00cef7df97c62f9dac3e16 Security Headers Name Value Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Strict-Transport-Security max-age=63072000; includeSubdomains; preload X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store Connection Keep-Alive Content-Encoding gzip Content-Length 2760 Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Content-Type text/html Date Tue, 07 Jun 2022 13:22:35 GMT Keep-Alive timeout=5, max=100 Referrer-Policy no-referrer-when-downgrade Server Apache Strict-Transport-Security max-age=63072000; includeSubdomains; preload Vary Accept-Encoding x-xss-protection 1; mode=block
GET H2	200	css fonts.googleapis.com/	12 KB 1 KB	135ms 48ms	Stylesheet text/css	2a00:1450:4001:830::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i Requested by Host: my.origin.net URL: https://my.origin.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 3566d0b06ad8fdbeaa1f7438ed51e0e6d2b864b5bbcc7f3bd26b3fe259b6f3af Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://my.origin.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 07 Jun 2022 12:05:44 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 07 Jun 2022 13:22:35 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 07 Jun 2022 13:22:35 GMT
GET H/1.1	200 OK	corvette.css my.origin.net/css/	7 KB 2 KB	127ms 126ms	Stylesheet text/css	207.200.31.55 LIGHTEDGE-AS-02
General Check archive.org Show headers Download Go to Full URL https://my.origin.net/css/corvette.css Requested by Host: my.origin.net URL: https://my.origin.net/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 207.200.31.55 , United States, ASN11320 (LIGHTEDGE-AS-02, US), Reverse DNS host55.acciodata.com Software Apache / Resource Hash 4df48c04f5926fbb85b362d41cffb23bbab51cc85e71b13c4a8d8cff727686fb Security Headers Name Value Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Strict-Transport-Security max-age=63072000; includeSubdomains; preload X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.origin.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Tue, 07 Jun 2022 13:22:35 GMT Content-Encoding gzip Referrer-Policy no-referrer-when-downgrade Server Apache Vary Accept-Encoding Strict-Transport-Security max-age=63072000; includeSubdomains; preload Content-Type text/css Cache-Control public Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1907 x-xss-protection 1; mode=block Expires Wed, 08 Jun 2022 01:22:35 GMT
GET H/1.1	200 OK	ad1.png my.origin.net/pics/	14 KB 14 KB	375ms 126ms	Image image/png	207.200.31.55 LIGHTEDGE-AS-02
General Check archive.org Show headers Download Go to Show image Full URL https://my.origin.net/pics/ad1.png?u=systemoperation&ts=1533411163 Requested by Host: my.origin.net URL: https://my.origin.net/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 207.200.31.55 , United States, ASN11320 (LIGHTEDGE-AS-02, US), Reverse DNS host55.acciodata.com Software Apache / Resource Hash 20a37d8c97a694420bf3f978833e7d543aa5acad747a6ab6afd76211f41c9d6d Security Headers Name Value Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Strict-Transport-Security max-age=63072000; includeSubdomains; preload X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.origin.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Tue, 07 Jun 2022 13:22:36 GMT Referrer-Policy no-referrer-when-downgrade Last-Modified Sat, 04 Aug 2018 19:32:43 GMT Server Apache ETag "36d7-572a11bb91c65" Strict-Transport-Security max-age=63072000; includeSubdomains; preload Content-Type image/png Cache-Control public Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 14039 x-xss-protection 1; mode=block Expires Wed, 08 Jun 2022 01:22:36 GMT
GET H/1.1	200 OK	login_logo.png my.origin.net/pics/	14 KB 14 KB	380ms 126ms	Image image/png	207.200.31.55 LIGHTEDGE-AS-02
General Check archive.org Show headers Download Go to Show image Full URL https://my.origin.net/pics/login_logo.png?u=systemoperation&ts=1581045537 Requested by Host: my.origin.net URL: https://my.origin.net/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 207.200.31.55 , United States, ASN11320 (LIGHTEDGE-AS-02, US), Reverse DNS host55.acciodata.com Software Apache / Resource Hash 20a37d8c97a694420bf3f978833e7d543aa5acad747a6ab6afd76211f41c9d6d Security Headers Name Value Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Strict-Transport-Security max-age=63072000; includeSubdomains; preload X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.origin.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Tue, 07 Jun 2022 13:22:36 GMT Referrer-Policy no-referrer-when-downgrade Last-Modified Fri, 07 Feb 2020 03:18:57 GMT Server Apache ETag "36d7-59df3d99e26af" Strict-Transport-Security max-age=63072000; includeSubdomains; preload Content-Type image/png Cache-Control public Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 14039 x-xss-protection 1; mode=block Expires Wed, 08 Jun 2022 01:22:36 GMT
GET H/1.1	200 OK	jquery_all_yuicompressed.jsn Show response my.origin.net/pubjs/	337 KB 337 KB	126ms 125ms	Script text/plain	207.200.31.55 LIGHTEDGE-AS-02
General Check archive.org Show headers Download Go to Full URL https://my.origin.net/pubjs/jquery_all_yuicompressed.jsn?u=systemoperation&ts=1653433644 Requested by Host: my.origin.net URL: https://my.origin.net/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 207.200.31.55 , United States, ASN11320 (LIGHTEDGE-AS-02, US), Reverse DNS host55.acciodata.com Software Apache / Resource Hash 8ec4acf036a4c4502d9be6c15558ca48360d695eee6add202a1bc605d46980d5 Security Headers Name Value Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Strict-Transport-Security max-age=63072000; includeSubdomains; preload X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.origin.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Tue, 07 Jun 2022 13:22:35 GMT Referrer-Policy no-referrer-when-downgrade Last-Modified Tue, 24 May 2022 23:07:24 GMT Server Apache ETag "542d3-5dfca0502a300" Strict-Transport-Security max-age=63072000; includeSubdomains; preload Cache-Control public Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 344787 x-xss-protection 1; mode=block Expires Wed, 08 Jun 2022 01:22:35 GMT
GET H/1.1	200 OK	login.js Show response my.origin.net/js/	31 KB 8 KB	375ms 125ms	Script application/javascript	207.200.31.55 LIGHTEDGE-AS-02
General Check archive.org Show headers Download Go to Full URL https://my.origin.net/js/login.js?u=systemoperation&ts=1653433643 Requested by Host: my.origin.net URL: https://my.origin.net/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 207.200.31.55 , United States, ASN11320 (LIGHTEDGE-AS-02, US), Reverse DNS host55.acciodata.com Software Apache / Resource Hash be53bdc1518b3f932271741bd97c82b0843c8e1f5de42cb8fa1b23d98c3ca12e Security Headers Name Value Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Strict-Transport-Security max-age=63072000; includeSubdomains; preload X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://my.origin.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Tue, 07 Jun 2022 13:22:36 GMT Content-Encoding gzip Referrer-Policy no-referrer-when-downgrade Server Apache Vary Accept-Encoding Strict-Transport-Security max-age=63072000; includeSubdomains; preload Content-Type application/javascript Cache-Control public Content-Security-Policy script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https: Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7619 x-xss-protection 1; mode=block Expires Wed, 08 Jun 2022 01:22:36 GMT

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation string| show_account_field_on_login_page boolean| signon_remember_me boolean| account_field_may_not_be_empty string| third_party_migration_url string| third_party_migration_method string| third_party_migration_form_extra boolean| colorscheme_builtin string| colorscheme function| $ function| jQuery string| google_id_token boolean| authorization_code_needed string| two_factor_phone string| two_factor_email string| two_factor_nonce function| async_login_begin function| async_login_post function| async_login_fail function| show_two_factor_form function| deal_with_errors function| followRedirectIfNecessary function| async_login_success function| two_factor_submit function| two_factor_success function| two_factor_fail function| accioGoogleSignin function| show_login_ajax_errors function| show_login_errors function| login_close_error function| enable_login_form function| disable_login_form function| login_form_is_valid function| login_form_keyup_handler function| login_form_blur_handler function| visit_and_validate function| validate_field function| mark_target_valid function| mark_target_invalid function| login_form_submit_handler function| remember_me_handler function| setup_login_form_event_handlers function| save_signon_account function| destroy_signon_account function| get_signon_account function| save_signon_userid function| destroy_signon_userid function| get_signon_userid function| save_remember_me function| destroy_remember_me function| get_remember_me function| save_local_storage function| destroy_local_storage function| get_local_storage function| setup_focus function| initialize_login_form object| storage

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://my.origin.net/ Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
my.origin.net
207.200.31.55
2a00:1450:4001:830::200a
20a37d8c97a694420bf3f978833e7d543aa5acad747a6ab6afd76211f41c9d6d
32fbd54b840e7effc50dbc714ed935d0d708a652ee00cef7df97c62f9dac3e16
3566d0b06ad8fdbeaa1f7438ed51e0e6d2b864b5bbcc7f3bd26b3fe259b6f3af
4df48c04f5926fbb85b362d41cffb23bbab51cc85e71b13c4a8d8cff727686fb
8ec4acf036a4c4502d9be6c15558ca48360d695eee6add202a1bc605d46980d5
be53bdc1518b3f932271741bd97c82b0843c8e1f5de42cb8fa1b23d98c3ca12e