urlscan.io logo urlscan.io
SecurityTrails logo

auth.buildingsiot.com Open in urlscan Pro
15.197.181.212  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://auth.energy-staging.infogrid.io/
Effective URL: https://auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/v1/authorize?client_id=0oa4bqbpoDOYupbcC4x6&code_challenge=x1_utV2DM...
Submission: On October 31 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 3 domains to perform 12 HTTP transactions. The main IP is 15.197.181.212, located in United States and belongs to AMAZON-02, US. The main domain is auth.buildingsiot.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on November 14th 2023. Valid for: a year.
This is the only time auth.buildingsiot.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
5 34.215.95.177 16509 (AMAZON-02)
2 3.33.189.110 16509 (AMAZON-02)
3 15.197.181.212 16509 (AMAZON-02)
1 13.32.27.74 16509 (AMAZON-02)
12 5
1    2606:4700::6813:a818 (United States)

ASN13335 (CLOUDFLARENET, US)
auth.energy-staging.infogrid.io
5    34.215.95.177 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-215-95-177.us-west-2.compute.amazonaws.com
energy-staging.infogrid.io
2    3.33.189.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: af77c9e516730cc51.awsglobalaccelerator.com
auth.buildingsiot.com
3    15.197.181.212 (United States)

ASN16509 (AMAZON-02, US)
PTR: af77c9e516730cc51.awsglobalaccelerator.com
auth.buildingsiot.com
1    13.32.27.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-74.fra56.r.cloudfront.net
ok11static.oktacdn.com
Apex Domain
Subdomains		 Transfer
6 infogrid.io
auth.energy-staging.infogrid.io
energy-staging.infogrid.io
904 KB
5 buildingsiot.com
auth.buildingsiot.com
16 KB
1 oktacdn.com
ok11static.oktacdn.com — Cisco Umbrella Rank: 14010
7 KB
12 3
Domain Requested by
5 auth.buildingsiot.com energy-staging.infogrid.io
auth.buildingsiot.com
5 energy-staging.infogrid.io energy-staging.infogrid.io
1 ok11static.oktacdn.com auth.buildingsiot.com
1 auth.energy-staging.infogrid.io 1 redirects
12 4

This site contains no links.

Subject Issuer Validity Valid
energy-staging.infogrid.io
Amazon RSA 2048 M03		 2024-10-08 -
2025-11-06		 a year crt.sh
auth.buildingsiot.com
Go Daddy Secure Certificate Authority - G2		 2023-11-14 -
2024-12-15		 a year crt.sh
*.oktacdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-15 -
2025-01-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/v1/authorize?client_id=0oa4bqbpoDOYupbcC4x6&code_challenge=x1_utV2DM77TZ_zTQLMKGrKDRo4MWiTqIuU0-HiPLe8&code_challenge_method=S256&nonce=gtMiR5VTWfAMZ85k46uf28rfn8N9GWc7Ldc7QBFczpLBgPNMJV9djpDtMs4GSjty&redirect_uri=https%3A%2F%2Fenergy-staging.infogrid.io%2Fimplicit%2Fcallback&response_type=code&state=HvBrEd7aq8Xa1w18nI09Fzh2DZbngIhips4NRUWK0hd4DlwCP6EAxPgVB0uRoK9p&scope=openid%20email%20profile
Frame ID: A4006450459EBAE2925D11E426D7A3E5
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BuildingsIOT - Schlechte Anfrage

Page URL History Show full URLs

  1. https://auth.energy-staging.infogrid.io/ HTTP 302
    https://energy-staging.infogrid.io/ Page URL
  2. https://auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/v1/authorize?client_id=0oa4bqbpoDOYupbcC4x6&code... Page URL

Page Statistics

12
Requests

92 %
HTTPS

20 %
IPv6

3
Domains

4
Subdomains

5
IPs

1
Countries

927 kB
Transfer

2695 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://auth.energy-staging.infogrid.io/ HTTP 302
    https://energy-staging.infogrid.io/ Page URL
  2. https://auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/v1/authorize?client_id=0oa4bqbpoDOYupbcC4x6&code_challenge=x1_utV2DM77TZ_zTQLMKGrKDRo4MWiTqIuU0-HiPLe8&code_challenge_method=S256&nonce=gtMiR5VTWfAMZ85k46uf28rfn8N9GWc7Ldc7QBFczpLBgPNMJV9djpDtMs4GSjty&redirect_uri=https%3A%2F%2Fenergy-staging.infogrid.io%2Fimplicit%2Fcallback&response_type=code&state=HvBrEd7aq8Xa1w18nI09Fzh2DZbngIhips4NRUWK0hd4DlwCP6EAxPgVB0uRoK9p&scope=openid%20email%20profile Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://auth.energy-staging.infogrid.io/ HTTP 302
  • https://energy-staging.infogrid.io/

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
energy-staging.infogrid.io/
Redirect Chain
  • https://auth.energy-staging.infogrid.io/
  • https://energy-staging.infogrid.io/
551 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://energy-staging.infogrid.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.215.95.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-215-95-177.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
e3318e90d4e7e3469feba21daf4dd9152697a0d6568e757087b3fc336be1d1db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-store, must-revalidate
content-length
551
content-security-policy-report-only
Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
content-type
text/html; charset=UTF-8
date
Thu, 31 Oct 2024 07:23:59 GMT
etag
"6722752b-227"
last-modified
Wed, 30 Oct 2024 18:04:27 GMT
permissions-policy
accelerometer=(), ambient-light-sensor=(), camera=(), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), navigation-override=(), payment=(), screen-wake-lock=(self), sync-xhr=(self), usb=()
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

age
19
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=60
cf-cache-status
HIT
cf-ray
8db1e71fac91d3ad-FRA
content-type
text/html; charset=utf-8
date
Thu, 31 Oct 2024 07:23:59 GMT
location
https://energy-staging.infogrid.io/
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept, Accept-Encoding
x-auth0-l
0.079
x-auth0-requestid
abbd45bff06bf29d3356
x-content-type-options
nosniff
main.ef6fc594.js
energy-staging.infogrid.io/static/js/ 		3 MB
896 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://energy-staging.infogrid.io/static/js/main.ef6fc594.js
Requested by
Host: energy-staging.infogrid.io
URL: https://energy-staging.infogrid.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.215.95.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-215-95-177.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
74fb19c31db6830037082b107e3c50544076700fc19d4cb7b11f15e09a8dfce6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://energy-staging.infogrid.io/

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
vary
Accept-Encoding
content-encoding
gzip
etag
W/"6722752b-29b6ec"
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
permissions-policy
accelerometer=(), ambient-light-sensor=(), camera=(), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), navigation-override=(), payment=(), screen-wake-lock=(self), sync-xhr=(self), usb=()
content-security-policy-report-only
Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
date
Thu, 31 Oct 2024 07:23:59 GMT
x-xss-protection
1; mode=block
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 30 Oct 2024 18:04:27 GMT
server
nginx
x-frame-options
DENY
main.658c3a49.css
energy-staging.infogrid.io/static/css/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://energy-staging.infogrid.io/static/css/main.658c3a49.css
Requested by
Host: energy-staging.infogrid.io
URL: https://energy-staging.infogrid.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.215.95.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-215-95-177.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
f836012e883d9286583bc9dfd8eb73f868f4bc3a9663d2536a9f4b3a8c61c34b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://energy-staging.infogrid.io/

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
etag
"6722752b-e08"
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
permissions-policy
accelerometer=(), ambient-light-sensor=(), camera=(), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), navigation-override=(), payment=(), screen-wake-lock=(self), sync-xhr=(self), usb=()
accept-ranges
bytes
content-security-policy-report-only
Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
content-length
3592
date
Thu, 31 Oct 2024 07:23:59 GMT
x-xss-protection
1; mode=block
content-type
text/css
last-modified
Wed, 30 Oct 2024 18:04:27 GMT
server
nginx
x-frame-options
DENY
favicon.png
energy-staging.infogrid.io/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://energy-staging.infogrid.io/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.215.95.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-215-95-177.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b59784ff46a6226b59474ffccbd8ae5caa8ec4e65ed93af74c8070952235741e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://energy-staging.infogrid.io/

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
etag
"67227503-489"
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
permissions-policy
accelerometer=(), ambient-light-sensor=(), camera=(), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), navigation-override=(), payment=(), screen-wake-lock=(self), sync-xhr=(self), usb=()
accept-ranges
bytes
content-security-policy-report-only
Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
content-length
1161
date
Thu, 31 Oct 2024 07:24:01 GMT
x-xss-protection
1; mode=block
content-type
image/png
last-modified
Wed, 30 Oct 2024 18:03:47 GMT
server
nginx
x-frame-options
DENY
jetstream
energy-staging.infogrid.io/ 		0
0
favicon.png
energy-staging.infogrid.io/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://energy-staging.infogrid.io/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.215.95.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-215-95-177.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b59784ff46a6226b59474ffccbd8ae5caa8ec4e65ed93af74c8070952235741e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://energy-staging.infogrid.io/login

Response headers

etag
"67227503-489"
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
permissions-policy
accelerometer=(), ambient-light-sensor=(), camera=(), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), navigation-override=(), payment=(), screen-wake-lock=(self), sync-xhr=(self), usb=()
accept-ranges
bytes
content-security-policy-report-only
Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
content-length
1161
x-xss-protection
1; mode=block
date
Thu, 31 Oct 2024 07:24:01 GMT
content-type
image/png
last-modified
Wed, 30 Oct 2024 18:03:47 GMT
server
nginx
x-frame-options
DENY
openid-configuration
auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/.well-known/ 		2 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/.well-known/openid-configuration
Requested by
Host: energy-staging.infogrid.io
URL: https://energy-staging.infogrid.io/static/js/main.ef6fc594.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.189.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
af77c9e516730cc51.awsglobalaccelerator.com
Software
nginx /
Resource Hash
3714269d84abc4c0cfe1de5a0e241ed569322f6e94742f403963508889192ddd
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

X-Okta-User-Agent-Extended
okta-auth-js/7.2.0 @okta/okta-react/6.7.0
Referer
https://energy-staging.infogrid.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

x-content-type-options
nosniff
expires
Fri, 01 Nov 2024 07:24:01 GMT
p3p
CP="HONK"
Keep-Alive
timeout=5, max=99
Date
Thu, 31 Oct 2024 07:24:01 GMT
Content-Type
application/json
vary
Origin
X-Okta-Request-Id
ZyMwkTL7OSZ6gyI3BoVCuAAAA3c
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=315360000; includeSubDomains
cache-control
max-age=86400, must-revalidate
accept-ch
Sec-CH-UA-Platform-Version
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
default-src 'self' buildingsiot.okta.com auth.buildingsiot.com *.oktacdn.com; connect-src 'self' buildingsiot.okta.com buildingsiot-admin.okta.com auth.buildingsiot.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com buildingsiot.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' buildingsiot.okta.com auth.buildingsiot.com *.oktacdn.com; style-src 'unsafe-inline' 'self' buildingsiot.okta.com auth.buildingsiot.com *.oktacdn.com; frame-src 'self' buildingsiot.okta.com buildingsiot-admin.okta.com auth.buildingsiot.com login.okta.com *.vidyard.com; img-src 'self' buildingsiot.okta.com auth.buildingsiot.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' buildingsiot.okta.com auth.buildingsiot.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Access-Control-Allow-Origin
https://energy-staging.infogrid.io
x-xss-protection
0
Server
nginx
openid-configuration
auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/.well-known/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/.well-known/openid-configuration
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.189.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
af77c9e516730cc51.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-okta-user-agent-extended
Access-Control-Request-Method
GET
Origin
https://energy-staging.infogrid.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type,x-okta-user-agent-extended
Access-Control-Allow-Methods
GET, OPTIONS
Access-Control-Allow-Origin
https://energy-staging.infogrid.io
Access-Control-Max-Age
3600
Connection
Keep-Alive
Content-Length
0
Content-Type
application/octet-stream
Date
Thu, 31 Oct 2024 07:24:01 GMT
Keep-Alive
timeout=5, max=100
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Vary
Origin
X-Okta-Request-Id
ZyMwkTL7OSZ6gyI3BoVCtQAAA3c
Primary Request authorize
auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/v1/ 		3 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/v1/authorize?client_id=0oa4bqbpoDOYupbcC4x6&code_challenge=x1_utV2DM77TZ_zTQLMKGrKDRo4MWiTqIuU0-HiPLe8&code_challenge_method=S256&nonce=gtMiR5VTWfAMZ85k46uf28rfn8N9GWc7Ldc7QBFczpLBgPNMJV9djpDtMs4GSjty&redirect_uri=https%3A%2F%2Fenergy-staging.infogrid.io%2Fimplicit%2Fcallback&response_type=code&state=HvBrEd7aq8Xa1w18nI09Fzh2DZbngIhips4NRUWK0hd4DlwCP6EAxPgVB0uRoK9p&scope=openid%20email%20profile
Requested by
Host: energy-staging.infogrid.io
URL: https://energy-staging.infogrid.io/static/js/main.ef6fc594.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.181.212 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
af77c9e516730cc51.awsglobalaccelerator.com
Software
nginx /
Resource Hash
7abbc67893cf221226324e3eff1b401bbfdd889baa19f9fec87dc95f9256ed78
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://energy-staging.infogrid.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Connection
close
Content-Length
2813
Content-Type
text/html;charset=utf-8
Date
Thu, 31 Oct 2024 07:24:02 GMT
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
accept-ch
Sec-CH-UA-Platform-Version
cache-control
no-cache, no-store
content-language
de
content-security-policy-report-only
default-src 'self' buildingsiot.okta.com auth.buildingsiot.com *.oktacdn.com; connect-src 'self' buildingsiot.okta.com buildingsiot-admin.okta.com auth.buildingsiot.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com buildingsiot.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' buildingsiot.okta.com auth.buildingsiot.com *.oktacdn.com; style-src 'unsafe-inline' 'self' buildingsiot.okta.com auth.buildingsiot.com *.oktacdn.com; frame-src 'self' buildingsiot.okta.com buildingsiot-admin.okta.com auth.buildingsiot.com login.okta.com *.vidyard.com; img-src 'self' buildingsiot.okta.com auth.buildingsiot.com *.oktacdn.com https://ok11static.oktacdn.com/fs/bcg/4/gfs4d6hl6V1rMiqtX4x6 *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' buildingsiot.okta.com auth.buildingsiot.com data: *.oktacdn.com fonts.gstatic.com
expires
0
p3p
CP="HONK"
pragma
no-cache
referrer-policy
no-referrer
x-content-type-options
nosniff
x-okta-request-id
ZyMwkhXnaZ2cJNsQKDgHpQAAC6A
x-rate-limit-limit
60
x-rate-limit-remaining
59
x-rate-limit-reset
1730359502
x-xss-protection
0
errors-v2.css
auth.buildingsiot.com/assets/css/sections/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.buildingsiot.com/assets/css/sections/errors-v2.css
Requested by
Host: auth.buildingsiot.com
URL: https://auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/v1/authorize?client_id=0oa4bqbpoDOYupbcC4x6&code_challenge=x1_utV2DM77TZ_zTQLMKGrKDRo4MWiTqIuU0-HiPLe8&code_challenge_method=S256&nonce=gtMiR5VTWfAMZ85k46uf28rfn8N9GWc7Ldc7QBFczpLBgPNMJV9djpDtMs4GSjty&redirect_uri=https%3A%2F%2Fenergy-staging.infogrid.io%2Fimplicit%2Fcallback&response_type=code&state=HvBrEd7aq8Xa1w18nI09Fzh2DZbngIhips4NRUWK0hd4DlwCP6EAxPgVB0uRoK9p&scope=openid%20email%20profile
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.181.212 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
af77c9e516730cc51.awsglobalaccelerator.com
Software
nginx /
Resource Hash
07d7429f55979af1968161a3eb812a39c797f9c3e2f0fd88aecbf1ea741349c1
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=315360000; includeSubDomains
Cache-Control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
Content-Encoding
gzip
ETag
W/"80127ba5c47706686501006723ba83da"
Connection
Keep-Alive
Expires
Fri, 31 Oct 2025 07:24:02 GMT
Access-Control-Allow-Origin
*
x-amz-meta-sha1sum
a0af4ecf251187b0203ff095d16f850cc57a38c1
Keep-Alive
timeout=5, max=100
Date
Thu, 31 Oct 2024 07:24:02 GMT
Content-Type
text/css
Vary
Accept-Encoding
Server
nginx
Last-Modified
Thu, 03 Nov 2022 21:57:23 GMT
fs0gyct8jbYH8japJ4x7
ok11static.oktacdn.com/fs/bco/1/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok11static.oktacdn.com/fs/bco/1/fs0gyct8jbYH8japJ4x7
Requested by
Host: auth.buildingsiot.com
URL: https://auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/v1/authorize?client_id=0oa4bqbpoDOYupbcC4x6&code_challenge=x1_utV2DM77TZ_zTQLMKGrKDRo4MWiTqIuU0-HiPLe8&code_challenge_method=S256&nonce=gtMiR5VTWfAMZ85k46uf28rfn8N9GWc7Ldc7QBFczpLBgPNMJV9djpDtMs4GSjty&redirect_uri=https%3A%2F%2Fenergy-staging.infogrid.io%2Fimplicit%2Fcallback&response_type=code&state=HvBrEd7aq8Xa1w18nI09Fzh2DZbngIhips4NRUWK0hd4DlwCP6EAxPgVB0uRoK9p&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-74.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
31d4580b2994bbd94625e15ecd00e170391bf181db3a00e7d8df625dd249a3d9
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag
"8486dec01e54533c807b9c372620cc21"
via
1.1 3acba66e95e31977aee0842f44a6f08e.cloudfront.net (CloudFront)
expires
Fri, 31 Oct 2025 07:24:02 GMT
accept-ranges
bytes
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
6796
x-amz-cf-id
by3mvD6wpoPJmCP-xNXUP1UAuWEvjZhFUqTPBHJxxM8CVIWI6o2HLQ==
date
Thu, 31 Oct 2024 07:24:02 GMT
content-type
image/png
last-modified
Thu, 18 Jan 2024 20:39:55 GMT
server
nginx
x-amz-cf-pop
FRA56-C2
favicon.ico
auth.buildingsiot.com/ 		5 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://auth.buildingsiot.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.181.212 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
af77c9e516730cc51.awsglobalaccelerator.com
Software
nginx /
Resource Hash
f9e86fb363a05f75ab3b525439d46bf4911d4cd4ae94c656c0198206374002aa
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Strict-Transport-Security
max-age=315360000; includeSubDomains
X-Robots-Tag
noindex,nofollow
etag
W/"5430-1730084644000"
Connection
Keep-Alive
x-content-type-options
nosniff
accept-ranges
bytes
Content-Length
5430
Keep-Alive
timeout=5, max=99
Date
Thu, 31 Oct 2024 07:24:02 GMT
Content-Type
image/x-icon
last-modified
Mon, 28 Oct 2024 03:04:04 GMT
Server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
energy-staging.infogrid.io
URL
https://energy-staging.infogrid.io/jetstream

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Domain/Path Name / Value
auth.buildingsiot.com/ Name: JSESSIONID
Value: D75EE11C237AA7652D3A410A61B20B5D
auth.buildingsiot.com/ Name: DT
Value: DI1RvnsYMTnSWS6Jhh7aMjNMg

7 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security error URL: https://energy-staging.infogrid.io/
Message:
The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
network error URL: https://auth.buildingsiot.com/oauth2/aus44uxu7U1f2ngZn4x6/v1/authorize?client_id=0oa4bqbpoDOYupbcC4x6&code_challenge=x1_utV2DM77TZ_zTQLMKGrKDRo4MWiTqIuU0-HiPLe8&code_challenge_method=S256&nonce=gtMiR5VTWfAMZ85k46uf28rfn8N9GWc7Ldc7QBFczpLBgPNMJV9djpDtMs4GSjty&redirect_uri=https%3A%2F%2Fenergy-staging.infogrid.io%2Fimplicit%2Fcallback&response_type=code&state=HvBrEd7aq8Xa1w18nI09Fzh2DZbngIhips4NRUWK0hd4DlwCP6EAxPgVB0uRoK9p&scope=openid%20email%20profile
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block