urlscan.io logo urlscan.io
SecurityTrails logo

hikkimfx.beget.tech Open in urlscan Pro
87.236.19.156  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://hikkimfx.beget.tech/
Submission: On February 21 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 87.236.19.156, located in Russian Federation and belongs to BEGET-AS, RU. The main domain is hikkimfx.beget.tech.
This is the only time hikkimfx.beget.tech was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

1    87.236.19.156 (Russian Federation)

ASN198610 (BEGET-AS, RU)
PTR: m2.hulk.beget.com
hikkimfx.beget.tech
5    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.gstatic.com
2    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.youtube.com
1    2a00:1450:400d:808::2004 (Ireland)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
7 gstatic.com
ssl.gstatic.com
fonts.gstatic.com
52 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
234 B
1 youtube.com
accounts.youtube.com — Cisco Umbrella Rank: 842
1 beget.tech
hikkimfx.beget.tech
24 KB
10 4
Domain Requested by
5 ssl.gstatic.com hikkimfx.beget.tech
2 fonts.gstatic.com hikkimfx.beget.tech
1 www.google.com
1 accounts.youtube.com hikkimfx.beget.tech
1 hikkimfx.beget.tech
10 5

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com
www.google.com
Subject Issuer Validity Valid
*.google.com
GTS CA 1C3		 2023-02-01 -
2023-04-26		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-02-01 -
2023-04-26		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://hikkimfx.beget.tech/
Frame ID: F40949287E6561DA69B4608C0EA701B6
Requests: 9 HTTP requests in this frame

Frame: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2062966695&timestamp=1676985965550
Frame ID: BB431F71A062F235124FC05A9287FF4B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in - Google Accounts

Page Statistics

10
Requests

20 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

76 kB
Transfer

117 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
hikkimfx.beget.tech/ 		69 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://hikkimfx.beget.tech/
Protocol
HTTP/1.1
Server
87.236.19.156 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
m2.hulk.beget.com
Software
nginx-reuseport/1.21.1 /
Resource Hash
f7462c9565fdbb7dac45459ed6c584aa7c102889b3f526f635cbc6a0954f559e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 21 Feb 2023 13:26:05 GMT
ETag
W/"11547-5f511304d3079"
Keep-Alive
timeout=30
Last-Modified
Sun, 19 Feb 2023 17:50:57 GMT
Server
nginx-reuseport/1.21.1
Transfer-Encoding
chunked
Vary
Accept-Encoding
logo_2x.png
ssl.gstatic.com/accounts/ui/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ssl.gstatic.com/accounts/ui/logo_2x.png
Requested by
Host: hikkimfx.beget.tech
URL: http://hikkimfx.beget.tech/
Protocol
HTTP/1.1
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
749ecb257b4dabd6c2d346578fcbe63a96bf94c1f2366496409296167f03b7a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://hikkimfx.beget.tech/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 10:24:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Oct 2019 10:15:00 GMT
Server
sffe
Age
10908
Report-To
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Type
image/png
Cache-Control
public, max-age=31536000
Cross-Origin-Resource-Policy
cross-origin
Accept-Ranges
bytes
Content-Length
5274
X-XSS-Protection
0
Cross-Origin-Opener-Policy-Report-Only
same-origin; report-to="static-on-bigtable"
Expires
Wed, 21 Feb 2024 10:24:17 GMT
avatar_2x.png
ssl.gstatic.com/accounts/ui/ 		626 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ssl.gstatic.com/accounts/ui/avatar_2x.png
Requested by
Host: hikkimfx.beget.tech
URL: http://hikkimfx.beget.tech/
Protocol
HTTP/1.1
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cdcc6d6dcda827a694dce8bfa9a1ab41113b629ef1cc11f886866af9194c81d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://hikkimfx.beget.tech/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Thu, 16 Feb 2023 19:50:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 30 Dec 2021 12:48:00 GMT
Server
sffe
Age
408948
Report-To
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Type
image/png
Cache-Control
public, max-age=31536000
Cross-Origin-Resource-Policy
cross-origin
Accept-Ranges
bytes
Content-Length
626
X-XSS-Protection
0
Cross-Origin-Opener-Policy-Report-Only
same-origin; report-to="static-on-bigtable"
Expires
Fri, 16 Feb 2024 19:50:17 GMT
logo_strip_2x.png
ssl.gstatic.com/accounts/ui/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ssl.gstatic.com/accounts/ui/logo_strip_2x.png
Requested by
Host: hikkimfx.beget.tech
URL: http://hikkimfx.beget.tech/
Protocol
HTTP/1.1
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b2d3305551055e5d28aea38f218ee6ff6006afb8c80cc4f206a206bcb758df7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://hikkimfx.beget.tech/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Thu, 16 Feb 2023 18:07:41 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Oct 2019 10:15:00 GMT
Server
sffe
Age
415104
Report-To
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Type
image/png
Cache-Control
public, max-age=31536000
Cross-Origin-Resource-Policy
cross-origin
Accept-Ranges
bytes
Content-Length
10297
X-XSS-Protection
0
Cross-Origin-Opener-Policy-Report-Only
same-origin; report-to="static-on-bigtable"
Expires
Fri, 16 Feb 2024 18:07:41 GMT
universal_language_settings-21.png
ssl.gstatic.com/images/icons/ui/common/ 		199 B
805 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ssl.gstatic.com/images/icons/ui/common/universal_language_settings-21.png
Requested by
Host: hikkimfx.beget.tech
URL: http://hikkimfx.beget.tech/
Protocol
HTTP/1.1
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://hikkimfx.beget.tech/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Thu, 16 Feb 2023 14:40:49 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Oct 2019 10:15:00 GMT
Server
sffe
Age
427516
Report-To
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Type
image/png
Cache-Control
public, max-age=31536000
Cross-Origin-Resource-Policy
cross-origin
Accept-Ranges
bytes
Content-Length
199
X-XSS-Protection
0
Cross-Origin-Opener-Policy-Report-Only
same-origin; report-to="static-on-bigtable"
Expires
Fri, 16 Feb 2024 14:40:49 GMT
checkmark.png
ssl.gstatic.com/ui/v1/menu/ 		239 B
990 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ssl.gstatic.com/ui/v1/menu/checkmark.png
Requested by
Host: hikkimfx.beget.tech
URL: http://hikkimfx.beget.tech/
Protocol
HTTP/1.1
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2210e36b5b21e54cd4dc2ccdcc06138db8598d704ebf19052e5caa84edb4a675
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://hikkimfx.beget.tech/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Thu, 16 Feb 2023 18:07:42 GMT
X-Content-Type-Options
nosniff
Age
415103
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gstatic-ui-assets
Cross-Origin-Resource-Policy
cross-origin
Content-Length
239
X-XSS-Protection
0
Last-Modified
Tue, 03 Mar 2020 20:15:00 GMT
Server
sffe
Vary
Origin
Report-To
{"group":"gstatic-ui-assets","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gstatic-ui-assets"}]}
Content-Type
image/png
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Cross-Origin-Opener-Policy-Report-Only
same-origin; report-to="gstatic-ui-assets"
Expires
Fri, 16 Feb 2024 18:07:42 GMT
DXI1ORHCpsQm3Vp6mXoaTegdm0LZdjqr5-oayXSOefg.woff2
fonts.gstatic.com/s/opensans/v10/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/opensans/v10/DXI1ORHCpsQm3Vp6mXoaTegdm0LZdjqr5-oayXSOefg.woff2
Requested by
Host: hikkimfx.beget.tech
URL: http://hikkimfx.beget.tech/
Protocol
HTTP/1.1
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
30427ab021a9d28d0f9724a8565c2463ee5a3938417dd0750d58ab79ac07cf12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hikkimfx.beget.tech/
Origin
http://hikkimfx.beget.tech
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Thu, 16 Feb 2023 15:16:55 GMT
X-Content-Type-Options
nosniff
Age
425350
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
16212
X-XSS-Protection
0
Last-Modified
Thu, 21 Aug 2014 18:08:10 GMT
Server
sffe
Cross-Origin-Opener-Policy
same-origin; report-to="apps-themes"
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Fri, 16 Feb 2024 15:16:55 GMT
cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2
fonts.gstatic.com/s/opensans/v10/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2
Requested by
Host: hikkimfx.beget.tech
URL: http://hikkimfx.beget.tech/
Protocol
HTTP/1.1
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3135160ee3b34e2d1e58bf80944a1ed2cef3f073528ea98f11916a397b4c6ac9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hikkimfx.beget.tech/
Origin
http://hikkimfx.beget.tech
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Thu, 16 Feb 2023 02:32:31 GMT
X-Content-Type-Options
nosniff
Age
471214
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
15556
X-XSS-Protection
0
Last-Modified
Thu, 21 Aug 2014 18:06:58 GMT
Server
sffe
Cross-Origin-Opener-Policy
same-origin; report-to="apps-themes"
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Fri, 16 Feb 2024 02:32:31 GMT
CheckConnection
accounts.youtube.com/accounts/ Frame BB43 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2062966695&timestamp=1676985965550
Requested by
Host: hikkimfx.beget.tech
URL: http://hikkimfx.beget.tech/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://accounts.google.com script-src 'report-sample' 'nonce-Op9ugxyT_3pfuDWcAIOC4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://accounts.google.com
X-Xss-Protection 0

Request headers

Referer
http://hikkimfx.beget.tech/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
frame-ancestors https://accounts.google.com script-src 'report-sample' 'nonce-Op9ugxyT_3pfuDWcAIOC4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Tue, 21 Feb 2023 13:26:05 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
server
ESF
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://accounts.google.com
x-xss-protection
0
csi
www.google.com/ 		0
234 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/csi?v=3&s=accounts&action=WebFont&it=font1_ttfb.28,font1_ctlb.41,font1_start.233,font1_duration.42,font1_completion.275,font2_ttfb.28,font2_ctlb.42,font2_start.234,font2_duration.42,font2_completion.276&srt=207&tbsrt=229&tran=15&e=includeCsiBeacon&rt=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:808::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://hikkimfx.beget.tech/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Feb 2023 13:26:05 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| oncontentvisibilityautostatechange object| jstiming function| gaia_attachEvent object| G function| Gb function| Ga object| Gc function| Gf function| Gg function| Gh function| Gd function| Ge function| Gi function| Gj function| Gl function| Gk object| Gm object| Gn function| Go function| Gp object| Gq object| Gr object| Gs object| Gt function| Gu function| Gv function| Gw function| Gx function| G_checkConnectionMain function| G_setPostMessageSupportFlag object| __CHECK_CONNECTION_CONFIG object| botguard function| gaia_parseFragment function| gaia_prefillEmail object| hashParams function| gaia_setFocus function| gaia_scrollToElement function| onMessage function| gaia_onChromeLoginSubmit function| gaia_onLoginSubmit function| CSIT function| CSITa function| CSITb function| reportFontTimer

0 Cookies

1 Console Messages

Source Level URL
Text
security error
Message:
Refused to frame 'https://accounts.youtube.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://accounts.google.com".