urlscan.io logo urlscan.io
SecurityTrails logo

shfy.sts.synlab.it Open in urlscan Pro
2620:1ec:bdf::60  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://shfy.bookingadmin.synlab.co.uk/
Effective URL: https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%2...
Submission: On July 08 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 28 HTTP transactions. The main IP is 2620:1ec:bdf::60, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is shfy.sts.synlab.it.
TLS certificate: Issued by GeoTrust Global TLS RSA4096 SHA256 20... on March 13th 2024. Valid for: 6 months.
This is the only time shfy.sts.synlab.it was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 25 2620:1ec:bdf::60 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
28 4
Apex Domain
Subdomains		 Transfer
15 synlab.it
shfy.sts.synlab.it
1 MB
10 synlab.co.uk
shfy.bookingadmin.synlab.co.uk
5 MB
2 gstatic.com
fonts.gstatic.com
67 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 108
2 KB
0 visualstudio.com Failed
dc.services.visualstudio.com Failed
28 5
Domain Requested by
15 shfy.sts.synlab.it 1 redirects shfy.bookingadmin.synlab.co.uk
shfy.sts.synlab.it
10 shfy.bookingadmin.synlab.co.uk shfy.bookingadmin.synlab.co.uk
2 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com shfy.sts.synlab.it
0 dc.services.visualstudio.com Failed shfy.bookingadmin.synlab.co.uk
28 5

This site contains links to these domains. Also see Links.

Domain
shop.synlab.it
Subject Issuer Validity Valid
shfy.bookingadmin.synlab.co.uk
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2024-03-12 -
2024-09-12		 6 months crt.sh
shfy.sts.synlab.it
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2024-03-13 -
2024-09-13		 6 months crt.sh
upload.video.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
Frame ID: 0984CBB016765DD7D7F2AB8438CD289E
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

SYNLAB Access

Page URL History Show full URLs

  1. https://shfy.bookingadmin.synlab.co.uk/ Page URL
  2. https://shfy.sts.synlab.it/connect/authorize?response_type=id_token%20token&client_id=adminweb&state=YT... HTTP 302
    https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3D... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:<link[^>]* href=[^>]+glyphicons(?:\.min)?\.css|<img[^>]* src=[^>]+glyphicons)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

28
Requests

96 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

6468 kB
Transfer

6641 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://shfy.bookingadmin.synlab.co.uk/ Page URL
  2. https://shfy.sts.synlab.it/connect/authorize?response_type=id_token%20token&client_id=adminweb&state=YTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4&redirect_uri=https%3A%2F%2Fshfy.bookingadmin.synlab.co.uk%2Flogin%2Fsigninwithredirect&scope=api%20openid%20profile%20mobileapi%20ResultsApi%20IdentityServerApi%20offline_access&nonce=YTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4 HTTP 302
    https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
shfy.bookingadmin.synlab.co.uk/ 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shfy.bookingadmin.synlab.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
466aa208b0896188e152dc73f47f4b55dd3a5bc8aa297419148176ace3daf02f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-length
2300
content-type
text/html
date
Mon, 08 Jul 2024 22:51:09 GMT
etag
"1dac20d0976e87c"
last-modified
Wed, 19 Jun 2024 05:53:41 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-azure-ref
20240708T225109Z-17cf9458cfb8mn54b6h4ve0ht8000000074000000000d342
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-sa
shfy.bookingadmin.synlab.co.uk
x-sb-request
f78b73e1-b78e-4c34-8e4a-929574c1f815
x-sb-session
c2433274-4670-4c1a-8799-d21da841436c
runtime.f8ef6bc218f386d54d34.js
shfy.bookingadmin.synlab.co.uk/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shfy.bookingadmin.synlab.co.uk/runtime.f8ef6bc218f386d54d34.js
Requested by
Host: shfy.bookingadmin.synlab.co.uk
URL: https://shfy.bookingadmin.synlab.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
45bacebb5cf1116939df17f7839479d2eed5c0a50888c19b7be8b6c451b5e730
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://shfy.bookingadmin.synlab.co.uk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:09 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 19 Jun 2024 05:53:40 GMT
etag
"1dac20d08de58e6"
x-azure-ref
20240708T225109Z-17cf9458cfb8mn54b6h4ve0ht8000000074000000000d347
x-sa
shfy.bookingadmin.synlab.co.uk
content-type
application/javascript
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
4838
polyfills.676fa640948ef1257c3b.js
shfy.bookingadmin.synlab.co.uk/ 		40 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shfy.bookingadmin.synlab.co.uk/polyfills.676fa640948ef1257c3b.js
Requested by
Host: shfy.bookingadmin.synlab.co.uk
URL: https://shfy.bookingadmin.synlab.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
54225c34000eadf634bf5b46319ae683d60becc81bddf4f89e32b93335fc8f4c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://shfy.bookingadmin.synlab.co.uk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:09 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 19 Jun 2024 05:53:40 GMT
etag
"1dac20d08deeacf"
x-azure-ref
20240708T225109Z-17cf9458cfb8mn54b6h4ve0ht8000000074000000000d348
x-sa
shfy.bookingadmin.synlab.co.uk
content-type
application/javascript
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
41167
main.07bf3682a227b6966e00.js
shfy.bookingadmin.synlab.co.uk/ 		5 MB
5 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://shfy.bookingadmin.synlab.co.uk/main.07bf3682a227b6966e00.js
Requested by
Host: shfy.bookingadmin.synlab.co.uk
URL: https://shfy.bookingadmin.synlab.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5d32cc6518bf0d6a717e787c42bb3a9bcf8ecc0fea699203324d884e40495385
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://shfy.bookingadmin.synlab.co.uk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:09 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 19 Jun 2024 05:53:40 GMT
etag
"1dac20d0894b177"
x-azure-ref
20240708T225109Z-17cf9458cfb8mn54b6h4ve0ht8000000074000000000d34a
x-sa
shfy.bookingadmin.synlab.co.uk
content-type
application/javascript
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
4914039
styles.433530ac8a0acb1b6491.css
shfy.bookingadmin.synlab.co.uk/ 		168 KB
169 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://shfy.bookingadmin.synlab.co.uk/styles.433530ac8a0acb1b6491.css
Requested by
Host: shfy.bookingadmin.synlab.co.uk
URL: https://shfy.bookingadmin.synlab.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
21c653ee7ced783f047553fb5e62fe45a36f92adfd9f38e9987a107673e65c35
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://shfy.bookingadmin.synlab.co.uk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:10 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 19 Jun 2024 05:53:40 GMT
etag
"1dac20d08dcea3f"
x-azure-ref
20240708T225109Z-17cf9458cfb8mn54b6h4ve0ht8000000074000000000d34b
x-sa
shfy.bookingadmin.synlab.co.uk
content-type
text/css
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
172095
styles.433530ac8a0acb1b6491.css
shfy.bookingadmin.synlab.co.uk/ 		168 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://shfy.bookingadmin.synlab.co.uk/styles.433530ac8a0acb1b6491.css
Requested by
Host: shfy.bookingadmin.synlab.co.uk
URL: https://shfy.bookingadmin.synlab.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
21c653ee7ced783f047553fb5e62fe45a36f92adfd9f38e9987a107673e65c35
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://shfy.bookingadmin.synlab.co.uk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:10 GMT
x-content-type-options
nosniff
last-modified
Wed, 19 Jun 2024 05:53:40 GMT
etag
"1dac20d08dcea3f"
x-azure-ref
20240708T225109Z-17cf9458cfb8mn54b6h4ve0ht8000000074000000000d34b
x-sa
shfy.bookingadmin.synlab.co.uk
content-type
text/css
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
172095
environment
shfy.bookingadmin.synlab.co.uk/api/ 		976 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://shfy.bookingadmin.synlab.co.uk/api/environment
Requested by
Host: shfy.bookingadmin.synlab.co.uk
URL: https://shfy.bookingadmin.synlab.co.uk/polyfills.676fa640948ef1257c3b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
553c40108bdc515f2427097974e78c7535bf23b7bab0adb829f1227b6375a7db
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

x-locale
en_GB
x-request-from
BookingAdmin
Referer
https://shfy.bookingadmin.synlab.co.uk/
Accept
application/json, text/plain, */*
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-sb-session
eef18717-abcd-4368-9776-94a8ab4a8b6b
date
Mon, 08 Jul 2024 22:51:10 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
x-sb-request
c154f3f6-99c1-4110-a014-afbb232ac215
x-azure-ref
20240708T225110Z-17cf9458cfb8mn54b6h4ve0ht8000000074000000000d382
x-sa
shfy.bookingadmin.synlab.co.uk
content-type
application/json; charset=utf-8
x-cache
CONFIG_NOCACHE
favicon.ico
shfy.bookingadmin.synlab.co.uk/ 		99 KB
100 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://shfy.bookingadmin.synlab.co.uk/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5e1e1c295570311cc40be6c5b64db4f0e460cf56ec3c8438f7a4ef214ccf6d9a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://shfy.bookingadmin.synlab.co.uk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:10 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 19 Jun 2024 05:47:31 GMT
etag
"1dac20c2cecd717"
x-azure-ref
20240708T225110Z-17cf9458cfb8mn54b6h4ve0ht8000000074000000000d386
x-sa
shfy.bookingadmin.synlab.co.uk
content-type
image/x-icon
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
101527
openid-configuration
shfy.sts.synlab.it/.well-known/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/.well-known/openid-configuration
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
x-locale,x-request-from
Access-Control-Request-Method
GET
Origin
https://shfy.bookingadmin.synlab.co.uk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
x-locale,x-request-from
access-control-allow-methods
GET
access-control-allow-origin
*
date
Mon, 08 Jul 2024 22:51:11 GMT
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
strict-transport-security
max-age=15724800; includeSubDomains
x-azure-ref
20240708T225110Z-17c86fbf54d44hm2pxgr2qhqnn00000000z000000000g6r2
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-sa
shfy.sts.synlab.it
x-xss-protection
1; mode=block
openid-configuration
shfy.sts.synlab.it/.well-known/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/.well-known/openid-configuration
Requested by
Host: shfy.bookingadmin.synlab.co.uk
URL: https://shfy.bookingadmin.synlab.co.uk/polyfills.676fa640948ef1257c3b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f4479f790b1e47b1d0ec09c8e79f89f503f757273943ca21e4ad7629479b414f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

x-locale
en_GB
x-request-from
BookingAdmin
Referer
https://shfy.bookingadmin.synlab.co.uk/
Accept
application/json, text/plain, */*
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:11 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
x-azure-ref
20240708T225111Z-17c86fbf54d44hm2pxgr2qhqnn00000000z000000000g6r9
x-sa
shfy.sts.synlab.it
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
x-xss-protection
1; mode=block
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
en_GB.json
shfy.bookingadmin.synlab.co.uk/assets/i18n/ 		80 KB
81 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://shfy.bookingadmin.synlab.co.uk/assets/i18n/en_GB.json?v=1720479070854
Requested by
Host: shfy.bookingadmin.synlab.co.uk
URL: https://shfy.bookingadmin.synlab.co.uk/polyfills.676fa640948ef1257c3b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
de01ee72688688f7305d36f6adf3d04c2fd5a3d878e4f6506691aba28804cf3c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

x-locale
en_GB
x-request-from
BookingAdmin
Referer
https://shfy.bookingadmin.synlab.co.uk/
Accept
application/json, text/plain, */*
traceparent
00-c06d1f30270440f08424dcd809274eb1-129b7376b0324262-01
Request-Id
|c06d1f30270440f08424dcd809274eb1.129b7376b0324262
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:10 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 19 Jun 2024 05:53:40 GMT
etag
"1dac20d08df0b48"
x-azure-ref
20240708T225110Z-17cf9458cfb8mn54b6h4ve0ht8000000074000000000d38a
x-sa
shfy.bookingadmin.synlab.co.uk
content-type
application/json
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
82248
logo_synlab_group.svg
shfy.bookingadmin.synlab.co.uk/assets/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shfy.bookingadmin.synlab.co.uk/assets/images/logo_synlab_group.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3f2d4a99ae61fa95b93a7071cb6b9f067cb30f77393145e9f06be2bd5b97b3de
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://shfy.bookingadmin.synlab.co.uk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:10 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 19 Jun 2024 05:53:40 GMT
etag
"1dac20d08de45e8"
x-azure-ref
20240708T225110Z-17cf9458cfb8mn54b6h4ve0ht8000000074000000000d38g
x-sa
shfy.bookingadmin.synlab.co.uk
content-type
image/svg+xml
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
4072
jwks
shfy.sts.synlab.it/.well-known/openid-configuration/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/.well-known/openid-configuration/jwks
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
x-locale,x-request-from
Access-Control-Request-Method
GET
Origin
https://shfy.bookingadmin.synlab.co.uk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
x-locale,x-request-from
access-control-allow-methods
GET
access-control-allow-origin
*
date
Mon, 08 Jul 2024 22:51:11 GMT
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
strict-transport-security
max-age=15724800; includeSubDomains
x-azure-ref
20240708T225111Z-17c86fbf54d44hm2pxgr2qhqnn00000000z000000000g6rf
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-sa
shfy.sts.synlab.it
x-xss-protection
1; mode=block
jwks
shfy.sts.synlab.it/.well-known/openid-configuration/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/.well-known/openid-configuration/jwks
Requested by
Host: shfy.bookingadmin.synlab.co.uk
URL: https://shfy.bookingadmin.synlab.co.uk/polyfills.676fa640948ef1257c3b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

x-locale
en_GB
x-request-from
BookingAdmin
Referer
https://shfy.bookingadmin.synlab.co.uk/
Accept
application/json, text/plain, */*
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:11 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
x-azure-ref
20240708T225111Z-17c86fbf54d44hm2pxgr2qhqnn00000000z000000000g6rg
x-sa
shfy.sts.synlab.it
content-type
application/jwk-set+json; charset=UTF-8
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
x-xss-protection
1; mode=block
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
Primary Request Login
shfy.sts.synlab.it/Account/
Redirect Chain
  • https://shfy.sts.synlab.it/connect/authorize?response_type=id_token%20token&client_id=adminweb&state=YTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4&redirect_uri=https%3A%2F%2Fshfy.boo...
  • https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2...
4 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
Requested by
Host: shfy.bookingadmin.synlab.co.uk
URL: https://shfy.bookingadmin.synlab.co.uk/main.07bf3682a227b6966e00.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
67d27ffdca55d19594e51f4f84caedbf8550faffcff66ecf4290c01dc45846ad
Security Headers
Name Value
Content-Security-Policy default-src 'self' data:; object-src 'none'; sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts; base-uri 'self'; frame-ancestors 'self' https://*.synlab.com https://*.synlab.ee https://*.covidresults.dk https://*.synlab.hu https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.googletagmanager.com; frame-src 'self' https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; connect-src 'self' https://consentcdn.cookiebot.com https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Security-Policy default-src 'self' data:; object-src 'none'; sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts; base-uri 'self'; frame-ancestors 'self' https://*.synlab.com https://*.synlab.ee https://*.covidresults.dk https://*.synlab.hu https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.googletagmanager.com; frame-src 'self' https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; connect-src 'self' https://consentcdn.cookiebot.com https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://shfy.bookingadmin.synlab.co.uk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store
content-security-policy
default-src 'self' data:; object-src 'none'; sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts; base-uri 'self'; frame-ancestors 'self' https://*.synlab.com https://*.synlab.ee https://*.covidresults.dk https://*.synlab.hu https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.googletagmanager.com; frame-src 'self' https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; connect-src 'self' https://consentcdn.cookiebot.com https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com;
content-type
text/html; charset=utf-8
date
Mon, 08 Jul 2024 22:51:11 GMT
pragma
no-cache
referrer-policy
no-referrer
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
strict-transport-security
max-age=15724800; includeSubDomains
x-azure-ref
20240708T225111Z-17c86fbf54d2b6mmmhsesg2db000000000x00000000106pf
x-cache
CONFIG_NOCACHE
x-content-security-policy
default-src 'self' data:; object-src 'none'; sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts; base-uri 'self'; frame-ancestors 'self' https://*.synlab.com https://*.synlab.ee https://*.covidresults.dk https://*.synlab.hu https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.googletagmanager.com; frame-src 'self' https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; connect-src 'self' https://consentcdn.cookiebot.com https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com;
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-sa
shfy.sts.synlab.it
x-xss-protection
1; mode=block

Redirect headers

content-length
0
date
Mon, 08 Jul 2024 22:51:11 GMT
location
https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
strict-transport-security
max-age=15724800; includeSubDomains
x-azure-ref
20240708T225111Z-17c86fbf54d2b6mmmhsesg2db000000000x00000000106p4
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-sa
shfy.sts.synlab.it
x-xss-protection
1; mode=block
track
dc.services.visualstudio.com/v2/ 		0
0
css2
fonts.googleapis.com/ 		23 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,500;0,600;1,300&display=swap
Requested by
Host: shfy.sts.synlab.it
URL: https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
30d93b014bf5b70074e97b62119c5b0a85e4d6d50029b05ef1c9f499e2fba8b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 08 Jul 2024 22:51:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 08 Jul 2024 22:51:11 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 08 Jul 2024 22:51:11 GMT
bootstrap-glyphicons.css
shfy.sts.synlab.it/lib/bootstrap/css/ 		13 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/lib/bootstrap/css/bootstrap-glyphicons.css
Requested by
Host: shfy.sts.synlab.it
URL: https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
02f00e88aaa9a16ed6bf13a3daf476998490a2a56648134155e31237f1bfa12b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:11 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 08 Mar 2024 07:17:37 GMT
etag
"1da7128b29b0c59"
x-azure-ref
20240708T225111Z-17c86fbf54d2b6mmmhsesg2db000000000x00000000106ph
x-sa
shfy.sts.synlab.it
content-type
text/css
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
13017
x-xss-protection
1; mode=block
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
bootstrap.min.css
shfy.sts.synlab.it/lib/bootstrap/css/ 		152 KB
153 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/lib/bootstrap/css/bootstrap.min.css
Requested by
Host: shfy.sts.synlab.it
URL: https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5d6ec87b3854968bf81073e32a2831cd78c72141dd34688970f94477281522ef
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:11 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 08 Mar 2024 07:17:37 GMT
etag
"1da7128b2995ef9"
x-azure-ref
20240708T225111Z-17c86fbf54d2b6mmmhsesg2db000000000x00000000106pk
x-sa
shfy.sts.synlab.it
content-type
text/css
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
155769
x-xss-protection
1; mode=block
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
login.css
shfy.sts.synlab.it/css/dxp/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/css/dxp/login.css
Requested by
Host: shfy.sts.synlab.it
URL: https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c6407fe7d8f706dc1d4c3f07bc17b8cd660cc9b6724c2ec3781a5b6300ee0d0a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:11 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 08 Mar 2024 07:17:37 GMT
etag
"1da7128b29b2e5d"
x-azure-ref
20240708T225111Z-17c86fbf54d2b6mmmhsesg2db000000000x00000000106pm
x-sa
shfy.sts.synlab.it
content-type
text/css
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
4317
x-xss-protection
1; mode=block
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
background.css
shfy.sts.synlab.it/css/dxp/ 		348 B
723 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/css/dxp/background.css
Requested by
Host: shfy.sts.synlab.it
URL: https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c25f9a44eed784e03a3b2ead0e30cae9add3613fd74f0de134eb123d3c0b8da9
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:11 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 08 Mar 2024 07:17:37 GMT
etag
"1da7128b29b3fdc"
x-azure-ref
20240708T225111Z-17c86fbf54d2b6mmmhsesg2db000000000x00000000106pn
x-sa
shfy.sts.synlab.it
content-type
text/css
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
348
x-xss-protection
1; mode=block
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
background.png
shfy.sts.synlab.it/images/dxp/ 		1004 KB
1006 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shfy.sts.synlab.it/images/dxp/background.png
Requested by
Host: shfy.sts.synlab.it
URL: https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
edad9a523bfa410a2dffd56807a8b92e366298a387bd417ee6379bffeaa568ca
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:11 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 08 Mar 2024 07:17:37 GMT
etag
"1da7128b2949148"
x-azure-ref
20240708T225111Z-17c86fbf54d2b6mmmhsesg2db000000000x00000000106pp
x-sa
shfy.sts.synlab.it
content-type
image/png
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
1028040
x-xss-protection
1; mode=block
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
eye.png
shfy.sts.synlab.it/images/dxp/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shfy.sts.synlab.it/images/dxp/eye.png
Requested by
Host: shfy.sts.synlab.it
URL: https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8f9534890f80de482d8f5f06a3cf8782a1c6d1623ac0503e73c056c6208d9a18
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:11 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 08 Mar 2024 07:17:37 GMT
etag
"1da7128b29b3bdf"
x-azure-ref
20240708T225111Z-17c86fbf54d2b6mmmhsesg2db000000000x00000000106pq
x-sa
shfy.sts.synlab.it
content-type
image/png
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
1375
x-xss-protection
1; mode=block
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
login.js
shfy.sts.synlab.it/js/dxp/ 		355 B
740 B 		Script
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/js/dxp/login.js
Requested by
Host: shfy.sts.synlab.it
URL: https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5eba1d145bca1c6d0e88a0e8519f3f13619e315008959392a3b03fcad5d72aeb
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:11 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 08 Mar 2024 07:17:37 GMT
etag
"1da7128b29b3fe3"
x-azure-ref
20240708T225111Z-17c86fbf54d2b6mmmhsesg2db000000000x00000000106pr
x-sa
shfy.sts.synlab.it
content-type
application/javascript
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
355
x-xss-protection
1; mode=block
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,500;0,600;1,300&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://shfy.sts.synlab.it
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 09:37:33 GMT
x-content-type-options
nosniff
age
393218
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 04 Jul 2025 09:37:33 GMT
memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk5hkWVAewA.woff2
fonts.gstatic.com/s/opensans/v40/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk5hkWVAewA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,500;0,600;1,300&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8202d126a1bd9699b9d97ff51bf012337200b44be67f0f64140b16edd458e802
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://shfy.sts.synlab.it
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 02 Jul 2024 14:56:10 GMT
x-content-type-options
nosniff
age
546901
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19332
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:03:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 02 Jul 2025 14:56:10 GMT
favicon.ico
shfy.sts.synlab.it/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
840ed167b4b70cc59f5f4cec8058fdf4e1607c531a53ff104f18f4eb0a1faa66
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:11 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 08 Mar 2024 07:17:37 GMT
etag
"1da7128b29b3afe"
x-azure-ref
20240708T225111Z-17c86fbf54d2b6mmmhsesg2db000000000x00000000106q6
x-sa
shfy.sts.synlab.it
content-type
image/x-icon
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
1150
x-xss-protection
1; mode=block
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165
favicon.ico
shfy.sts.synlab.it/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://shfy.sts.synlab.it/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
840ed167b4b70cc59f5f4cec8058fdf4e1607c531a53ff104f18f4eb0a1faa66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 08 Jul 2024 22:51:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 08 Mar 2024 07:17:37 GMT
etag
"1da7128b29b3afe"
x-azure-ref
20240708T225111Z-17c86fbf54d2b6mmmhsesg2db000000000x00000000106q6
x-sa
shfy.sts.synlab.it
content-type
image/x-icon
x-cache
CONFIG_NOCACHE
accept-ranges
bytes
content-length
1150
x-xss-protection
1; mode=block
request-context
appId=cid-v1:35442833-4f72-4220-b360-7d2947ba9165

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
dc.services.visualstudio.com
URL
https://dc.services.visualstudio.com/v2/track

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| toggleShowPassword

3 Cookies

Domain/Path Name / Value
shfy.bookingadmin.synlab.co.uk/ Name: ai_user
Value: w2FyZ1GR9Yc0i4HElP5iY+|2024-07-08T22:51:10.841Z
shfy.bookingadmin.synlab.co.uk/ Name: ai_session
Value: NU+8Ev/F5Kv4b/M4VbREyF|1720479070915|1720479070915
shfy.sts.synlab.it/ Name: .AspNetCore.Antiforgery.MQdQsjIB7EA
Value: CfDJ8AuO2Yh0ARZOq2hj_aFxrwJSHXdKVo86XOl0G2TxqQgKznv4vkLB6uRdXYT4IcBDLrCx9aVO6xMk-paX8KNAKQCOQZLuVV3GrD22RQwuNBH9797bVD0jfysRLWi96NhfsifRY-zoVl1mNMy1aEwfx8o

1 Console Messages

Source Level URL
Text
security warning URL: https://shfy.sts.synlab.it/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Did_token%2520token%26client_id%3Dadminweb%26state%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4%26redirect_uri%3Dhttps%253A%252F%252Fshfy.bookingadmin.synlab.co.uk%252Flogin%252Fsigninwithredirect%26scope%3Dapi%2520openid%2520profile%2520mobileapi%2520ResultsApi%2520IdentityServerApi%2520offline_access%26nonce%3DYTRLflVnb29NSENGZWtlVlFFZ3psOTNqNWVZUFVfM2xCd29YV1dWMWpaWUE4
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dc.services.visualstudio.com
fonts.googleapis.com
fonts.gstatic.com
shfy.bookingadmin.synlab.co.uk
shfy.sts.synlab.it
dc.services.visualstudio.com
2620:1ec:bdf::60
2a00:1450:4001:80b::2003
2a00:1450:4001:81d::200a
02f00e88aaa9a16ed6bf13a3daf476998490a2a56648134155e31237f1bfa12b
21c653ee7ced783f047553fb5e62fe45a36f92adfd9f38e9987a107673e65c35
30d93b014bf5b70074e97b62119c5b0a85e4d6d50029b05ef1c9f499e2fba8b6
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3f2d4a99ae61fa95b93a7071cb6b9f067cb30f77393145e9f06be2bd5b97b3de
45bacebb5cf1116939df17f7839479d2eed5c0a50888c19b7be8b6c451b5e730
466aa208b0896188e152dc73f47f4b55dd3a5bc8aa297419148176ace3daf02f
54225c34000eadf634bf5b46319ae683d60becc81bddf4f89e32b93335fc8f4c
553c40108bdc515f2427097974e78c7535bf23b7bab0adb829f1227b6375a7db
5d32cc6518bf0d6a717e787c42bb3a9bcf8ecc0fea699203324d884e40495385
5d6ec87b3854968bf81073e32a2831cd78c72141dd34688970f94477281522ef
5e1e1c295570311cc40be6c5b64db4f0e460cf56ec3c8438f7a4ef214ccf6d9a
5eba1d145bca1c6d0e88a0e8519f3f13619e315008959392a3b03fcad5d72aeb
67d27ffdca55d19594e51f4f84caedbf8550faffcff66ecf4290c01dc45846ad
8202d126a1bd9699b9d97ff51bf012337200b44be67f0f64140b16edd458e802
840ed167b4b70cc59f5f4cec8058fdf4e1607c531a53ff104f18f4eb0a1faa66
8f9534890f80de482d8f5f06a3cf8782a1c6d1623ac0503e73c056c6208d9a18
c25f9a44eed784e03a3b2ead0e30cae9add3613fd74f0de134eb123d3c0b8da9
c6407fe7d8f706dc1d4c3f07bc17b8cd660cc9b6724c2ec3781a5b6300ee0d0a
de01ee72688688f7305d36f6adf3d04c2fd5a3d878e4f6506691aba28804cf3c
edad9a523bfa410a2dffd56807a8b92e366298a387bd417ee6379bffeaa568ca
f4479f790b1e47b1d0ec09c8e79f89f503f757273943ca21e4ad7629479b414f