urlscan.io logo urlscan.io
SecurityTrails logo

app1.mygema.com Open in urlscan Pro
51.38.225.206  Public Scan

Go To Rescan Add Verdict Report
URL: https://app1.mygema.com/
Submission Tags: @phishunt_io
Submission: On December 05 via api from DE — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 4 domains to perform 15 HTTP transactions. The main IP is 51.38.225.206, located in France and belongs to OVH, FR. The main domain is app1.mygema.com.
TLS certificate: Issued by R3 on December 4th 2021. Valid for: 3 months.
This is the only time app1.mygema.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

7    51.38.225.206 (France)

ASN16276 (OVH, FR)
PTR: vps-c5eb686e.vps.ovh.net
app1.mygema.com
1    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
2    2a00:1450:4001:828::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.gstatic.com
Domain Requested by
7 app1.mygema.com app1.mygema.com
2 accounts.google.com apis.google.com
ssl.gstatic.com
2 apis.google.com app1.mygema.com
apis.google.com
2 fonts.gstatic.com fonts.googleapis.com
1 ssl.gstatic.com accounts.google.com
1 fonts.googleapis.com app1.mygema.com
15 6

This site contains no links.

Subject Issuer Validity Valid
app1.mygema.com
R3		 2021-12-04 -
2022-03-04		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.apis.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://app1.mygema.com/
Frame ID: 23FC5BC35DC731DBC5BBA800CCDAED1B
Requests: 12 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 88EAA3CFB5087B865041981108A5EA57
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

MyGema

Page Statistics

15
Requests

100 %
HTTPS

83 %
IPv6

4
Domains

6
Subdomains

6
IPs

2
Countries

429 kB
Transfer

1061 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
app1.mygema.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app1.mygema.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.38.225.206 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-c5eb686e.vps.ovh.net
Software
Apache/2.4.38 (Debian) /
Resource Hash
d481744cad6c03322f937357ecee2d2ec8d2a508ad88fe2dfba8d1e05c70304f
Security Headers
Name Value
Content-Security-Policy script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
fr-FR,fr;q=0.9

Response headers

Date
Sun, 05 Dec 2021 01:21:17 GMT
Server
Apache/2.4.38 (Debian)
X-RateLimit-Limit
200
X-RateLimit-Remaining
198
X-RateLimit-Reset
1638667298
Content-Security-Policy
script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cache-Control
no-store
Accept-Ranges
bytes
Last-Modified
Fri, 03 Dec 2021 12:06:00 GMT
ETag
W/"6ba-17d802fdd69-gzip"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
695
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
css2
fonts.googleapis.com/ 		19 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Oswald:wght@200;400;500;700&family=Roboto:wght@100;300;400;500;700;900&display=swap
Requested by
Host: app1.mygema.com
URL: https://app1.mygema.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
932005a1b9b955c8da0f573e3ce3710b4cc515d82127d7d192cecec102f2eb14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://app1.mygema.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 05 Dec 2021 01:21:18 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 05 Dec 2021 01:21:18 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 05 Dec 2021 01:21:18 GMT
2.b971344c.chunk.css
app1.mygema.com/static/css/ 		14 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app1.mygema.com/static/css/2.b971344c.chunk.css
Requested by
Host: app1.mygema.com
URL: https://app1.mygema.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.38.225.206 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-c5eb686e.vps.ovh.net
Software
Apache/2.4.38 (Debian) /
Resource Hash
e20d376e579651726842815ee480d2a451686ca1e9246635eb1fd93b78124118
Security Headers
Name Value
Content-Security-Policy script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://app1.mygema.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sun, 05 Dec 2021 01:21:18 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Connection
Keep-Alive
Content-Length
3262
Last-Modified
Fri, 03 Dec 2021 12:06:00 GMT
Server
Apache/2.4.38 (Debian)
ETag
W/"3863-17d802fdd71-gzip"
Content-Security-Policy
script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
X-RateLimit-Remaining
197
Content-Type
text/css; charset=UTF-8
Cache-Control
no-store
X-RateLimit-Reset
1638667298
X-RateLimit-Limit
200
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
main.2dc8636c.chunk.css
app1.mygema.com/static/css/ 		36 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app1.mygema.com/static/css/main.2dc8636c.chunk.css
Requested by
Host: app1.mygema.com
URL: https://app1.mygema.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.38.225.206 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-c5eb686e.vps.ovh.net
Software
Apache/2.4.38 (Debian) /
Resource Hash
50534292912a336a5e09a7e63e5b0a9ef603a51965a8a27fefa1e4a69ccdcaef
Security Headers
Name Value
Content-Security-Policy script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://app1.mygema.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sun, 05 Dec 2021 01:21:18 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Connection
Keep-Alive
Content-Length
7627
Last-Modified
Fri, 03 Dec 2021 12:06:00 GMT
Server
Apache/2.4.38 (Debian)
ETag
W/"8e5a-17d802fdd69-gzip"
Content-Security-Policy
script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
X-RateLimit-Remaining
196
Content-Type
text/css; charset=UTF-8
Cache-Control
no-store
X-RateLimit-Reset
1638667298
X-RateLimit-Limit
200
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
runtime-main.f893a7aa.js
app1.mygema.com/static/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app1.mygema.com/static/js/runtime-main.f893a7aa.js
Requested by
Host: app1.mygema.com
URL: https://app1.mygema.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.38.225.206 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-c5eb686e.vps.ovh.net
Software
Apache/2.4.38 (Debian) /
Resource Hash
ea7652ad5a02b5edace2cee30e13266e84d48370480bd32be50bc501b0944616
Security Headers
Name Value
Content-Security-Policy script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://app1.mygema.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sun, 05 Dec 2021 01:21:18 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Connection
Keep-Alive
Content-Length
775
Last-Modified
Fri, 03 Dec 2021 12:06:00 GMT
Server
Apache/2.4.38 (Debian)
ETag
W/"621-17d802fdd69-gzip"
Content-Security-Policy
script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
X-RateLimit-Remaining
195
Content-Type
application/javascript; charset=UTF-8
Cache-Control
no-store
X-RateLimit-Reset
1638667298
X-RateLimit-Limit
200
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
2.b738e242.chunk.js
app1.mygema.com/static/js/ 		474 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app1.mygema.com/static/js/2.b738e242.chunk.js
Requested by
Host: app1.mygema.com
URL: https://app1.mygema.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.38.225.206 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-c5eb686e.vps.ovh.net
Software
Apache/2.4.38 (Debian) /
Resource Hash
f2f065ea8b9e4db33a5589579aea27e8fb1410738be6787b8a341a9fd20f9fcb
Security Headers
Name Value
Content-Security-Policy script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://app1.mygema.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sun, 05 Dec 2021 01:21:18 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Transfer-Encoding
chunked
Connection
Keep-Alive
Last-Modified
Fri, 03 Dec 2021 12:06:00 GMT
Server
Apache/2.4.38 (Debian)
ETag
W/"76994-17d802fdd71-gzip"
Content-Security-Policy
script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
X-RateLimit-Remaining
194
Content-Type
application/javascript; charset=UTF-8
Cache-Control
no-store
X-RateLimit-Reset
1638667298
X-RateLimit-Limit
200
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
main.a030687b.chunk.js
app1.mygema.com/static/js/ 		162 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app1.mygema.com/static/js/main.a030687b.chunk.js
Requested by
Host: app1.mygema.com
URL: https://app1.mygema.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.38.225.206 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-c5eb686e.vps.ovh.net
Software
Apache/2.4.38 (Debian) /
Resource Hash
56e9dba88d40d740f0f4ecdd6bc017d14ba60c47c2f71f5c2269b231621ff33a
Security Headers
Name Value
Content-Security-Policy script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://app1.mygema.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sun, 05 Dec 2021 01:21:18 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Transfer-Encoding
chunked
Connection
Keep-Alive
Last-Modified
Fri, 03 Dec 2021 12:06:00 GMT
Server
Apache/2.4.38 (Debian)
ETag
W/"28652-17d802fdd69-gzip"
Content-Security-Policy
script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
X-RateLimit-Remaining
193
Content-Type
application/javascript; charset=UTF-8
Cache-Control
no-store
X-RateLimit-Reset
1638667298
X-RateLimit-Limit
200
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
logo-my-gema.77c65d8e.png
app1.mygema.com/static/media/ 		94 KB
94 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app1.mygema.com/static/media/logo-my-gema.77c65d8e.png
Requested by
Host: app1.mygema.com
URL: https://app1.mygema.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.38.225.206 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-c5eb686e.vps.ovh.net
Software
Apache/2.4.38 (Debian) /
Resource Hash
e397f4a49eb0b0d6af6f8fa7b552c8c4d4e452c2b9c91c2e36b48e183c491f0e
Security Headers
Name Value
Content-Security-Policy script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://app1.mygema.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sun, 05 Dec 2021 01:21:18 GMT
X-RateLimit-Limit
200
Last-Modified
Fri, 03 Dec 2021 12:06:00 GMT
Server
Apache/2.4.38 (Debian)
ETag
W/"17641-17d802fdd65"
X-RateLimit-Remaining
192
Content-Type
image/png
Cache-Control
no-store
X-RateLimit-Reset
1638667298
Content-Security-Policy
script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
95809
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Oswald:wght@200;400;500;700&family=Roboto:wght@100;300;400;500;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app1.mygema.com
Accept-Language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 20:07:55 GMT
x-content-type-options
nosniff
age
364403
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 30 Nov 2022 20:07:55 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Oswald:wght@200;400;500;700&family=Roboto:wght@100;300;400;500;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app1.mygema.com
Accept-Language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 05:33:18 GMT
x-content-type-options
nosniff
age
330480
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 01 Dec 2022 05:33:18 GMT
api.js
apis.google.com/js/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/api.js
Requested by
Host: app1.mygema.com
URL: https://app1.mygema.com/static/js/2.b738e242.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
541ddae47c96b238567f9a1860939cae4563e8be52ca9c8db9d810f9d4c60025
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-HcSVCzfO2ORXOGVOJ6H2sg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://app1.mygema.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sun, 05 Dec 2021 01:21:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"9a07d17da536b939c41f011417e2ae19"
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-HcSVCzfO2ORXOGVOJ6H2sg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires
Sun, 05 Dec 2021 01:21:18 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.fr.hKpDcCRpfzY.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPtA__YLHsOFW0mAXsDprmcs27GKA/ 		103 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.fr.hKpDcCRpfzY.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPtA__YLHsOFW0mAXsDprmcs27GKA/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c71f8b8c149da5b336269f70b23626a2844b7f6cb3ad131b9467430bc820ce8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://app1.mygema.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 11:10:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
310234
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35076
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 01 Dec 2022 11:10:44 GMT
iframe
accounts.google.com/o/oauth2/ Frame 88EA 		513 B
902 B 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.fr.hKpDcCRpfzY.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPtA__YLHsOFW0mAXsDprmcs27GKA/cb=gapi.loaded_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9d657c952eb793eb6550c7ab28b127436bfd84cd4f8745fc4d1b3fa96bea0cef
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-vs9KFMaPkb2xqh31pXC9cQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
fr-FR,fr;q=0.9
Referer
https://app1.mygema.com/

Response headers

content-type
text/html; charset=utf-8
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sun, 05 Dec 2021 01:21:18 GMT
content-language
en-US
content-security-policy
script-src 'report-sample' 'nonce-vs9KFMaPkb2xqh31pXC9cQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
1086173348-idpiframe.js
ssl.gstatic.com/accounts/o/ Frame 88EA 		112 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.gstatic.com/accounts/o/1086173348-idpiframe.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dd7bd36970ba9b0d29f287dc1fd0c37ddba19d097719b26bc9ecef364498d81d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 22:47:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
95640
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39490
x-xss-protection
0
last-modified
Fri, 19 Nov 2021 03:08:51 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="federated-signon-mpm-access"
vary
Accept-Encoding
report-to
{"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 03 Dec 2022 22:47:18 GMT
iframerpc
accounts.google.com/o/oauth2/ Frame 88EA 		14 B
58 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fapp1.mygema.com&client_id=711449676402-5orpj3bqpi08i7dgnoi2vgsm18c1dnk8.apps.googleusercontent.com
Requested by
Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/1086173348-idpiframe.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
X-Requested-With
XmlHttpRequest
Accept-Language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sun, 05 Dec 2021 01:21:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
content-type
application/json; charset=utf-8
cache-control
public, max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Sun, 05 Dec 2021 02:21:18 GMT

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| webpackJsonpmy-gema-app object| regeneratorRuntime object| gapi object| ___jsl object| osapi

2 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 511=MsOnUksfeyWoDgCZfMNqicf5mRoNPha2BWBwhTXw-km3Fz6FmkNnVcRgRO3Sy7eXiMHFJsnjLjUun0N5ruYW9JsIzWrzIzqEMyt8wJV0eP8F-QEcDtoUPEkQY8Jy7s4iF-3fviZ2ikRyxpdnKcpxftl3Cz08ZLc9oPR89q5ZgZw
.app1.mygema.com/ Name: G_ENABLED_IDPS
Value: google

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;default-src 'self' https://apis.google.com https://accounts.google.com http://localhost:5000/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests