urlscan.io logo urlscan.io
SecurityTrails logo

admin.myoneid.dev Open in urlscan Pro
34.117.165.41  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://admin.myoneid.dev/
Effective URL: https://admin.myoneid.dev/auth
Submission Tags: @phish_report
Submission: On December 22 via api from FI — Scanned from NZ
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 15 HTTP transactions. The main IP is 34.117.165.41, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is admin.myoneid.dev.
TLS certificate: Issued by GTS CA 1D4 on October 25th 2023. Valid for: 3 months.
This is the only time admin.myoneid.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 34.117.165.41 396982 (GOOGLE-CL...)
1 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
2 2404:6800:400... 15169 (GOOGLE)
2 2620:0:890::100 54113 (FASTLY)
15 6
8    34.117.165.41 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 41.165.117.34.bc.googleusercontent.com
admin.myoneid.dev
1    2404:6800:4006:811::200a (Sydney, Australia)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2404:6800:4006:809::2003 (Sydney, Australia)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2404:6800:4006:814::200e (Sydney, Australia)

ASN15169 (GOOGLE, US)
apis.google.com
2    2620:0:890::100 (United States)

ASN54113 (FASTLY, US)
din-oneid-development.firebaseapp.com
Apex Domain
Subdomains		 Transfer
8 myoneid.dev
admin.myoneid.dev
147 KB
2 firebaseapp.com
din-oneid-development.firebaseapp.com
92 KB
2 google.com
apis.google.com — Cisco Umbrella Rank: 116
43 KB
1 gstatic.com
fonts.gstatic.com
37 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
www.googleapis.com Failed
797 B
15 5
Domain Requested by
8 admin.myoneid.dev 1 redirects admin.myoneid.dev
2 din-oneid-development.firebaseapp.com apis.google.com
din-oneid-development.firebaseapp.com
2 apis.google.com admin.myoneid.dev
apis.google.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com admin.myoneid.dev
0 www.googleapis.com Failed din-oneid-development.firebaseapp.com
15 6

This site contains no links.

Subject Issuer Validity Valid
admin.myoneid.dev
GTS CA 1D4		 2023-10-25 -
2024-01-23		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.apis.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
firebaseapp.com
GTS CA 1D4		 2023-11-13 -
2024-02-11		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://admin.myoneid.dev/auth
Frame ID: 14D8ABD50BFBD9F9129CBAF6AFA0C674
Requests: 11 HTTP requests in this frame

Frame: https://din-oneid-development.firebaseapp.com/__/auth/iframe?apiKey=AIzaSyB25w3ac808oQxV9v-8DdxUpFYhKj5S_ls&appName=%5BDEFAULT%5D&v=9.9.4&eid=p&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__
Frame ID: 9501A2183D02FCAF2EB4A3EE5EAF1FE8
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

OneIDĀ® Management Console [Development]

Page URL History Show full URLs

  1. http://admin.myoneid.dev/ HTTP 307
    https://admin.myoneid.dev/ HTTP 302
    https://admin.myoneid.dev/auth Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <meta[^>]*google-signin-client_id
  • <meta[^>]*google-signin-scope
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js

Page Statistics

15
Requests

87 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

6
IPs

2
Countries

319 kB
Transfer

596 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://admin.myoneid.dev/ HTTP 307
    https://admin.myoneid.dev/ HTTP 302
    https://admin.myoneid.dev/auth Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request auth
admin.myoneid.dev/
Redirect Chain
  • http://admin.myoneid.dev/
  • https://admin.myoneid.dev/
  • https://admin.myoneid.dev/auth
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://admin.myoneid.dev/auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.165.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
41.165.117.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
05831ebc3549c9bef0506ae12e2044aca840beff10fe1cc719ccfec2c3b84e0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1
accept-language
en-NZ,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/html; charset=utf-8
date
Fri, 22 Dec 2023 04:24:34 GMT
referrer-policy
origin
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 google
x-envoy-upstream-service-time
2
x-frame-options
DENY
x-robots-tag
noindex

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28
content-type
text/html; charset=utf-8
date
Fri, 22 Dec 2023 04:24:34 GMT
location
/auth
referrer-policy
origin
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 google
x-envoy-upstream-service-time
7
x-frame-options
DENY
x-robots-tag
noindex
css2
fonts.googleapis.com/ 		3 KB
797 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=DM+Sans:ital,wght@0,400;0,500;0,700;1,400&display=swap
Requested by
Host: admin.myoneid.dev
URL: https://admin.myoneid.dev/auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:811::200a Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b0298e9ba5bd6a96d362b06bfd9361cd4eae42c5bdc71dcbef8b15b89d389331
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://admin.myoneid.dev/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000
date
Fri, 22 Dec 2023 04:24:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
expires
Fri, 22 Dec 2023 04:24:35 GMT
managementconsole.css
admin.myoneid.dev/css/ 		32 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://admin.myoneid.dev/css/managementconsole.css
Requested by
Host: admin.myoneid.dev
URL: https://admin.myoneid.dev/auth
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.165.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
41.165.117.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
9b57ffda71ceb6c6722e8fe961ecde53f6593a4ff108eef27c1724f7fc1e42e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://admin.myoneid.dev/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 22 Dec 2023 04:24:35 GMT
referrer-policy
origin
via
1.1 google
server
envoy
x-frame-options
DENY
content-type
text/css; charset=utf-8
x-envoy-upstream-service-time
8
accept-ranges
bytes
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32329
auth.js
admin.myoneid.dev/js/ 		100 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://admin.myoneid.dev/js/auth.js
Requested by
Host: admin.myoneid.dev
URL: https://admin.myoneid.dev/auth
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.165.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
41.165.117.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
1c57511f37aea7d38634d41a0fd0a18d59b1d202b2038d4a8709e1572744ff4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://admin.myoneid.dev/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 22 Dec 2023 04:24:35 GMT
referrer-policy
origin
via
1.1 google
server
envoy
x-frame-options
DENY
content-type
text/javascript; charset=utf-8
x-envoy-upstream-service-time
7
accept-ranges
bytes
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
102811
icon-solid.svg
admin.myoneid.dev/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://admin.myoneid.dev/images/icon-solid.svg
Requested by
Host: admin.myoneid.dev
URL: https://admin.myoneid.dev/auth
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.165.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
41.165.117.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
fa33fc70bdef162d66277f28b9e8f29d5b34ec307e867c3c7ec9dc2616a74a67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://admin.myoneid.dev/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 22 Dec 2023 04:24:35 GMT
referrer-policy
origin
via
1.1 google
server
envoy
x-frame-options
DENY
content-type
image/svg+xml
x-envoy-upstream-service-time
8
accept-ranges
bytes
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5975
din-logo.png
admin.myoneid.dev/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://admin.myoneid.dev/images/din-logo.png
Requested by
Host: admin.myoneid.dev
URL: https://admin.myoneid.dev/auth
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.165.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
41.165.117.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
a44805f78e29acece1c08244f989afefceb85f831d944d7c637bc92771e89786
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://admin.myoneid.dev/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 22 Dec 2023 04:24:35 GMT
referrer-policy
origin
via
1.1 google
server
envoy
x-frame-options
DENY
content-type
image/png
x-envoy-upstream-service-time
8
accept-ranges
bytes
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5660
google-logo.svg
admin.myoneid.dev/images/ 		836 B
856 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://admin.myoneid.dev/images/google-logo.svg
Requested by
Host: admin.myoneid.dev
URL: https://admin.myoneid.dev/css/managementconsole.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.165.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
41.165.117.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
07f81ee177e5775e2022fe6541a80da64032e2751fad495bdeb23298029254a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://admin.myoneid.dev/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 22 Dec 2023 04:24:36 GMT
referrer-policy
origin
via
1.1 google
server
envoy
x-frame-options
DENY
content-type
image/svg+xml
x-envoy-upstream-service-time
2
accept-ranges
bytes
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
836
microsoft-logo.svg
admin.myoneid.dev/images/ 		343 B
363 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://admin.myoneid.dev/images/microsoft-logo.svg
Requested by
Host: admin.myoneid.dev
URL: https://admin.myoneid.dev/css/managementconsole.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.165.41 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
41.165.117.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
929f48f88c8ca7f3f5d294be47ec4caf51acc28ac25340c19a903125d7ecd84a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options DENY

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://admin.myoneid.dev/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 22 Dec 2023 04:24:36 GMT
referrer-policy
origin
via
1.1 google
server
envoy
x-frame-options
DENY
content-type
image/svg+xml
x-envoy-upstream-service-time
3
accept-ranges
bytes
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
343
rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z9mXg.woff2
fonts.gstatic.com/s/dmsans/v14/ 		36 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/dmsans/v14/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z9mXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:ital,wght@0,400;0,500;0,700;1,400&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:809::2003 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfbbd0037dbc07a549504172d6c1e6f0f95cb2b57da8b934028b218b35af95b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://admin.myoneid.dev
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

date
Fri, 22 Dec 2023 03:59:48 GMT
x-content-type-options
nosniff
age
1488
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36860
x-xss-protection
0
last-modified
Wed, 12 Jul 2023 22:07:37 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 21 Dec 2024 03:59:48 GMT
api.js
apis.google.com/js/ 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/api.js?onload=__iframefcb390350
Requested by
Host: admin.myoneid.dev
URL: https://admin.myoneid.dev/js/auth.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:814::200e Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c47ebf131d26b713db1e45958be0e12aec7c230325daf8a55704ea86b8538404
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://admin.myoneid.dev/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 22 Dec 2023 04:24:36 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7121
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"835cf78274d53543"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 22 Dec 2023 04:24:36 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=gapi_iframes/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/ 		105 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=gapi_iframes/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api.js?onload=__iframefcb390350
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:814::200e Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a15c79f96437b8efac4b6d8145e91f3ab08a764caaaa67bc713865de7e6e6337
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://admin.myoneid.dev/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 20 Dec 2023 16:19:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
129921
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35912
x-xss-protection
0
last-modified
Wed, 06 Dec 2023 19:05:16 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 19 Dec 2024 16:19:15 GMT
iframe
din-oneid-development.firebaseapp.com/__/auth/ Frame 9501 		364 B
794 B 		Document
General
Check archive.org
Download Go to
Full URL
https://din-oneid-development.firebaseapp.com/__/auth/iframe?apiKey=AIzaSyB25w3ac808oQxV9v-8DdxUpFYhKj5S_ls&appName=%5BDEFAULT%5D&v=9.9.4&eid=p&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=gapi_iframes/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_0?le=scs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d1eea8206093f3c645b999e44787c4798a867a5a26bc482313cf9007b778a47d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://admin.myoneid.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1
accept-language
en-NZ,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=1800
content-encoding
gzip
content-length
244
content-type
text/html; charset=utf-8
date
Fri, 22 Dec 2023 04:24:37 GMT
origin-trial
AsJLZ4vyY2ORU5w3PpXkCY24qwPZPIS5vhU7v2bOIN/0bBRyfdahqmyS8TVFm5y/M0UpaS2paS/SJ+gGGZ9FeA8AAACfeyJvcmlnaW4iOiJodHRwczovL2ZpcmViYXNlYXBwLmNvbTo0NDMiLCJmZWF0dXJlIjoiRGlzYWJsZVRoaXJkUGFydHlTZXNzaW9uU3RvcmFnZVBhcnRpdGlvbmluZ0FmdGVyR2VuZXJhbFBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcxNDY5NDM5OSwiaXNTdWJkb21haW4iOnRydWV9
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-served-by
cache-akl10325-AKL
x-timer
S1703219077.224742,VS0,VE420
iframe.js
din-oneid-development.firebaseapp.com/__/auth/ Frame 9501 		286 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://din-oneid-development.firebaseapp.com/__/auth/iframe.js
Requested by
Host: din-oneid-development.firebaseapp.com
URL: https://din-oneid-development.firebaseapp.com/__/auth/iframe?apiKey=AIzaSyB25w3ac808oQxV9v-8DdxUpFYhKj5S_ls&appName=%5BDEFAULT%5D&v=9.9.4&eid=p&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
07dc1ee4c37e310a09b519768a1a4bd82639625a2b2fba84702d0ce8ad6828a1
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://din-oneid-development.firebaseapp.com/__/auth/iframe?apiKey=AIzaSyB25w3ac808oQxV9v-8DdxUpFYhKj5S_ls&appName=%5BDEFAULT%5D&v=9.9.4&eid=p&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.y0xCMa4KeeI.O%2Fd%3D1%2Frs%3DAHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg%2Fm%3D__features__
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

x-served-by
cache-akl10325-AKL
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
date
Fri, 22 Dec 2023 04:24:38 GMT
x-timer
S1703219078.699042,VS0,VE1233
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/javascript; charset=utf-8
cache-control
max-age=1800
origin-trial
AsJLZ4vyY2ORU5w3PpXkCY24qwPZPIS5vhU7v2bOIN/0bBRyfdahqmyS8TVFm5y/M0UpaS2paS/SJ+gGGZ9FeA8AAACfeyJvcmlnaW4iOiJodHRwczovL2ZpcmViYXNlYXBwLmNvbTo0NDMiLCJmZWF0dXJlIjoiRGlzYWJsZVRoaXJkUGFydHlTZXNzaW9uU3RvcmFnZVBhcnRpdGlvbmluZ0FmdGVyR2VuZXJhbFBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcxNDY5NDM5OSwiaXNTdWJkb21haW4iOnRydWV9
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
92930
x-cache-hits
0
getProjectConfig
www.googleapis.com/identitytoolkit/v3/relyingparty/ Frame 9501 		0
0
getProjectConfig
www.googleapis.com/identitytoolkit/v3/relyingparty/ Frame 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.googleapis.com
URL
https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=AIzaSyB25w3ac808oQxV9v-8DdxUpFYhKj5S_ls&cb=1703219079024
Domain
www.googleapis.com
URL
https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=AIzaSyB25w3ac808oQxV9v-8DdxUpFYhKj5S_ls&cb=1703219079024

Verdicts & Comments Add Verdict or Comment

126 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| e function| t function| n function| r function| s function| o function| a function| c function| u object| h undefined| d undefined| p undefined| f undefined| g undefined| m function| v function| y function| E function| O function| C function| A function| R function| N object| U function| X function| Y function| Z function| re function| ue function| he function| de function| ge function| ye function| be function| _e function| Ie function| ke string| Te function| Se function| De function| Re function| Ne function| Pe function| Le function| Me function| Ue function| xe function| je function| He function| Be function| Ve function| $e function| Ge function| Je function| Xe function| Ze function| Qe function| et function| tt function| nt function| st function| at function| ht function| pt function| ft function| gt function| mt function| vt function| yt function| bt function| _t function| wt function| It function| Et function| kt function| Ot function| At function| Dt function| Nt function| Vt function| $t function| Yt function| Qt function| en function| rn function| sn function| on function| an function| un function| hn function| pn function| fn function| gn function| yn function| In function| En function| Tn function| Sn function| An function| Dn function| Nn function| Pn function| Fn function| jn function| Vn function| zn string| Wn object| qn object| Kn object| Gn string| Jn string| Yn string| Zn undefined| Qn function| nr function| rr function| ir function| sr function| or function| __iframefcb390350 object| gapi object| ___jsl object| _F_toggles object| osapi

1 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 511=BfnqOfknRTTXGuuLnxgvqaBm9G9ZhHSibBerbf_bH08rKxgbHaHkk5Cexf43xi1nCnLvDRntJsbTUvdH3ipyRq5no6RpJbxxyDP32tt1qsBpvvaBD2rAViUGAPgmjoVVGOAmpNPxNAeFbJc3-D9_1xl8J6PJNYSKcY0UPJHSg2k

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options DENY