urlscan.io logo urlscan.io
SecurityTrails logo

users.nbe1.main.xfodev.com Open in urlscan Pro
20.220.131.99  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://users.nbe1.main.xfodev.com/
Effective URL: https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEu...
Submission: On November 03 via automatic, source certstream-suspicious — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 26 HTTP transactions. The main IP is 20.220.131.99, located in Toronto, Canada and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is users.nbe1.main.xfodev.com.
TLS certificate: Issued by (STAGING) Artificial Apricot R3 on November 3rd 2022. Valid for: 3 months.
This is the only time users.nbe1.main.xfodev.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 28 20.220.131.99 8075 (MICROSOFT...)
26 2
Apex Domain
Subdomains		 Transfer
28 xfodev.com
users.nbe1.main.xfodev.com
1 MB
26 1
Domain Requested by
28 users.nbe1.main.xfodev.com 2 redirects users.nbe1.main.xfodev.com
26 1

This site contains no links.

Subject Issuer Validity Valid
users.nbe1.main.xfodev.com
(STAGING) Artificial Apricot R3		 2022-11-03 -
2023-02-01		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
Frame ID: 521FC7DDC575B6BB445060ED66A61EE4
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

WSO2 Identity Server

Page URL History Show full URLs

  1. https://users.nbe1.main.xfodev.com/ HTTP 302
    https://users.nbe1.main.xfodev.com/session Page URL
  2. https://users.nbe1.main.xfodev.com/oauth2/authorize?response_type=code&client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&s... HTTP 302
    https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /semantic(?:-([\d.]+))?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

26
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1225 kB
Transfer

4239 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://users.nbe1.main.xfodev.com/ HTTP 302
    https://users.nbe1.main.xfodev.com/session Page URL
  2. https://users.nbe1.main.xfodev.com/oauth2/authorize?response_type=code&client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&scope=openid%20profile%20email%20offline_access%20api&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p HTTP 302
    https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://users.nbe1.main.xfodev.com/ HTTP 302
  • https://users.nbe1.main.xfodev.com/session

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
session
users.nbe1.main.xfodev.com/
Redirect Chain
  • https://users.nbe1.main.xfodev.com/
  • https://users.nbe1.main.xfodev.com/session
625 B
883 B 		Document
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1723de7acdd5e2afb79d9e4b19b3f308a095c09cb5847acfce1fd923870de7ec
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
no-cache public
content-length
625
content-type
text/html
date
Thu, 03 Nov 2022 18:08:51 GMT
etag
"62d9289f-271"
expires
Wed, 03 Nov 2021 18:08:51 GMT
last-modified
Thu, 21 Jul 2022 10:21:19 GMT
pragma
no-cache
strict-transport-security
max-age=15724800; includeSubDomains

Redirect headers

content-length
138
content-type
text/html
date
Thu, 03 Nov 2022 18:08:51 GMT
location
https://users.nbe1.main.xfodev.com/session
styles.1188324f233f32daf230.css
users.nbe1.main.xfodev.com/session/ 		90 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/styles.1188324f233f32daf230.css
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
19524be15784f00462dd0c3c22a441d32eedbf689563492b85512c7c5bc8aec4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Thu, 21 Jul 2022 10:21:17 GMT
etag
W/"62d9289d-16929"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=31536000, public, immutable
expires
Fri, 03 Nov 2023 18:08:51 GMT
runtime.acf0dec4155e77772545.js
users.nbe1.main.xfodev.com/session/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/runtime.acf0dec4155e77772545.js
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6c5acbb82a46a4971660f65131241dffcc28828f4dbd76b8ec7bab0b468250f8
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Thu, 21 Jul 2022 10:21:17 GMT
etag
"62d9289d-5cd"
content-type
application/javascript
cache-control
max-age=31536000, public, immutable
accept-ranges
bytes
content-length
1485
expires
Fri, 03 Nov 2023 18:08:51 GMT
polyfills.35a5ca1855eb057f016a.js
users.nbe1.main.xfodev.com/session/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/polyfills.35a5ca1855eb057f016a.js
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ebd8bc116b8655481bb582dac8824ca6040f0afdbdb3311c9007e1e3581571e0
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Thu, 21 Jul 2022 10:21:17 GMT
etag
W/"62d9289d-9006"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public, immutable
expires
Fri, 03 Nov 2023 18:08:51 GMT
styles.9a21ca379fec94559727.js
users.nbe1.main.xfodev.com/session/ 		542 KB
165 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/styles.9a21ca379fec94559727.js
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
47d1d5df865fa360a899e15df273e433e932dd99854706651004344489f09b1d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Thu, 21 Jul 2022 10:21:17 GMT
etag
W/"62d9289d-879f3"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public, immutable
expires
Fri, 03 Nov 2023 18:08:51 GMT
main.8a2bc289a40a8fff7a5b.js
users.nbe1.main.xfodev.com/session/ 		2 MB
672 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/main.8a2bc289a40a8fff7a5b.js
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
24909faeaa92ae7f5e808b28495f970d0bc0ea773b402650a361a25fb27e8994
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 02 Nov 2022 15:24:12 GMT
etag
W/"63628b9c-22531a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public, immutable
expires
Fri, 03 Nov 2023 18:08:51 GMT
config.json
users.nbe1.main.xfodev.com/session/assets/config/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/assets/config/config.json
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session/polyfills.35a5ca1855eb057f016a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 02 Nov 2022 15:23:56 GMT
etag
"63628b8c-48e"
content-type
application/json
cache-control
no-cache, public
accept-ranges
bytes
content-length
1166
expires
Wed, 03 Nov 2021 18:08:51 GMT
columns-config.json
users.nbe1.main.xfodev.com/session/assets/config/ 		23 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/assets/config/columns-config.json
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session/polyfills.35a5ca1855eb057f016a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 18:08:51 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 02 Nov 2022 15:23:55 GMT
etag
W/"63628b8b-5a01"
vary
Accept-Encoding
content-type
application/json
cache-control
no-cache, public
expires
Wed, 03 Nov 2021 18:08:51 GMT
interface-protocol-data-config.json
users.nbe1.main.xfodev.com/session/assets/config/ 		9 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/assets/config/interface-protocol-data-config.json
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session/polyfills.35a5ca1855eb057f016a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 02 Nov 2022 15:23:55 GMT
etag
"63628b8b-2546"
content-type
application/json
cache-control
no-cache, public
accept-ranges
bytes
content-length
9542
expires
Wed, 03 Nov 2021 18:08:51 GMT
interface-source-destination-config.json
users.nbe1.main.xfodev.com/session/assets/config/ 		3 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/assets/config/interface-source-destination-config.json
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session/polyfills.35a5ca1855eb057f016a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 02 Nov 2022 15:23:54 GMT
etag
"63628b8a-ad2"
content-type
application/json
cache-control
no-cache, public
accept-ranges
bytes
content-length
2770
expires
Wed, 03 Nov 2021 18:08:51 GMT
timezones-config.json
users.nbe1.main.xfodev.com/session/assets/config/ 		35 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/assets/config/timezones-config.json
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session/polyfills.35a5ca1855eb057f016a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 18:08:51 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 02 Nov 2022 15:23:56 GMT
etag
W/"63628b8c-8c90"
vary
Accept-Encoding
content-type
application/json
cache-control
no-cache, public
expires
Wed, 03 Nov 2021 18:08:51 GMT
smart-config.json
users.nbe1.main.xfodev.com/session/assets/config/ 		200 B
462 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/assets/config/smart-config.json
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session/polyfills.35a5ca1855eb057f016a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 02 Nov 2022 15:23:55 GMT
etag
"63628b8b-c8"
content-type
application/json
cache-control
no-cache, public
accept-ranges
bytes
content-length
200
expires
Wed, 03 Nov 2021 18:08:51 GMT
capture-duration-config.json
users.nbe1.main.xfodev.com/session/assets/config/ 		363 B
626 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/assets/config/capture-duration-config.json
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session/polyfills.35a5ca1855eb057f016a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 02 Nov 2022 15:23:55 GMT
etag
"63628b8b-16b"
content-type
application/json
cache-control
no-cache, public
accept-ranges
bytes
content-length
363
expires
Wed, 03 Nov 2021 18:08:51 GMT
session-list-columns-config.json
users.nbe1.main.xfodev.com/session/assets/config/ 		798 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/session/assets/config/session-list-columns-config.json
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session/polyfills.35a5ca1855eb057f016a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 02 Nov 2022 15:23:56 GMT
etag
"63628b8c-31e"
content-type
application/json
cache-control
no-cache, public
accept-ranges
bytes
content-length
798
expires
Wed, 03 Nov 2021 18:08:51 GMT
openid-configuration
users.nbe1.main.xfodev.com/oauth2/oidcdiscovery/.well-known/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/oauth2/oidcdiscovery/.well-known/openid-configuration
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session/polyfills.35a5ca1855eb057f016a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://users.nbe1.main.xfodev.com/session
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
content-length
2434
x-frame-options
DENY
x-xss-protection
1; mode=block
content-type
application/json
Logo_Nova_W.svg
users.nbe1.main.xfodev.com/session/assets/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://users.nbe1.main.xfodev.com/session/assets/img/Logo_Nova_W.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Thu, 21 Jul 2022 10:21:19 GMT
etag
"62d9289f-5e4"
content-type
image/svg+xml
cache-control
max-age=31536000, public, immutable
accept-ranges
bytes
content-length
1508
expires
Fri, 03 Nov 2023 18:08:51 GMT
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/svg+xml
Logo_Nova-Reveal_W_small.2e3c1ddf1e6e533c269e.png
users.nbe1.main.xfodev.com/session/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://users.nbe1.main.xfodev.com/session/Logo_Nova-Reveal_W_small.2e3c1ddf1e6e533c269e.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/session
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Thu, 21 Jul 2022 10:21:17 GMT
etag
"62d9289d-856"
content-type
image/png
cache-control
max-age=31536000, public, immutable
accept-ranges
bytes
content-length
2134
expires
Fri, 03 Nov 2023 18:08:51 GMT
jwks
users.nbe1.main.xfodev.com/oauth2/ 		511 B
694 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/oauth2/jwks
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session/polyfills.35a5ca1855eb057f016a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://users.nbe1.main.xfodev.com/session
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
content-length
511
x-frame-options
DENY
x-xss-protection
1; mode=block
content-type
application/json
Primary Request login.do
users.nbe1.main.xfodev.com/authenticationendpoint/
Redirect Chain
  • https://users.nbe1.main.xfodev.com/oauth2/authorize?response_type=code&client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&redirect_uri...
  • https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commo...
18 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/session/main.8a2bc289a40a8fff7a5b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
272216ca3022d041912a28a96cd95fb5693af2f7aa593e5b67ea5676fd24ff43
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://users.nbe1.main.xfodev.com/session/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
accept-encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

content-length
0
date
Thu, 03 Nov 2022 18:08:51 GMT
location
https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
theme.min.css
users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/ 		666 KB
116 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/theme.min.css
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4f77d73c24a3fd61d1f4bd982df01698a54a40c3ccfe4e21499070aeafba482e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 02 Nov 2022 15:25:33 GMT
etag
W/"681873-1667402733410"
x-frame-options
DENY
vary
accept-encoding
content-type
text/css
accept-ranges
bytes
x-xss-protection
1; mode=block
jquery-3.4.1.js
users.nbe1.main.xfodev.com/authenticationendpoint/libs/jquery_3.4.1/ 		286 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/authenticationendpoint/libs/jquery_3.4.1/jquery-3.4.1.js
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3f80e8e5e1945b57180397b363fb0a747e1e99cf492d59b4f8cd09bfb239f2b4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Sat, 14 Nov 2020 03:48:18 GMT
etag
W/"292564-1605325698000"
x-frame-options
DENY
vary
accept-encoding
content-type
application/javascript
accept-ranges
bytes
x-xss-protection
1; mode=block
logo.svg
users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/assets/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/assets/images/logo.svg
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7a1889130d60a79cb18a1a769211f1489d42bb54da498b5641d6013f5dec5229
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Sat, 14 Nov 2020 03:49:52 GMT
etag
W/"4650-1605325792000"
x-frame-options
DENY
content-type
image/svg+xml
accept-ranges
bytes
content-length
4650
x-xss-protection
1; mode=block
semantic.min.js
users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/ 		269 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/semantic.min.js
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b7c19ea67c8f9b0f6df9fa0c87798a36f728aea3476a648ab4a471c695048052
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Sat, 14 Nov 2020 03:49:52 GMT
etag
W/"275730-1605325792000"
x-frame-options
DENY
vary
accept-encoding
content-type
application/javascript
accept-ranges
bytes
x-xss-protection
1; mode=block
header-logo.png
users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/assets/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/assets/images/header-logo.png
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/theme.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
48740e9d5a82d931b976833281a9cd7ec3a4240ecc9288757916ddccdb33b39f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/theme.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 02 Nov 2022 15:25:33 GMT
etag
W/"3794-1667402733410"
x-frame-options
DENY
content-type
image/png
accept-ranges
bytes
content-length
3794
x-xss-protection
1; mode=block
icons.woff2
users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/assets/fonts/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/assets/fonts/icons.woff2
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/theme.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a12fd41c86a59b4dff636fd500fe325f78e65e9fe867d4cc5961dda45af4034d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://users.nbe1.main.xfodev.com/authenticationendpoint/libs/themes/default/theme.min.css
Origin
https://users.nbe1.main.xfodev.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
last-modified
Sat, 14 Nov 2020 03:49:52 GMT
etag
W/"40148-1605325792000"
x-frame-options
DENY
accept-ranges
bytes
content-length
40148
x-xss-protection
1; mode=block
logincontext
users.nbe1.main.xfodev.com/ 		20 B
195 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://users.nbe1.main.xfodev.com/logincontext?sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&tenantDomain=carbon.super&_=1667498931745
Requested by
Host: users.nbe1.main.xfodev.com
URL: https://users.nbe1.main.xfodev.com/authenticationendpoint/libs/jquery_3.4.1/jquery-3.4.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.220.131.99 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://users.nbe1.main.xfodev.com/authenticationendpoint/login.do?client_id=GklwPmHSQOyTtmXePenvMQPBoe8a&code_challenge=IaTq4eCyEutcuUc5dV9AKeuc840iP8Ov6NLw5k4y3zo&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&nonce=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p&passiveAuth=false&redirect_uri=https%3A%2F%2Fusers.nbe1.main.xfodev.com%2Fsession&response_type=code&scope=openid+profile+email+offline_access+api&state=VFBucU9ZZ0RjUlpnQmdudmlXdXUucEZWNFJ6ZzlvaWZlUWRGT2dyajc2QW5p%3B%252F&tenantDomain=carbon.super&sessionDataKey=25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff&relyingParty=GklwPmHSQOyTtmXePenvMQPBoe8a&type=oidc&sp=nova-session&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL
X-Requested-With
XMLHttpRequest
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 03 Nov 2022 18:08:51 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
content-length
20
x-xss-protection
1; mode=block
content-type
application/json;charset=UTF-8

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| goBack function| showResendReCaptcha function| checkSessionKey function| getParameterByName function| myFunction function| handleNoDomain function| changeUsername

2 Cookies

Domain/Path Name / Value
users.nbe1.main.xfodev.com/authenticationendpoint Name: JSESSIONID
Value: 145FF955403E6E6C551428975402280A3CE3B8EB955BD2477EC2148862D7AA4C7ACF442F18A617E40C195AB93B7A73AB51A22D3011BA8A3ED9F91D1F5490483B246C70F46C66471524FB4038E7405A4573378A4CE524951EF4B416DD8C52BE178C085EB617FD20F9AC62DABD7BEA46883CAEFAA71D4B480FC05551FA2C246335
users.nbe1.main.xfodev.com/ Name: sessionNonceCookie-25cd9f2a-7f2a-4d13-8bcb-717ad66dfdff
Value: 12c6692d-e974-489e-809e-2c90c2a83111

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains