Submitted URL: https://teamdojo2.demo.security.iteratec.dev/
Effective URL: https://sso.security.iteratec.dev/auth/realms/teamdojo/protocol/openid-connect/auth?response_type=code&client_id=teamdojo2-webapp&...
Submission: On February 18 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 34.107.91.101, located in Frankfurt am Main, Germany and belongs to GOOGLE-PRIVATE-CLOUD, US. The main domain is sso.security.iteratec.dev.
TLS certificate: Issued by R3 on January 10th 2022. Valid for: 3 months.
This is the only time sso.security.iteratec.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 15 34.107.91.101 396982 (GOOGLE-PR...)
14 1
Apex Domain
Subdomains
Transfer
15 iteratec.dev
teamdojo2.demo.security.iteratec.dev
sso.security.iteratec.dev
3 MB
14 1
Domain Requested by
14 teamdojo2.demo.security.iteratec.dev 1 redirects teamdojo2.demo.security.iteratec.dev
1 sso.security.iteratec.dev teamdojo2.demo.security.iteratec.dev
14 2

This site contains no links.

Subject Issuer Validity Valid
teamdojo2.demo.security.iteratec.dev
R3
2022-02-18 -
2022-05-19
3 months crt.sh
sso.security.iteratec.dev
R3
2022-01-10 -
2022-04-10
3 months crt.sh

This page contains 1 frames:

Primary Page: https://sso.security.iteratec.dev/auth/realms/teamdojo/protocol/openid-connect/auth?response_type=code&client_id=teamdojo2-webapp&scope=openid%20profile%20email&state=7oojpTXGxwK5Xr3ivjDukuvmywuthu_bc2i9zxROQNE%3D&redirect_uri=https://teamdojo2.demo.security.iteratec.dev/login/oauth2/code/oidc&nonce=b4AuzKF5PB99z6mBcV0I5AR-Z7z0DIVCbuU68ybA14M
Frame ID: 47F4F807EB25CFE62CF597DA89EA4F86
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

404 Not Found

Page URL History Show full URLs

  1. https://teamdojo2.demo.security.iteratec.dev/ Page URL
  2. https://teamdojo2.demo.security.iteratec.dev/oauth2/authorization/oidc HTTP 302
    https://sso.security.iteratec.dev/auth/realms/teamdojo/protocol/openid-connect/auth?response_type=code&client_... Page URL

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

3205 kB
Transfer

16138 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://teamdojo2.demo.security.iteratec.dev/ Page URL
  2. https://teamdojo2.demo.security.iteratec.dev/oauth2/authorization/oidc HTTP 302
    https://sso.security.iteratec.dev/auth/realms/teamdojo/protocol/openid-connect/auth?response_type=code&client_id=teamdojo2-webapp&scope=openid%20profile%20email&state=7oojpTXGxwK5Xr3ivjDukuvmywuthu_bc2i9zxROQNE%3D&redirect_uri=https://teamdojo2.demo.security.iteratec.dev/login/oauth2/code/oidc&nonce=b4AuzKF5PB99z6mBcV0I5AR-Z7z0DIVCbuU68ybA14M Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
teamdojo2.demo.security.iteratec.dev/
6 KB
3 KB
Document
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
ba14f1dcfdbb0502377a2a30ceb9eebfb5d3383005f80b692a4b6300a5604c8d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Fri, 18 Feb 2022 20:39:16 GMT
content-type
text/html
content-length
2148
content-encoding
gzip
cache-control
no-store
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
accept-ranges
bytes
content-security-policy
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
strict-transport-security
max-age=15724800; includeSubDomains
content-language
de-DE
x-frame-options
DENY
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
x-content-type-options
nosniff
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
loading.css
teamdojo2.demo.security.iteratec.dev/content/css/
3 KB
973 B
Stylesheet
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/content/css/loading.css
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
b2e109d50eb6ce67fd4dbadfab1d6da789d125b2d33ce2948ee45a2403f8bb9e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://teamdojo2.demo.security.iteratec.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 20:39:16 GMT
content-encoding
gzip
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/css
cache-control
no-store
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
709
styles.css
teamdojo2.demo.security.iteratec.dev/
413 KB
46 KB
Stylesheet
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/styles.css
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
d5d98a0011213912f97738f2cadfdbb46a293f9467c772da738a4a2f9df052ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://teamdojo2.demo.security.iteratec.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 20:39:16 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options
DENY
content-type
text/css
x-xss-protection
1; mode=block
cache-control
no-store
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options
nosniff
runtime.js
teamdojo2.demo.security.iteratec.dev/
10 KB
3 KB
Script
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/runtime.js
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
64dca3d6c69fe8e27a4abe6df21e5358e0b590a3b1d4263cac0dcf8d13433845
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://teamdojo2.demo.security.iteratec.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 20:39:16 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options
DENY
content-type
application/javascript
x-xss-protection
1; mode=block
cache-control
no-store
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
2752
x-content-type-options
nosniff
polyfills.js
teamdojo2.demo.security.iteratec.dev/
133 KB
28 KB
Script
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/polyfills.js
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
38ecb64d6cfd2e39a0a95a90fe8383e67eaa803584686f44cf173f4ac827fe05
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://teamdojo2.demo.security.iteratec.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 20:39:16 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options
DENY
content-type
application/javascript
x-xss-protection
1; mode=block
cache-control
no-store
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options
nosniff
scripts.js
teamdojo2.demo.security.iteratec.dev/
42 KB
12 KB
Script
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/scripts.js
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
4a71f3c81a272acbe3ae40757a3bbf49bb936efd32915f3f2e569bbc4be889d1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://teamdojo2.demo.security.iteratec.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 20:39:16 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options
DENY
content-type
application/javascript
x-xss-protection
1; mode=block
cache-control
no-store
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
11896
x-content-type-options
nosniff
vendor.js
teamdojo2.demo.security.iteratec.dev/
6 MB
1 MB
Script
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/vendor.js
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
b6a036a621048a668ce9f0c6ab8edfc10fc544ec0bc9f38edad0ac4c8f6ff351
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://teamdojo2.demo.security.iteratec.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 20:39:16 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options
DENY
content-type
application/javascript
x-xss-protection
1; mode=block
cache-control
no-store
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options
nosniff
main.js
teamdojo2.demo.security.iteratec.dev/
10 MB
2 MB
Script
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/main.js
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://teamdojo2.demo.security.iteratec.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 20:39:16 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options
DENY
content-type
application/javascript
x-xss-protection
1; mode=block
cache-control
no-store
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options
nosniff
logo-jhipster.png
teamdojo2.demo.security.iteratec.dev/content/images/
605 B
853 B
Image
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/content/images/logo-jhipster.png
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/content/css/loading.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
3739ed3988e21170422b67e73b0585919df52f5782012c057163b63af3e6bdcc
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://teamdojo2.demo.security.iteratec.dev/content/css/loading.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 20:39:16 GMT
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
image/png
cache-control
no-store
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
605
en.json
teamdojo2.demo.security.iteratec.dev/i18n/
28 KB
7 KB
XHR
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/i18n/en.json?buildTimestamp=1645215644866
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/polyfills.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://teamdojo2.demo.security.iteratec.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 20:39:17 GMT
content-encoding
gzip
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json
cache-control
max-age=126230400, public
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
7283
account
teamdojo2.demo.security.iteratec.dev/api/
217 B
889 B
XHR
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/api/account
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/polyfills.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://teamdojo2.demo.security.iteratec.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Feb 2022 20:39:17 GMT
referrer-policy
strict-origin-when-cross-origin
x-frame-options
DENY
content-type
application/problem+json
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, max-age=0, must-revalidate
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options
nosniff
expires
0
info
teamdojo2.demo.security.iteratec.dev/management/
255 B
892 B
XHR
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/management/info
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/polyfills.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://teamdojo2.demo.security.iteratec.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Feb 2022 20:39:17 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
x-frame-options
DENY
content-type
application/json
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, max-age=0, must-revalidate
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options
nosniff
expires
0
account
teamdojo2.demo.security.iteratec.dev/api/
217 B
889 B
XHR
General
Full URL
https://teamdojo2.demo.security.iteratec.dev/api/account
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/polyfills.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://teamdojo2.demo.security.iteratec.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Feb 2022 20:39:17 GMT
referrer-policy
strict-origin-when-cross-origin
x-frame-options
DENY
content-type
application/problem+json
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, max-age=0, must-revalidate
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options
nosniff
expires
0
Primary Request auth
sso.security.iteratec.dev/auth/realms/teamdojo/protocol/openid-connect/
Redirect Chain
  • https://teamdojo2.demo.security.iteratec.dev/oauth2/authorization/oidc
  • https://sso.security.iteratec.dev/auth/realms/teamdojo/protocol/openid-connect/auth?response_type=code&client_id=teamdojo2-webapp&scope=openid%20profile%20email&state=7oojpTXGxwK5Xr3ivjDukuvmywuthu...
548 B
661 B
Document
General
Full URL
https://sso.security.iteratec.dev/auth/realms/teamdojo/protocol/openid-connect/auth?response_type=code&client_id=teamdojo2-webapp&scope=openid%20profile%20email&state=7oojpTXGxwK5Xr3ivjDukuvmywuthu_bc2i9zxROQNE%3D&redirect_uri=https://teamdojo2.demo.security.iteratec.dev/login/oauth2/code/oidc&nonce=b4AuzKF5PB99z6mBcV0I5AR-Z7z0DIVCbuU68ybA14M
Requested by
Host: teamdojo2.demo.security.iteratec.dev
URL: https://teamdojo2.demo.security.iteratec.dev/main.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.107.91.101 Frankfurt am Main, Germany, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
101.91.107.34.bc.googleusercontent.com
Software
/
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://teamdojo2.demo.security.iteratec.dev/

Response headers

date
Fri, 18 Feb 2022 20:39:18 GMT
content-type
text/html
content-length
548
strict-transport-security
max-age=15724800; includeSubDomains

Redirect headers

date
Fri, 18 Feb 2022 20:39:17 GMT
content-length
0
location
https://sso.security.iteratec.dev/auth/realms/teamdojo/protocol/openid-connect/auth?response_type=code&client_id=teamdojo2-webapp&scope=openid%20profile%20email&state=7oojpTXGxwK5Xr3ivjDukuvmywuthu_bc2i9zxROQNE%3D&redirect_uri=https://teamdojo2.demo.security.iteratec.dev/login/oauth2/code/oidc&nonce=b4AuzKF5PB99z6mBcV0I5AR-Z7z0DIVCbuU68ybA14M
expires
0
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-xss-protection
1; mode=block
pragma
no-cache
x-frame-options
DENY
referrer-policy
strict-origin-when-cross-origin
content-security-policy
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone

2 Cookies

Domain/Path Name / Value
teamdojo2.demo.security.iteratec.dev/ Name: XSRF-TOKEN
Value: 24828f91-773a-41e3-b8fe-9ad41ccb320d
teamdojo2.demo.security.iteratec.dev/ Name: JSESSIONID
Value: MAyiAFmNAfj0Te0BHSXe90Lvl1_ihXvrZgKooicL

3 Console Messages

Source Level URL
Text
network error URL: https://teamdojo2.demo.security.iteratec.dev/api/account
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://teamdojo2.demo.security.iteratec.dev/api/account
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://sso.security.iteratec.dev/auth/realms/teamdojo/protocol/openid-connect/auth?response_type=code&client_id=teamdojo2-webapp&scope=openid%20profile%20email&state=7oojpTXGxwK5Xr3ivjDukuvmywuthu_bc2i9zxROQNE%3D&redirect_uri=https://teamdojo2.demo.security.iteratec.dev/login/oauth2/code/oidc&nonce=b4AuzKF5PB99z6mBcV0I5AR-Z7z0DIVCbuU68ybA14M
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block