urlscan.io logo urlscan.io
SecurityTrails logo

play-oauth-staging.play-oauth.paas2.uninett.no Open in urlscan Pro
13.53.55.80  Public Scan

Go To Rescan Add Verdict Report
URL: https://play-oauth-staging.play-oauth.paas2.uninett.no/
Submission: On July 27 via automatic, source certstream-suspicious — Scanned from NO
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 13.53.55.80, located in Stockholm, Sweden and belongs to AMAZON-02, US. The main domain is play-oauth-staging.play-oauth.paas2.uninett.no.
TLS certificate: Issued by R3 on July 27th 2022. Valid for: 3 months.
This is the only time play-oauth-staging.play-oauth.paas2.uninett.no was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 13.53.55.80 16509 (AMAZON-02)
1 172.217.18.106 15169 (GOOGLE)
2 142.250.184.227 15169 (GOOGLE)
8 3
Apex Domain
Subdomains		 Transfer
5 uninett.no
play-oauth-staging.play-oauth.paas2.uninett.no
916 KB
2 gstatic.com
fonts.gstatic.com
37 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 72
1 KB
8 3
Domain Requested by
5 play-oauth-staging.play-oauth.paas2.uninett.no play-oauth-staging.play-oauth.paas2.uninett.no
2 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com play-oauth-staging.play-oauth.paas2.uninett.no
8 3

This site contains links to these domains. Also see Links.

Domain
uninett.no
Subject Issuer Validity Valid
play-oauth-staging.play-oauth.paas2.uninett.no
R3		 2022-07-27 -
2022-10-25		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-07-04 -
2022-09-26		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-07-11 -
2022-10-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://play-oauth-staging.play-oauth.paas2.uninett.no/
Frame ID: 7B500269350666DE92E82C1889528D7A
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

OAuth 2.0 Play

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

955 kB
Transfer

953 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
play-oauth-staging.play-oauth.paas2.uninett.no/ 		759 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://play-oauth-staging.play-oauth.paas2.uninett.no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.53.55.80 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-53-55-80.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
1b067fd747263926fb33d376ad5ae708794f1b5153060183ffaed2c21a03436c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

accept-ranges
bytes
cache-control
public, max-age=0
content-length
759
content-type
text/html; charset=UTF-8
date
Wed, 27 Jul 2022 08:13:34 GMT
etag
W/"2f7-1823eb671d8"
last-modified
Wed, 27 Jul 2022 08:12:00 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
main.c9f981ccd006c42ffab8.css
play-oauth-staging.play-oauth.paas2.uninett.no/static/css/ 		188 KB
189 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://play-oauth-staging.play-oauth.paas2.uninett.no/static/css/main.c9f981ccd006c42ffab8.css
Requested by
Host: play-oauth-staging.play-oauth.paas2.uninett.no
URL: https://play-oauth-staging.play-oauth.paas2.uninett.no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.53.55.80 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-53-55-80.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
317cb8d476b70a832434b27f80b55356d6cd88326204c50423794cf83ddbffa3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://play-oauth-staging.play-oauth.paas2.uninett.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 27 Jul 2022 08:13:34 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Jul 2022 08:09:37 GMT
etag
W/"2f008-1823eb441e8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
text/css; charset=UTF-8
cache-control
public, max-age=172800
strict-transport-security
max-age=15552000; includeSubDomains
accept-ranges
bytes
x-dns-prefetch-control
off
content-length
192520
x-xss-protection
1; mode=block
vendors.c9f981ccd006c42ffab8.bundle.js
play-oauth-staging.play-oauth.paas2.uninett.no/static/js/ 		688 KB
689 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://play-oauth-staging.play-oauth.paas2.uninett.no/static/js/vendors.c9f981ccd006c42ffab8.bundle.js
Requested by
Host: play-oauth-staging.play-oauth.paas2.uninett.no
URL: https://play-oauth-staging.play-oauth.paas2.uninett.no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.53.55.80 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-53-55-80.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
9ea8506f27f6acc74556b15273b39dcb1e6deef14b31b6fbef8c96b20f0748e9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://play-oauth-staging.play-oauth.paas2.uninett.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 27 Jul 2022 08:13:34 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Jul 2022 08:09:37 GMT
etag
W/"abe37-1823eb441e8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=172800
strict-transport-security
max-age=15552000; includeSubDomains
accept-ranges
bytes
x-dns-prefetch-control
off
content-length
704055
x-xss-protection
1; mode=block
main.c9f981ccd006c42ffab8.bundle.js
play-oauth-staging.play-oauth.paas2.uninett.no/static/js/ 		35 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://play-oauth-staging.play-oauth.paas2.uninett.no/static/js/main.c9f981ccd006c42ffab8.bundle.js
Requested by
Host: play-oauth-staging.play-oauth.paas2.uninett.no
URL: https://play-oauth-staging.play-oauth.paas2.uninett.no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.53.55.80 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-53-55-80.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
855a600edaab4bd7ca4368dc91ef4d1dabb90ad840e796257ed1a193709687f4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://play-oauth-staging.play-oauth.paas2.uninett.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 27 Jul 2022 08:13:34 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Jul 2022 08:09:37 GMT
etag
W/"8aa1-1823eb441e8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=172800
strict-transport-security
max-age=15552000; includeSubDomains
accept-ranges
bytes
x-dns-prefetch-control
off
content-length
35489
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=IBM+Plex+Sans:400,600
Requested by
Host: play-oauth-staging.play-oauth.paas2.uninett.no
URL: https://play-oauth-staging.play-oauth.paas2.uninett.no/static/css/main.c9f981ccd006c42ffab8.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f106.1e100.net
Software
ESF /
Resource Hash
5a509ba751bcd633afbbc016bb1584a7c7d1f52a9719b5e6105aaae620c5edf2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://play-oauth-staging.play-oauth.paas2.uninett.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 27 Jul 2022 08:13:35 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 27 Jul 2022 08:13:35 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 27 Jul 2022 08:13:35 GMT
zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
fonts.gstatic.com/s/ibmplexsans/v14/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ibmplexsans/v14/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:400,600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f3.1e100.net
Software
sffe /
Resource Hash
fcecb97c12786d7a9387a81e74e4179790fd84425c9c75be1aec3aed645bf6e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://play-oauth-staging.play-oauth.paas2.uninett.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Thu, 21 Jul 2022 03:39:16 GMT
x-content-type-options
nosniff
age
534860
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18000
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:46:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 21 Jul 2023 03:39:16 GMT
zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v14/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ibmplexsans/v14/zYX9KVElMYYaJe8bpLHnCwDKjQ76AIFsdA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:400,600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f3.1e100.net
Software
sffe /
Resource Hash
bf4eae9216be01f9a411ac93c5008eb38a3abdbb12fdb50ef974a4599e90220a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://play-oauth-staging.play-oauth.paas2.uninett.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 26 Jul 2022 08:45:34 GMT
x-content-type-options
nosniff
age
84482
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19124
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:47:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 26 Jul 2023 08:45:34 GMT
e6bed4aacc5617a56a4ac038c229fcab.svg
play-oauth-staging.play-oauth.paas2.uninett.no/static/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://play-oauth-staging.play-oauth.paas2.uninett.no/static/img/e6bed4aacc5617a56a4ac038c229fcab.svg
Requested by
Host: play-oauth-staging.play-oauth.paas2.uninett.no
URL: https://play-oauth-staging.play-oauth.paas2.uninett.no/discover
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.53.55.80 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-53-55-80.eu-north-1.compute.amazonaws.com
Software
/
Resource Hash
594a1ad4f3e792b0f913ba208bbfd3a367a780a8dbbc9ee43b1cc9de902e4cc4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://play-oauth-staging.play-oauth.paas2.uninett.no/discover
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 27 Jul 2022 08:13:35 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Jul 2022 08:09:37 GMT
etag
W/"6eb-1823eb441e8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=172800
strict-transport-security
max-age=15552000; includeSubDomains
accept-ranges
bytes
x-dns-prefetch-control
off
content-length
1771
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| webpackJsonp object| __SENTRY__

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block