urlscan.io logo urlscan.io
SecurityTrails logo

management-app-staging-tscdwb.zitadel.cloud Open in urlscan Pro
2600:1901:0:fa85::  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://auth-portal-staging.surpricemobility.com/
Effective URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Submission: On September 23 via automatic, source certstream-suspicious — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 3 domains to perform 27 HTTP transactions. The main IP is 2600:1901:0:fa85::, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is management-app-staging-tscdwb.zitadel.cloud.
TLS certificate: Issued by WR3 on September 16th 2024. Valid for: 3 months.
This is the only time management-app-staging-tscdwb.zitadel.cloud was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 13.41.125.89 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 172.217.18.10 15169 (GOOGLE)
1 2 2600:1901:0:f... 15169 (GOOGLE)
15 34.107.193.192 396982 (GOOGLE-CL...)
27 6
8    13.41.125.89 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-41-125-89.eu-west-2.compute.amazonaws.com
auth-portal-staging.surpricemobility.com
management-app.api-staging.surpricemobility.com
1    2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
1    172.217.18.10 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f10.1e100.net
maps.googleapis.com
2    2600:1901:0:fa85:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
management-app-staging-tscdwb.zitadel.cloud
15    34.107.193.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.193.107.34.bc.googleusercontent.com
management-app-staging-tscdwb.zitadel.cloud
Domain Requested by
17 management-app-staging-tscdwb.zitadel.cloud auth-portal-staging.surpricemobility.com
management-app-staging-tscdwb.zitadel.cloud
6 auth-portal-staging.surpricemobility.com auth-portal-staging.surpricemobility.com
2 management-app.api-staging.surpricemobility.com auth-portal-staging.surpricemobility.com
2 maps.googleapis.com auth-portal-staging.surpricemobility.com
maps.googleapis.com
27 4

This site contains links to these domains. Also see Links.

Domain
zitadel.com
Subject Issuer Validity Valid
auth-portal-staging.surpricemobility.com
E6		 2024-09-23 -
2024-12-22		 3 months crt.sh
upload.video.google.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
management-app.api-staging.surpricemobility.com
E6		 2024-09-23 -
2024-12-22		 3 months crt.sh
*.zitadel.cloud
WR3		 2024-09-16 -
2024-12-16		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Frame ID: B5A526E3DBB3155DAF00EB92AE05F263
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Welcome Back!

Page URL History Show full URLs

  1. https://auth-portal-staging.surpricemobility.com/ Page URL
  2. https://management-app-staging-tscdwb.zitadel.cloud/oauth/v2/authorize?client_id=235055819840918792%40management_app&redirect_ur... HTTP 302
    https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js

Page Statistics

27
Requests

96 %
HTTPS

40 %
IPv6

3
Domains

4
Subdomains

6
IPs

3
Countries

3559 kB
Transfer

3972 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://auth-portal-staging.surpricemobility.com/ Page URL
  2. https://management-app-staging-tscdwb.zitadel.cloud/oauth/v2/authorize?client_id=235055819840918792%40management_app&redirect_uri=https%3A%2F%2Fauth-portal-staging.surpricemobility.com%2Fcallback&response_type=code&scope=openid+profile+email+offline_access+urn%3Azitadel%3Aiam%3Aorg%3Aproject%3Aid%3Azitadel%3Aaud&code_challenge=blU9AzFUjgeoE1Gh2thoFNqEQYd_A3fU3mHW9J_gCYg&code_challenge_method=S256&state=04eddec7aa8d763417fb107744560457f44c90ec8cd0903638db18a9f5befbfa&nonce=851f4832a72fa584e032919922303c1ed7f0b44031829a6daba59d9df79e3608 HTTP 302
    https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
auth-portal-staging.surpricemobility.com/ 		938 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth-portal-staging.surpricemobility.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.41.125.89 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-41-125-89.eu-west-2.compute.amazonaws.com
Software
nginx/1.24.0 /
Resource Hash
9a7c2397a0acaf66b1aeb4313e2c557455960060cca42aa39485d8bdfdbda0be

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Type
text/html
Date
Mon, 23 Sep 2024 06:54:52 GMT
Server
nginx/1.24.0
Transfer-Encoding
chunked
index-02b23e7b.js
auth-portal-staging.surpricemobility.com/assets/ 		3 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth-portal-staging.surpricemobility.com/assets/index-02b23e7b.js
Requested by
Host: auth-portal-staging.surpricemobility.com
URL: https://auth-portal-staging.surpricemobility.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.41.125.89 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-41-125-89.eu-west-2.compute.amazonaws.com
Software
nginx/1.24.0 /
Resource Hash
f58a1769cc72dd133f71a8daa613f754c95506f4aae361f2cceda38ec8d49b59

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://auth-portal-staging.surpricemobility.com
Referer
https://auth-portal-staging.surpricemobility.com/

Response headers

Transfer-Encoding
chunked
Access-Control-Allow-Origin
*
Date
Mon, 23 Sep 2024 06:54:52 GMT
Content-Type
application/javascript
Server
nginx/1.24.0
Connection
keep-alive
Access-Control-Allow-Methods
GET
index-09e44237.css
auth-portal-staging.surpricemobility.com/assets/ 		31 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth-portal-staging.surpricemobility.com/assets/index-09e44237.css
Requested by
Host: auth-portal-staging.surpricemobility.com
URL: https://auth-portal-staging.surpricemobility.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.41.125.89 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-41-125-89.eu-west-2.compute.amazonaws.com
Software
nginx/1.24.0 /
Resource Hash
09e44237fe70f752b15c1d8022519c19a9660765254c01ef2e77fe365459f30f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://auth-portal-staging.surpricemobility.com/

Response headers

Transfer-Encoding
chunked
Access-Control-Allow-Origin
*
Date
Mon, 23 Sep 2024 06:54:52 GMT
Content-Type
text/css
Server
nginx/1.24.0
Connection
keep-alive
Access-Control-Allow-Methods
GET
js
maps.googleapis.com/maps/api/ 		340 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyAosdH8Y50VzeLo9jrZVlc-zy_de0rZIHo&libraries=places&language=en
Requested by
Host: auth-portal-staging.surpricemobility.com
URL: https://auth-portal-staging.surpricemobility.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
790e820e4a150fed4a2874c797b8f937acdc933a8f28359acf4baf30a65077b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://auth-portal-staging.surpricemobility.com/

Response headers

cache-control
public, max-age=1800
timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
113214
date
Mon, 23 Sep 2024 06:54:53 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
vary
Origin, X-Origin, Referer
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyAosdH8Y50VzeLo9jrZVlc-zy_de0rZIHo&libraries=places&language=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.10 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f10.1e100.net
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://auth-portal-staging.surpricemobility.com/

Response headers

cache-control
private
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-origin
https://auth-portal-staging.surpricemobility.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
date
Mon, 23 Sep 2024 06:54:53 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
vary
Origin, X-Origin, Referer
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
en.translation-c3d63625.js
auth-portal-staging.surpricemobility.com/assets/ 		25 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth-portal-staging.surpricemobility.com/assets/en.translation-c3d63625.js
Requested by
Host: auth-portal-staging.surpricemobility.com
URL: https://auth-portal-staging.surpricemobility.com/assets/index-02b23e7b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.41.125.89 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-41-125-89.eu-west-2.compute.amazonaws.com
Software
nginx/1.24.0 /
Resource Hash
1599ccff1e0b587bda9d8a7f8151dbf556d387ecbc64d72bcca69ae3575a8115

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://auth-portal-staging.surpricemobility.com
Referer
https://auth-portal-staging.surpricemobility.com/assets/index-02b23e7b.js

Response headers

Transfer-Encoding
chunked
Access-Control-Allow-Origin
*
Date
Mon, 23 Sep 2024 06:54:53 GMT
Content-Type
application/javascript
Server
nginx/1.24.0
Connection
keep-alive
Access-Control-Allow-Methods
GET
favicon.svg
auth-portal-staging.surpricemobility.com/ 		9 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://auth-portal-staging.surpricemobility.com/favicon.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.41.125.89 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-41-125-89.eu-west-2.compute.amazonaws.com
Software
nginx/1.24.0 /
Resource Hash
bfaa2bf994edcbb59bcfdbc1c490e1f3be1c1f19cc06cb1915b5e24f40a9e6ad

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://auth-portal-staging.surpricemobility.com/

Response headers

Transfer-Encoding
chunked
Access-Control-Allow-Origin
*
Date
Mon, 23 Sep 2024 06:54:53 GMT
Content-Type
image/svg+xml
Server
nginx/1.24.0
Connection
keep-alive
Access-Control-Allow-Methods
GET
favicon.svg
auth-portal-staging.surpricemobility.com/ 		9 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://auth-portal-staging.surpricemobility.com/favicon.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.41.125.89 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-41-125-89.eu-west-2.compute.amazonaws.com
Software
nginx/1.24.0 /
Resource Hash
bfaa2bf994edcbb59bcfdbc1c490e1f3be1c1f19cc06cb1915b5e24f40a9e6ad

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://auth-portal-staging.surpricemobility.com/information

Response headers

Transfer-Encoding
chunked
Access-Control-Allow-Origin
*
Date
Mon, 23 Sep 2024 06:54:53 GMT
Content-Type
image/svg+xml
Server
nginx/1.24.0
Connection
keep-alive
Access-Control-Allow-Methods
GET
me
management-app.api-staging.surpricemobility.com/api/v1/users/ 		92 B
469 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://management-app.api-staging.surpricemobility.com/api/v1/users/me
Requested by
Host: auth-portal-staging.surpricemobility.com
URL: https://auth-portal-staging.surpricemobility.com/assets/index-02b23e7b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.41.125.89 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-41-125-89.eu-west-2.compute.amazonaws.com
Software
nginx/1.24.0 / Express
Resource Hash
a2e95ab02b725a7d6f9e7340eec911594e1822884dd58a2215a25a47a0912883

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/json, text/csv, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Referer
https://auth-portal-staging.surpricemobility.com/

Response headers

ETag
W/"5c-Af8fUYj8AZDjSug5DZTK+tlYbdE"
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
https://auth-portal-staging.surpricemobility.com
Content-Length
92
Date
Mon, 23 Sep 2024 06:54:54 GMT
Content-Type
application/json; charset=utf-8
X-Powered-By
Express
Server
nginx/1.24.0
Vary
Origin
initiate
management-app.api-staging.surpricemobility.com/api/v1/auth/ 		551 B
920 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://management-app.api-staging.surpricemobility.com/api/v1/auth/initiate
Requested by
Host: auth-portal-staging.surpricemobility.com
URL: https://auth-portal-staging.surpricemobility.com/assets/index-02b23e7b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.41.125.89 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-41-125-89.eu-west-2.compute.amazonaws.com
Software
nginx/1.24.0 / Express
Resource Hash
ea0dbb9440f14bce8c158834d89719187de808cb78f50d72e9b67a1f37b455af

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/json, text/csv, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Referer
https://auth-portal-staging.surpricemobility.com/

Response headers

ETag
W/"227-l7/usjyBzoCpYwliqn6APOxYgJY"
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
https://auth-portal-staging.surpricemobility.com
Content-Length
551
Date
Mon, 23 Sep 2024 06:54:54 GMT
Content-Type
application/json; charset=utf-8
X-Powered-By
Express
Server
nginx/1.24.0
Vary
Origin
authorize
management-app-staging-tscdwb.zitadel.cloud/oauth/v2/ 		0
0
Primary Request login
management-app-staging-tscdwb.zitadel.cloud/ui/login/
Redirect Chain
  • https://management-app-staging-tscdwb.zitadel.cloud/oauth/v2/authorize?client_id=235055819840918792%40management_app&redirect_uri=https%3A%2F%2Fauth-portal-staging.surpricemobility.com%2Fcallback&r...
  • https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Requested by
Host: auth-portal-staging.surpricemobility.com
URL: https://auth-portal-staging.surpricemobility.com/assets/index-02b23e7b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:fa85:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
731468453e1988318860752c5d75415c8a4a10658068ae36b63893c1570477af
Security Headers
Name Value
Content-Security-Policy manifest-src 'self';default-src 'none';script-src 'self' 'nonce-2Jm9coNJ2cOVZZaO0leLbt9A5+XY4QFRswvBZPplYKc=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';img-src 'self';media-src 'none';frame-src 'none';font-src 'self';object-src 'self';style-src 'self' 'nonce-2Jm9coNJ2cOVZZaO0leLbt9A5+XY4QFRswvBZPplYKc=';frame-ancestors 'none';connect-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth-portal-staging.surpricemobility.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-security-policy
manifest-src 'self';default-src 'none';script-src 'self' 'nonce-2Jm9coNJ2cOVZZaO0leLbt9A5+XY4QFRswvBZPplYKc=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';img-src 'self';media-src 'none';frame-src 'none';font-src 'self';object-src 'self';style-src 'self' 'nonce-2Jm9coNJ2cOVZZaO0leLbt9A5+XY4QFRswvBZPplYKc=';frame-ancestors 'none';connect-src 'self'
content-type
text/html; charset=utf-8
date
Mon, 23 Sep 2024 06:54:54 GMT
feature-policy
payment 'none'
permissions-policy
payment=()
referrer-policy
same-origin
server
Google Frontend
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0116e310505b00cfcb364a6b610e9010-323c01dc83c8d6f3-00
vary
Cookie Accept-Encoding
via
1.1 google
x-cache-hit
miss
x-cloud-trace-context
0116e310505b00cfcb364a6b610e9010/3619770247114446579
x-content-type-options
nosniff
x-frame-options
DENY
x-robots-tag
none
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-store
content-length
71
content-type
text/html; charset=utf-8
date
Mon, 23 Sep 2024 06:54:54 GMT
expires
Mon, 23 Sep 2024 05:54:54 GMT
location
/ui/login/login?authRequestID=286183224617472071
pragma
no-cache
server
Google Frontend
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-e1509019c1d107303a8ceb815bb3896c-202e4f6287842051-00
vary
Origin,Cookie
via
1.1 google
x-cache-hit
miss
x-cloud-trace-context
e1509019c1d107303a8ceb815bb3896c/2318878142741356625
x-robots-tag
none
zitadel.css
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/themes/zitadel/css/ 		77 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/themes/zitadel/css/zitadel.css
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
e78d9f8db4452ddf9e2a43781ae038d115704f011025c1b8285e11a3382871a5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';font-src 'self';manifest-src 'self';script-src 'self' 'nonce-OmdAAeKISSTF3OV3XALclu31jIYkOWi53dGPMqfdfZA=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';img-src 'self';media-src 'none';frame-src 'none';default-src 'none';style-src 'self' 'nonce-OmdAAeKISSTF3OV3XALclu31jIYkOWi53dGPMqfdfZA=';connect-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
content-encoding
br
age
264581
x-content-type-options
nosniff
x-cache-hit
hit
traceparent
00-fac51305e006ad484e10a826dabd8bea-ed7c00b620433219-00
expires
Fri, 20 Sep 2024 17:25:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 05:25:13 GMT
x-cloud-trace-context
fac51305e006ad484e10a826dabd8bea/17112553466326364697
feature-policy
payment 'none'
vary
Accept-Encoding
last-modified
Tue, 17 Sep 2024 14:53:10 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
frame-ancestors 'none';font-src 'self';manifest-src 'self';script-src 'self' 'nonce-OmdAAeKISSTF3OV3XALclu31jIYkOWi53dGPMqfdfZA=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';img-src 'self';media-src 'none';frame-src 'none';default-src 'none';style-src 'self' 'nonce-OmdAAeKISSTF3OV3XALclu31jIYkOWi53dGPMqfdfZA=';connect-src 'self'
cache-control
public, max-age=43200, s-maxage=604800
content-type
text/css; charset=utf-8
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
none
content-length
6952
x-xss-protection
1; mode=block
server
Google Frontend
dynamic
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/ 		4 KB
878 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/dynamic?orgId=235055621685155080&default-policy=true&filename=policy/label/css/variables.css?v=2023-11-03T16:26:54Z
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
6d4a32792497d51144412535a2f365fb0934cb0aaa6fa8b2b5ad5a82209b9f10
Security Headers
Name Value
Content-Security-Policy manifest-src 'self';connect-src 'self';default-src 'none';script-src 'self' 'nonce-v6XbW3uqlDiHHoUd+Op/chgV8jOG+COLvuex8lk4f2M=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';media-src 'none';frame-src 'none';frame-ancestors 'none';font-src 'self';object-src 'self';style-src 'self' 'nonce-v6XbW3uqlDiHHoUd+Op/chgV8jOG+COLvuex8lk4f2M=';img-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
content-encoding
br
etag
W/"47a9d417e2184394a23cf2fdc251dcd4"
x-content-type-options
nosniff
x-cache-hit
miss
traceparent
00-33d47d69cacb001e54372224331805a5-e14acf338385419e-00
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Sep 2024 06:54:54 GMT
content-type
text/css
feature-policy
payment 'none'
vary
Cookie, Accept-Encoding
last-modified
Fri, 06 Oct 2023 13:49:32 UTC
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
manifest-src 'self';connect-src 'self';default-src 'none';script-src 'self' 'nonce-v6XbW3uqlDiHHoUd+Op/chgV8jOG+COLvuex8lk4f2M=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';media-src 'none';frame-src 'none';frame-ancestors 'none';font-src 'self';object-src 'self';style-src 'self' 'nonce-v6XbW3uqlDiHHoUd+Op/chgV8jOG+COLvuex8lk4f2M=';img-src 'self'
x-cloud-trace-context
33d47d69cacb001e54372224331805a5/16234015626967204254
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
none
x-xss-protection
1; mode=block
server
Google Frontend
lgn-icon-font.css
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/fonts/lgn-icons/css/ 		1 KB
492 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/fonts/lgn-icons/css/lgn-icon-font.css
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
f3ec9fdc14a9ea32a8ab3f0d83a24e45cc231f5d4a1cf82a780c83f12cb7d034
Security Headers
Name Value
Content-Security-Policy img-src 'self';frame-src 'none';frame-ancestors 'none';font-src 'self';connect-src 'self';default-src 'none';script-src 'self' 'nonce-49Fo4sPPWBqF6fggmTWHh1l4UgFtfb/BPu/MThTcpko=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';style-src 'self' 'nonce-49Fo4sPPWBqF6fggmTWHh1l4UgFtfb/BPu/MThTcpko=';media-src 'none';manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
content-encoding
br
age
275357
x-content-type-options
nosniff
x-cache-hit
hit
traceparent
00-7bb866a7dff927bacc17b788c6b30ecb-973c93e1b3697496-00
expires
Fri, 20 Sep 2024 14:25:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 02:25:37 GMT
x-cloud-trace-context
7bb866a7dff927bacc17b788c6b30ecb/10897747795916715158
feature-policy
payment 'none'
vary
Accept-Encoding
last-modified
Tue, 17 Sep 2024 14:52:18 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
img-src 'self';frame-src 'none';frame-ancestors 'none';font-src 'self';connect-src 'self';default-src 'none';script-src 'self' 'nonce-49Fo4sPPWBqF6fggmTWHh1l4UgFtfb/BPu/MThTcpko=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';style-src 'self' 'nonce-49Fo4sPPWBqF6fggmTWHh1l4UgFtfb/BPu/MThTcpko=';media-src 'none';manifest-src 'self'
cache-control
public, max-age=43200, s-maxage=604800
content-type
text/css; charset=utf-8
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
none
content-length
459
x-xss-protection
1; mode=block
server
Google Frontend
theme.js
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/ 		2 KB
622 B 		Script
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/theme.js
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
c030b2e3a9af4b8f6b408b70027c6526fb53cd486f10cb4c5695454f63656765
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'nonce-m4y6BHI4wDTDGasqaBeMuG9p2Mnc48D0wunnhsN9WLo=';img-src 'self';frame-src 'none';manifest-src 'self';script-src 'self' 'nonce-m4y6BHI4wDTDGasqaBeMuG9p2Mnc48D0wunnhsN9WLo=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';frame-ancestors 'none';font-src 'self';connect-src 'self';default-src 'none';media-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
content-encoding
br
age
275357
x-content-type-options
nosniff
x-cache-hit
hit
traceparent
00-d01a739881feaac73c82ee64345ad611-279db143bc33c218-00
expires
Fri, 20 Sep 2024 14:25:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 02:25:37 GMT
x-cloud-trace-context
d01a739881feaac73c82ee64345ad611/2854632643301196312
feature-policy
payment 'none'
vary
Accept-Encoding
last-modified
Tue, 17 Sep 2024 14:52:18 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
style-src 'self' 'nonce-m4y6BHI4wDTDGasqaBeMuG9p2Mnc48D0wunnhsN9WLo=';img-src 'self';frame-src 'none';manifest-src 'self';script-src 'self' 'nonce-m4y6BHI4wDTDGasqaBeMuG9p2Mnc48D0wunnhsN9WLo=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';frame-ancestors 'none';font-src 'self';connect-src 'self';default-src 'none';media-src 'none'
cache-control
public, max-age=43200, s-maxage=604800
content-type
text/javascript; charset=utf-8
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
none
content-length
589
x-xss-protection
1; mode=block
server
Google Frontend
dynamic
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/dynamic?orgId=235055621685155080&default-policy=true&filename=policy/label/logo-dark-237076931307121229
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
df6c1a9dc30945c54fdf54b66aed8a2b155d27dc1327982303b9f71c661a3cfb
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self' 'nonce-pZOA1ARlHN13XZFon0Heo+AOJQKAIeZtizTJhGQZL/k=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';frame-src 'none';frame-ancestors 'none';connect-src 'self';style-src 'self' 'nonce-pZOA1ARlHN13XZFon0Heo+AOJQKAIeZtizTJhGQZL/k=';img-src 'self';media-src 'none';font-src 'self';manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
etag
"980d4670791439945424064f61d8865a"
x-content-type-options
nosniff
x-cache-hit
miss
traceparent
00-80c8f58007cb38866651776068f751b0-5a7d43d568fdf2be-00
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Sep 2024 06:54:54 GMT
content-type
image/png
feature-policy
payment 'none'
vary
Cookie
last-modified
Fri, 20 Oct 2023 12:27:42 UTC
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'none';script-src 'self' 'nonce-pZOA1ARlHN13XZFon0Heo+AOJQKAIeZtizTJhGQZL/k=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';frame-src 'none';frame-ancestors 'none';connect-src 'self';style-src 'self' 'nonce-pZOA1ARlHN13XZFon0Heo+AOJQKAIeZtizTJhGQZL/k=';img-src 'self';media-src 'none';font-src 'self';manifest-src 'self'
x-cloud-trace-context
80c8f58007cb38866651776068f751b0/6520442419370914494
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
content-length
7134
x-xss-protection
1; mode=block
server
Google Frontend
dynamic
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/dynamic?orgId=235055621685155080&default-policy=true&filename=policy/label/logo-237076350211471151
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
15e96c9494b389a0db52ed7ed02b80964da601f8d768f4c006e9c973c797748f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'nonce-eGOMzzzY7QY1o812SpcfADuMHQbFTddiRncjpdwOKJk=';img-src 'self';frame-src 'none';font-src 'self';manifest-src 'self';connect-src 'self';default-src 'none';script-src 'self' 'nonce-eGOMzzzY7QY1o812SpcfADuMHQbFTddiRncjpdwOKJk=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';frame-ancestors 'none';object-src 'self';media-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
etag
"0b4df6a113261343923af0292ef35a08"
x-content-type-options
nosniff
x-cache-hit
miss
traceparent
00-bab0be3b061e90f33f5a62f01e4a3ba8-a39c718168e37ea5-00
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Sep 2024 06:54:54 GMT
content-type
image/png
feature-policy
payment 'none'
vary
Cookie
last-modified
Fri, 20 Oct 2023 12:21:56 UTC
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
style-src 'self' 'nonce-eGOMzzzY7QY1o812SpcfADuMHQbFTddiRncjpdwOKJk=';img-src 'self';frame-src 'none';font-src 'self';manifest-src 'self';connect-src 'self';default-src 'none';script-src 'self' 'nonce-eGOMzzzY7QY1o812SpcfADuMHQbFTddiRncjpdwOKJk=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';frame-ancestors 'none';object-src 'self';media-src 'none'
x-cloud-trace-context
bab0be3b061e90f33f5a62f01e4a3ba8/11789422725173575333
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
content-length
19533
x-xss-protection
1; mode=block
server
Google Frontend
form_submit.js
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/ 		2 KB
813 B 		Script
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/form_submit.js
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
65f6de75f81d1ffbca0d464222b34aaf3128d0928dab181931b6ecf25d5f104a
Security Headers
Name Value
Content-Security-Policy object-src 'self';style-src 'self' 'nonce-Gxud33RGbcnNTmSauMaClbBJExBtSdiCvARfn0i6IMc=';img-src 'self';manifest-src 'self';connect-src 'self';default-src 'none';script-src 'self' 'nonce-Gxud33RGbcnNTmSauMaClbBJExBtSdiCvARfn0i6IMc=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';media-src 'none';frame-src 'none';frame-ancestors 'none';font-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
content-encoding
br
age
264581
x-content-type-options
nosniff
x-cache-hit
hit
traceparent
00-a2fa6280d5a7a37ee63cba8cdc538938-c11f8f87cf3fe3a8-00
expires
Fri, 20 Sep 2024 17:25:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 05:25:13 GMT
x-cloud-trace-context
a2fa6280d5a7a37ee63cba8cdc538938/13915999187058549672
feature-policy
payment 'none'
vary
Accept-Encoding
last-modified
Tue, 17 Sep 2024 14:52:18 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
object-src 'self';style-src 'self' 'nonce-Gxud33RGbcnNTmSauMaClbBJExBtSdiCvARfn0i6IMc=';img-src 'self';manifest-src 'self';connect-src 'self';default-src 'none';script-src 'self' 'nonce-Gxud33RGbcnNTmSauMaClbBJExBtSdiCvARfn0i6IMc=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';media-src 'none';frame-src 'none';frame-ancestors 'none';font-src 'self'
cache-control
public, max-age=43200, s-maxage=604800
content-type
text/javascript; charset=utf-8
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
none
content-length
771
x-xss-protection
1; mode=block
server
Google Frontend
default_form_validation.js
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/ 		89 B
120 B 		Script
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/default_form_validation.js
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b5371af0ee74f931302075c39095bcbc5e30d16f2f400f58e5e61ba30f6dbc42
Security Headers
Name Value
Content-Security-Policy object-src 'self';img-src 'self';media-src 'none';frame-src 'none';manifest-src 'self';default-src 'none';script-src 'self' 'nonce-HkwxRUL8DPvG8yyPq6pZzzTPPtdD4CsiuyYP9GplLQ4=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';style-src 'self' 'nonce-HkwxRUL8DPvG8yyPq6pZzzTPPtdD4CsiuyYP9GplLQ4=';frame-ancestors 'none';font-src 'self';connect-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
age
259535
x-content-type-options
nosniff
x-cache-hit
hit
traceparent
00-dff30da9bf5f1f9bf176129512fca6de-4869e2e7642dd1fd-00
expires
Fri, 20 Sep 2024 18:49:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 06:49:19 GMT
x-cloud-trace-context
dff30da9bf5f1f9bf176129512fca6de/5217951126731477501
feature-policy
payment 'none'
last-modified
Tue, 17 Sep 2024 14:52:18 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
object-src 'self';img-src 'self';media-src 'none';frame-src 'none';manifest-src 'self';default-src 'none';script-src 'self' 'nonce-HkwxRUL8DPvG8yyPq6pZzzTPPtdD4CsiuyYP9GplLQ4=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';style-src 'self' 'nonce-HkwxRUL8DPvG8yyPq6pZzzTPPtdD4CsiuyYP9GplLQ4=';frame-ancestors 'none';font-src 'self';connect-src 'self'
cache-control
public, max-age=43200, s-maxage=604800
content-type
text/javascript; charset=utf-8
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
bytes
content-length
89
x-xss-protection
1; mode=block
server
Google Frontend
input_suffix_offset.js
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/ 		485 B
516 B 		Script
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/input_suffix_offset.js
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
2ddac2cf5c03e55cc929f7e1f8bdc1b0a7bd6b22d43865ecf723d6ac360ae794
Security Headers
Name Value
Content-Security-Policy font-src 'self';manifest-src 'self';default-src 'none';img-src 'self';frame-src 'none';frame-ancestors 'none';connect-src 'self';script-src 'self' 'nonce-XflSFQKOiA3Zfags/rowRGYvKo4yXvGeQz2PfyepfrI=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';style-src 'self' 'nonce-XflSFQKOiA3Zfags/rowRGYvKo4yXvGeQz2PfyepfrI=';media-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
age
439723
x-content-type-options
nosniff
x-cache-hit
hit
traceparent
00-dfcc2f63b07e16d5295dfd350fd3de01-07a6f5e63f57619f-00
expires
Wed, 18 Sep 2024 16:46:11 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 18 Sep 2024 04:46:11 GMT
x-cloud-trace-context
dfcc2f63b07e16d5295dfd350fd3de01/551398373653438879
feature-policy
payment 'none'
last-modified
Wed, 04 Sep 2024 13:12:09 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
font-src 'self';manifest-src 'self';default-src 'none';img-src 'self';frame-src 'none';frame-ancestors 'none';connect-src 'self';script-src 'self' 'nonce-XflSFQKOiA3Zfags/rowRGYvKo4yXvGeQz2PfyepfrI=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';style-src 'self' 'nonce-XflSFQKOiA3Zfags/rowRGYvKo4yXvGeQz2PfyepfrI=';media-src 'none'
cache-control
public, max-age=43200, s-maxage=604800
content-type
text/javascript; charset=utf-8
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
bytes
content-length
485
x-xss-protection
1; mode=block
server
Google Frontend
go_back.js
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/ 		316 B
354 B 		Script
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/go_back.js
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
8fa86beb0a21213a01cc37c642cb49a392bec676238babc65e5e55d63cbe9632
Security Headers
Name Value
Content-Security-Policy manifest-src 'self';default-src 'none';style-src 'self' 'nonce-XeWkkI8YRUtlFJ9qBj2OMjdNi3fM6zeZxbQqbjCK2mU=';frame-ancestors 'none';font-src 'self';frame-src 'none';connect-src 'self';script-src 'self' 'nonce-XeWkkI8YRUtlFJ9qBj2OMjdNi3fM6zeZxbQqbjCK2mU=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';img-src 'self';media-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
age
438165
x-content-type-options
nosniff
x-cache-hit
hit
traceparent
00-36bc7129feca61681ca22de3160c4b2b-57f4c0c2f869d0fb-00
expires
Wed, 18 Sep 2024 17:12:09 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 18 Sep 2024 05:12:09 GMT
x-cloud-trace-context
36bc7129feca61681ca22de3160c4b2b/6337902519241003259
feature-policy
payment 'none'
last-modified
Wed, 04 Sep 2024 13:12:09 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
manifest-src 'self';default-src 'none';style-src 'self' 'nonce-XeWkkI8YRUtlFJ9qBj2OMjdNi3fM6zeZxbQqbjCK2mU=';frame-ancestors 'none';font-src 'self';frame-src 'none';connect-src 'self';script-src 'self' 'nonce-XeWkkI8YRUtlFJ9qBj2OMjdNi3fM6zeZxbQqbjCK2mU=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';img-src 'self';media-src 'none'
cache-control
public, max-age=43200, s-maxage=604800
content-type
text/javascript; charset=utf-8
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
bytes
content-length
316
x-xss-protection
1; mode=block
server
Google Frontend
avatar.js
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/avatar.js
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
a6225a65f22e538ebdb7fc6d49999336f396b554f275e69af0fe0e6a88972207
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce-GP19xtvpn5Iv+Ncro/jvwJDHpbH231OId3obpVy6C4g=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';media-src 'none';frame-ancestors 'none';manifest-src 'self';connect-src 'self';default-src 'none';object-src 'self';style-src 'self' 'nonce-GP19xtvpn5Iv+Ncro/jvwJDHpbH231OId3obpVy6C4g=';img-src 'self';frame-src 'none';font-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
content-encoding
br
age
258981
x-content-type-options
nosniff
x-cache-hit
hit
traceparent
00-adcdf777c5803316374955766cd43f52-10aa1785669341e7-00
expires
Fri, 20 Sep 2024 18:58:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 06:58:33 GMT
x-cloud-trace-context
adcdf777c5803316374955766cd43f52/1200798112366674407
feature-policy
payment 'none'
vary
Accept-Encoding
last-modified
Tue, 17 Sep 2024 14:52:18 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
script-src 'self' 'nonce-GP19xtvpn5Iv+Ncro/jvwJDHpbH231OId3obpVy6C4g=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';media-src 'none';frame-ancestors 'none';manifest-src 'self';connect-src 'self';default-src 'none';object-src 'self';style-src 'self' 'nonce-GP19xtvpn5Iv+Ncro/jvwJDHpbH231OId3obpVy6C4g=';img-src 'self';frame-src 'none';font-src 'self'
cache-control
public, max-age=43200, s-maxage=604800
content-type
text/javascript; charset=utf-8
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
none
content-length
1203
x-xss-protection
1; mode=block
server
Google Frontend
touched.js
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/ 		353 B
385 B 		Script
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/scripts/touched.js
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
a16f5d3ff27b87f0a0595334a0b49ffe70204bb009bd17f363bdd5f6bddf8957
Security Headers
Name Value
Content-Security-Policy frame-src 'none';manifest-src 'self';default-src 'none';script-src 'self' 'nonce-Tm5M/8IDf6yVIkbmwYpDTTOsTyBWLZfRZ3gdM/fXHGQ=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';img-src 'self';media-src 'none';style-src 'self' 'nonce-Tm5M/8IDf6yVIkbmwYpDTTOsTyBWLZfRZ3gdM/fXHGQ=';frame-ancestors 'none';font-src 'self';connect-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
age
283105
x-content-type-options
nosniff
x-cache-hit
hit
traceparent
00-a1790607038ecce71dbc17af255e1b3c-53eb6e8f3845226e-00
expires
Fri, 20 Sep 2024 12:16:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 20 Sep 2024 00:16:29 GMT
x-cloud-trace-context
a1790607038ecce71dbc17af255e1b3c/6047048486078456430
feature-policy
payment 'none'
last-modified
Tue, 17 Sep 2024 14:52:18 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
frame-src 'none';manifest-src 'self';default-src 'none';script-src 'self' 'nonce-Tm5M/8IDf6yVIkbmwYpDTTOsTyBWLZfRZ3gdM/fXHGQ=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';img-src 'self';media-src 'none';style-src 'self' 'nonce-Tm5M/8IDf6yVIkbmwYpDTTOsTyBWLZfRZ3gdM/fXHGQ=';frame-ancestors 'none';font-src 'self';connect-src 'self'
cache-control
public, max-age=43200, s-maxage=604800
content-type
text/javascript; charset=utf-8
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
bytes
content-length
353
x-xss-protection
1; mode=block
server
Google Frontend
dynamic
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/ 		180 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/dynamic?orgId=235055621685155080&filename=policy/label/font-239115993757170935
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/dynamic?orgId=235055621685155080&default-policy=true&filename=policy/label/css/variables.css?v=2023-11-03T16:26:54Z
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
6d00aa5531c8b8ba0934de7925985c6636c99fbc89b4c9f79629fb4a9067654f
Security Headers
Name Value
Content-Security-Policy font-src 'self';connect-src 'self';default-src 'none';script-src 'self' 'nonce-9WZk/FS9BX7IMFsDM3WoJ0WbCg00Hocv9M6qGKvMENU=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';media-src 'none';frame-src 'none';style-src 'self' 'nonce-9WZk/FS9BX7IMFsDM3WoJ0WbCg00Hocv9M6qGKvMENU=';img-src 'self';frame-ancestors 'none';manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://management-app-staging-tscdwb.zitadel.cloud
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/dynamic?orgId=235055621685155080&default-policy=true&filename=policy/label/css/variables.css?v=2023-11-03T16:26:54Z

Response headers

x-robots-tag
none
content-encoding
br
etag
W/"0613c488cf7911af70db821bdd05dfc4"
x-content-type-options
nosniff
x-cache-hit
miss
traceparent
00-f853536606cd2f6cf87cafb81529f3c1-49b261a09100f3d6-00
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Sep 2024 06:54:54 GMT
content-type
font/ttf
feature-policy
payment 'none'
vary
Cookie, Accept-Encoding
last-modified
Fri, 03 Nov 2023 14:03:58 UTC
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
font-src 'self';connect-src 'self';default-src 'none';script-src 'self' 'nonce-9WZk/FS9BX7IMFsDM3WoJ0WbCg00Hocv9M6qGKvMENU=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';media-src 'none';frame-src 'none';style-src 'self' 'nonce-9WZk/FS9BX7IMFsDM3WoJ0WbCg00Hocv9M6qGKvMENU=';img-src 'self';frame-ancestors 'none';manifest-src 'self'
x-cloud-trace-context
f853536606cd2f6cf87cafb81529f3c1/5310414252878656470
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
none
x-xss-protection
1; mode=block
server
Google Frontend
lgn-icons.ttf
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/fonts/lgn-icons/fonts/ 		2 KB
1 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/fonts/lgn-icons/fonts/lgn-icons.ttf?p68sys
Requested by
Host: management-app-staging-tscdwb.zitadel.cloud
URL: https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/fonts/lgn-icons/css/lgn-icon-font.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
bc1f192936879a2100e1f78f13b29f3b96cb934fb0a4a7c05041c9396f360a0a
Security Headers
Name Value
Content-Security-Policy default-src 'none';style-src 'self' 'nonce-iM3zW7sffdrBH2+YA80nCaJWXtU4DWgGX9+O55JWREE=';media-src 'none';frame-src 'none';frame-ancestors 'none';font-src 'self';manifest-src 'self';script-src 'self' 'nonce-iM3zW7sffdrBH2+YA80nCaJWXtU4DWgGX9+O55JWREE=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';img-src 'self';connect-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://management-app-staging-tscdwb.zitadel.cloud
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/fonts/lgn-icons/css/lgn-icon-font.css

Response headers

x-robots-tag
none
content-encoding
br
age
285845
x-content-type-options
nosniff
x-cache-hit
hit
traceparent
00-66283f2c4f9935e5bcf49ecd32b20c37-44da248c2a45d72d-00
expires
Fri, 20 Sep 2024 11:30:49 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 19 Sep 2024 23:30:49 GMT
x-cloud-trace-context
66283f2c4f9935e5bcf49ecd32b20c37/4961318123925264173
feature-policy
payment 'none'
vary
Accept-Encoding
last-modified
Tue, 17 Sep 2024 14:52:18 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'none';style-src 'self' 'nonce-iM3zW7sffdrBH2+YA80nCaJWXtU4DWgGX9+O55JWREE=';media-src 'none';frame-src 'none';frame-ancestors 'none';font-src 'self';manifest-src 'self';script-src 'self' 'nonce-iM3zW7sffdrBH2+YA80nCaJWXtU4DWgGX9+O55JWREE=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';img-src 'self';connect-src 'self'
cache-control
public, max-age=43200, s-maxage=604800
content-type
font/ttf
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
accept-ranges
none
content-length
1270
x-xss-protection
1; mode=block
server
Google Frontend
dynamic
management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/ 		19 KB
19 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/resources/dynamic?orgId=235055621685155080&default-policy=true&filename=policy/label/icon-237076358935620173
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.193.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.193.107.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
15e96c9494b389a0db52ed7ed02b80964da601f8d768f4c006e9c973c797748f
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'nonce-UPfrEdbfFVOvdzJCClgJ8KT+8WNgRz6j5JCR4KLa1fI=';img-src 'self';media-src 'none';frame-ancestors 'none';connect-src 'self';default-src 'none';script-src 'self' 'nonce-UPfrEdbfFVOvdzJCClgJ8KT+8WNgRz6j5JCR4KLa1fI=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';frame-src 'none';font-src 'self';manifest-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://management-app-staging-tscdwb.zitadel.cloud/ui/login/login?authRequestID=286183224617472071

Response headers

x-robots-tag
none
etag
"0b4df6a113261343923af0292ef35a08"
x-content-type-options
nosniff
x-cache-hit
miss
traceparent
00-008b6ed13c6a9cbf751cdca233450369-02dee4832b453ef9-00
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 23 Sep 2024 06:54:55 GMT
content-type
image/png
feature-policy
payment 'none'
vary
Cookie
last-modified
Fri, 20 Oct 2023 12:22:01 UTC
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
style-src 'self' 'nonce-UPfrEdbfFVOvdzJCClgJ8KT+8WNgRz6j5JCR4KLa1fI=';img-src 'self';media-src 'none';frame-ancestors 'none';connect-src 'self';default-src 'none';script-src 'self' 'nonce-UPfrEdbfFVOvdzJCClgJ8KT+8WNgRz6j5JCR4KLa1fI=' 'sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=';object-src 'self';frame-src 'none';font-src 'self';manifest-src 'self'
x-cloud-trace-context
008b6ed13c6a9cbf751cdca233450369/206853884923428601
referrer-policy
same-origin
via
1.1 google
permissions-policy
payment=()
content-length
19533
x-xss-protection
1; mode=block
server
Google Frontend

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
management-app-staging-tscdwb.zitadel.cloud
URL
https://management-app-staging-tscdwb.zitadel.cloud/oauth/v2/authorize?client_id=235055819840918792%40management_app&redirect_uri=https%3A%2F%2Fauth-portal-staging.surpricemobility.com%2Fcallback&response_type=code&scope=openid+profile+email+offline_access+urn%3Azitadel%3Aiam%3Aorg%3Aproject%3Aid%3Azitadel%3Aaud&code_challenge=blU9AzFUjgeoE1Gh2thoFNqEQYd_A3fU3mHW9J_gCYg&code_challenge_method=S256&state=04eddec7aa8d763417fb107744560457f44c90ec8cd0903638db18a9f5befbfa&nonce=851f4832a72fa584e032919922303c1ed7f0b44031829a6daba59d9df79e3608

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| isAutoMode function| hasDarkModeOverwriteCookie function| hasLightModeOverwriteCookie function| writeModeCookie function| getCookie function| setCookie function| detectDelete function| autofill function| disableSubmit function| addRequiredEventListener function| disableDoubleSubmit function| toggleButton function| allRequiredDone function| calculateOffset function| goBack function| wereInUserSelection function| hashCode function| getColor

3 Cookies

Domain/Path Name / Value
management-app-staging-tscdwb.zitadel.cloud/ Name: __Host-zitadel.login.csrf
Value: MTcyNzA3NDQ5NHxJamRFVW5KdFUwWTFNVE5QT1UxS04zaEhlSE4xWmxJMmJuWTJSWFJvWTFoTEsyOUxPVGN2UjNOMFJUUTlJZ289fNLtmIFTHD95VJ5Vm51pkqeY-Biz1l8WrNahQeUlK0aI
management-app-staging-tscdwb.zitadel.cloud/ Name: __Host-zitadel.useragent
Value: MTcyNzA3NDQ5NHxYNTFWWl9fSUJSazNIV1dOQkpIRTh4Qmt0eXdRTVY1OHR1dk5uUVQ5ODVoOU03ZmdiZmNSUUExczMxQzBhVkZ3bk5PbU5aaHJ2NzE2T1FJNzk4czBXM21FcDhad3FRPT18Vv0AKj3dmUVG1Lhqnw0TMOhhqO2-PdgD-geTkJ5shXQ=
management-app-staging-tscdwb.zitadel.cloud/ Name: mode
Value: auto-light

2 Console Messages

Source Level URL
Text
network error URL: https://management-app.api-staging.surpricemobility.com/api/v1/users/me
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)
security warning
Message:
Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: payment. Values defined in Permissions-Policy header will be used.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth-portal-staging.surpricemobility.com
management-app-staging-tscdwb.zitadel.cloud
management-app.api-staging.surpricemobility.com
maps.googleapis.com
management-app-staging-tscdwb.zitadel.cloud
13.41.125.89
172.217.18.10
2600:1901:0:fa85::
2a00:1450:4001:80b::200a
34.107.193.192
09e44237fe70f752b15c1d8022519c19a9660765254c01ef2e77fe365459f30f
1599ccff1e0b587bda9d8a7f8151dbf556d387ecbc64d72bcca69ae3575a8115
15e96c9494b389a0db52ed7ed02b80964da601f8d768f4c006e9c973c797748f
2ddac2cf5c03e55cc929f7e1f8bdc1b0a7bd6b22d43865ecf723d6ac360ae794
65f6de75f81d1ffbca0d464222b34aaf3128d0928dab181931b6ecf25d5f104a
6d00aa5531c8b8ba0934de7925985c6636c99fbc89b4c9f79629fb4a9067654f
6d4a32792497d51144412535a2f365fb0934cb0aaa6fa8b2b5ad5a82209b9f10
731468453e1988318860752c5d75415c8a4a10658068ae36b63893c1570477af
790e820e4a150fed4a2874c797b8f937acdc933a8f28359acf4baf30a65077b1
8fa86beb0a21213a01cc37c642cb49a392bec676238babc65e5e55d63cbe9632
9a7c2397a0acaf66b1aeb4313e2c557455960060cca42aa39485d8bdfdbda0be
a16f5d3ff27b87f0a0595334a0b49ffe70204bb009bd17f363bdd5f6bddf8957
a2e95ab02b725a7d6f9e7340eec911594e1822884dd58a2215a25a47a0912883
a6225a65f22e538ebdb7fc6d49999336f396b554f275e69af0fe0e6a88972207
b5371af0ee74f931302075c39095bcbc5e30d16f2f400f58e5e61ba30f6dbc42
bc1f192936879a2100e1f78f13b29f3b96cb934fb0a4a7c05041c9396f360a0a
bfaa2bf994edcbb59bcfdbc1c490e1f3be1c1f19cc06cb1915b5e24f40a9e6ad
c030b2e3a9af4b8f6b408b70027c6526fb53cd486f10cb4c5695454f63656765
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
df6c1a9dc30945c54fdf54b66aed8a2b155d27dc1327982303b9f71c661a3cfb
e78d9f8db4452ddf9e2a43781ae038d115704f011025c1b8285e11a3382871a5
ea0dbb9440f14bce8c158834d89719187de808cb78f50d72e9b67a1f37b455af
f3ec9fdc14a9ea32a8ab3f0d83a24e45cc231f5d4a1cf82a780c83f12cb7d034
f58a1769cc72dd133f71a8daa613f754c95506f4aae361f2cceda38ec8d49b59