urlscan.io logo urlscan.io
SecurityTrails logo

auth.bcc.no Open in urlscan Pro
142.250.180.211  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://discord.developer.bcc.no/
Effective URL: https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthor...
Submission Tags: phishingrod
Submission: On February 16 via api from DE — Scanned from NO
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 13 HTTP transactions. The main IP is 142.250.180.211, located in United States and belongs to GOOGLE, US. The main domain is auth.bcc.no.
TLS certificate: Issued by GTS CA 1D4 on January 5th 2023. Valid for: 3 months.
This is the only time auth.bcc.no was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 20.82.13.59 8075 (MICROSOFT...)
2 142.251.39.74 15169 (GOOGLE)
1 1 104.17.235.88 13335 (CLOUDFLAR...)
4 142.250.180.211 15169 (GOOGLE)
1 142.250.201.195 15169 (GOOGLE)
1 142.250.184.200 15169 (GOOGLE)
1 216.239.34.36 15169 (GOOGLE)
13 7
4    20.82.13.59 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
discord.developer.bcc.no
2    142.251.39.74 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s39-in-f10.1e100.net
fonts.googleapis.com
1    104.17.235.88 (None, )

ASN13335 (CLOUDFLARENET, US)
login.bcc.no
4    142.250.180.211 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s33-in-f19.1e100.net
auth.bcc.no
1    142.250.201.195 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s35-in-f3.1e100.net
fonts.gstatic.com
1    142.250.184.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f8.1e100.net
www.googletagmanager.com
1    216.239.34.36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
Apex Domain
Subdomains		 Transfer
9 bcc.no
discord.developer.bcc.no
login.bcc.no
auth.bcc.no
245 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 43
1 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2506
252 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 50
76 KB
1 gstatic.com
fonts.gstatic.com
31 KB
13 5
Domain Requested by
4 auth.bcc.no discord.developer.bcc.no
auth.bcc.no
4 discord.developer.bcc.no discord.developer.bcc.no
2 fonts.googleapis.com discord.developer.bcc.no
auth.bcc.no
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com auth.bcc.no
1 fonts.gstatic.com fonts.googleapis.com
1 login.bcc.no 1 redirects
13 7

This site contains no links.

Subject Issuer Validity Valid
discord.developer.bcc.no
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2023-02-16 -
2023-08-16		 6 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-01-31 -
2023-04-25		 3 months crt.sh
auth.bcc.no
GTS CA 1D4		 2023-01-05 -
2023-04-05		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-01-31 -
2023-04-25		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-02-01 -
2023-04-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a
Frame ID: CADC65F4A444A1033D8E13CE068D2E34
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BCC Sign-on: General error

Page URL History Show full URLs

  1. https://discord.developer.bcc.no/ Page URL
  2. https://login.bcc.no/authorize?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&audience=api.bcc.no&red... HTTP 302
    https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

7
IPs

3
Countries

353 kB
Transfer

938 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://discord.developer.bcc.no/ Page URL
  2. https://login.bcc.no/authorize?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&audience=api.bcc.no&redirect_uri=https%3A%2F%2Fdiscord.developer.bcc.no&scope=openid%20profile%20email&response_type=code&response_mode=query&state=ZFJrb191Zm0zLlRjQnEyY1RxNFhJZ2luWTBlQi5yZFY0Tk9LUC1WYjRzYg%3D%3D&nonce=TERVZ2RjZWlrNFFXOVpwM0g2Y3FfVEhoemd0eEE3U3JGdUxpdjUxUG1EQg%3D%3D&code_challenge=pCvYKD4YXPpJmtF8nP00FVkLtVT5nPtyycXYeyAyjhc&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtdnVlIiwidmVyc2lvbiI6IjEuMC4yIn0%3D HTTP 302
    https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
discord.developer.bcc.no/ 		1 KB
891 B 		Document
General
Check archive.org
Download Go to
Full URL
https://discord.developer.bcc.no/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.82.13.59 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6be4989dfb300507dd23541f0eec22ef63820480330565e9f7a489d22c91d914
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

Cache-Control
public, must-revalidate, max-age=30
Content-Encoding
br
Content-Type
text/html
Date
Thu, 16 Feb 2023 14:43:52 GMT
ETag
"32617020"
Last-Modified
Thu, 16 Feb 2023 14:03:17 GMT
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=10886400; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
off
X-XSS-Protection
1; mode=block
css2
fonts.googleapis.com/ 		2 KB
884 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Barlow:wght@400;600&display=swap
Requested by
Host: discord.developer.bcc.no
URL: https://discord.developer.bcc.no/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.39.74 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s39-in-f10.1e100.net
Software
ESF /
Resource Hash
05eb997bf20497187867c2ed332fb1d8286aad72714e56dc6b91ea7eb7c147fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 Feb 2023 14:43:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 Feb 2023 14:43:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Feb 2023 14:43:53 GMT
index.f1a5038a.js
discord.developer.bcc.no/assets/ 		175 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://discord.developer.bcc.no/assets/index.f1a5038a.js
Requested by
Host: discord.developer.bcc.no
URL: https://discord.developer.bcc.no/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.82.13.59 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ca4facaaac97b267539ae1323e56a12cd9b93705aad84b2c6f712b1f14525f5f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://discord.developer.bcc.no/
Origin
https://discord.developer.bcc.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Thu, 16 Feb 2023 14:43:52 GMT
Content-Encoding
br
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=10886400; includeSubDomains; preload
Last-Modified
Thu, 16 Feb 2023 14:03:17 GMT
X-Content-Type-Options
nosniff
ETag
"32617020"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/javascript
X-DNS-Prefetch-Control
off
Cache-Control
public, must-revalidate, max-age=30
X-XSS-Protection
1; mode=block
index.256a8001.css
discord.developer.bcc.no/assets/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://discord.developer.bcc.no/assets/index.256a8001.css
Requested by
Host: discord.developer.bcc.no
URL: https://discord.developer.bcc.no/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.82.13.59 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
256a8001334c2e35385f7cf9fec14e9b5e54c3b6bf8c2cd9aa4dbebfd5b5c4c2
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://discord.developer.bcc.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Thu, 16 Feb 2023 14:43:52 GMT
Content-Encoding
br
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=10886400; includeSubDomains; preload
Last-Modified
Thu, 16 Feb 2023 14:03:17 GMT
X-Content-Type-Options
nosniff
ETag
"32617020"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-DNS-Prefetch-Control
off
Cache-Control
public, must-revalidate, max-age=30
X-XSS-Protection
1; mode=block
Home.bf82ee25.js
discord.developer.bcc.no/assets/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://discord.developer.bcc.no/assets/Home.bf82ee25.js
Requested by
Host: discord.developer.bcc.no
URL: https://discord.developer.bcc.no/assets/index.f1a5038a.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.82.13.59 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a0526308c55f39c2599856673d7396c3a6e2072f2141925f5068779046fdee18
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://discord.developer.bcc.no/
Origin
https://discord.developer.bcc.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Thu, 16 Feb 2023 14:43:53 GMT
Content-Encoding
br
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=10886400; includeSubDomains; preload
Last-Modified
Thu, 16 Feb 2023 14:03:17 GMT
X-Content-Type-Options
nosniff
ETag
"32617020"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/javascript
X-DNS-Prefetch-Control
off
Cache-Control
public, must-revalidate, max-age=30
X-XSS-Protection
1; mode=block
Primary Request /
auth.bcc.no/
Redirect Chain
  • https://login.bcc.no/authorize?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&audience=api.bcc.no&redirect_uri=https%3A%2F%2Fdiscord.developer.bcc.no&scope=openid%20profile%20email&response_type=code&r...
  • https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord....
4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a
Requested by
Host: discord.developer.bcc.no
URL: https://discord.developer.bcc.no/assets/index.f1a5038a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.180.211 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s33-in-f19.1e100.net
Software
Google Frontend / Express
Resource Hash
737e1d8da6abbce2fc57febc26f2c0ea55b1004fb7851495fcf076f172128d3c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
no-NO,no;q=0.9

Response headers

accept-ranges
bytes
cache-control
public, max-age=0
content-length
4170
content-type
text/html; charset=UTF-8
date
Thu, 16 Feb 2023 14:43:54 GMT
etag
W/"104a-1860740dda8"
last-modified
Tue, 31 Jan 2023 09:55:37 GMT
referrer-policy
unsafe-url
server
Google Frontend
x-cloud-trace-context
db9da13289ea864f788f2640f1653af0;o=1
x-powered-by
Express

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, max-age=0, no-transform
cf-cache-status
DYNAMIC
cf-ray
79a70ee688100b4d-OSL
content-length
694
content-type
text/html; charset=utf-8
date
Thu, 16 Feb 2023 14:43:54 GMT
location
https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a
ot-baggage-auth0-request-id
79a70ee688100b4d
ot-tracer-sampled
true
ot-tracer-spanid
304ff0ae0a2f4de9
ot-tracer-traceid
5620ac6031386c47
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=31536000
traceparent
00-00000000000000005620ac6031386c47-304ff0ae0a2f4de9-01
tracestate
auth0-request-id=79a70ee688100b4d,auth0=true
vary
Accept, Accept-Encoding
x-auth0-requestid
629920bc26a5d0bc0c0a
x-content-type-options
nosniff
x-ratelimit-limit
300
x-ratelimit-remaining
299
x-ratelimit-reset
1676558635
index.9361b2e5.js
auth.bcc.no/assets/ 		448 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.bcc.no/assets/index.9361b2e5.js
Requested by
Host: auth.bcc.no
URL: https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.180.211 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s33-in-f19.1e100.net
Software
Google Frontend / Express
Resource Hash
e7cdcc359316a7b0d7c1b30a439c62e42712660c46169b1456c2d39d178d2161

Request headers

Referer
https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a
Origin
https://auth.bcc.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 16 Feb 2023 14:43:54 GMT
content-encoding
gzip
referrer-policy
unsafe-url
last-modified
Tue, 31 Jan 2023 09:55:37 GMT
server
Google Frontend
x-powered-by
Express
etag
W/"6ff7f-1860740dda8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
accept-ranges
bytes
index.d5e89c3e.css
auth.bcc.no/assets/ 		12 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.bcc.no/assets/index.d5e89c3e.css
Requested by
Host: auth.bcc.no
URL: https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.180.211 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s33-in-f19.1e100.net
Software
Google Frontend / Express
Resource Hash
d5e89c3e1fc0af6b8e0eb6594a3c43e71187a13d1a5bde294f4101e901efa1f4

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 16 Feb 2023 14:43:54 GMT
content-encoding
gzip
referrer-policy
unsafe-url
last-modified
Tue, 31 Jan 2023 09:55:37 GMT
server
Google Frontend
x-powered-by
Express
etag
W/"3166-1860740dda8"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
accept-ranges
bytes
BCC_logo_new.31b72d4c.png
auth.bcc.no/assets/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.bcc.no/assets/BCC_logo_new.31b72d4c.png
Requested by
Host: auth.bcc.no
URL: https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.180.211 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s33-in-f19.1e100.net
Software
Google Frontend / Express
Resource Hash
31b72d4c8a589b83e300b54fbd7ad7797f3f0d2075a3a458b0c36e92cfdc18e6

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 16 Feb 2023 14:43:54 GMT
referrer-policy
unsafe-url
last-modified
Tue, 31 Jan 2023 09:55:37 GMT
server
Google Frontend
x-powered-by
Express
etag
W/"6bd6-1860740dda8"
content-type
image/png
x-cloud-trace-context
31410eacb84bb1152cf9fd8490ef5c95
cache-control
public, max-age=0
accept-ranges
bytes
content-length
27606
css2
fonts.googleapis.com/ 		2 KB
589 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Archivo:wght@500;700&display=swap
Requested by
Host: auth.bcc.no
URL: https://auth.bcc.no/assets/index.d5e89c3e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.39.74 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s39-in-f10.1e100.net
Software
ESF /
Resource Hash
988d9c327564bcef017313d1335b21493e69a51841ed3e319103276a48b8a0f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://auth.bcc.no/assets/index.d5e89c3e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 Feb 2023 14:43:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 Feb 2023 14:43:54 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Feb 2023 14:43:54 GMT
k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
fonts.gstatic.com/s/archivo/v18/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Archivo:wght@500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.201.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s35-in-f3.1e100.net
Software
sffe /
Resource Hash
68c831b3324ca6fea43d48681ac2b9338b794ecdb60ff7fa7059a997d4007604
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://auth.bcc.no
accept-language
no-NO,no;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 16 Feb 2023 12:41:45 GMT
x-content-type-options
nosniff
age
7330
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31516
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 19:34:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 16 Feb 2024 12:41:45 GMT
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
982ff38e096bf6b325b802a7e45324c0340e14d035062a50de205c20acdd655f

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://auth.bcc.no/assets/index.d5e89c3e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type
image/svg+xml
js
www.googletagmanager.com/gtag/ 		215 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-DMNCQ6FZQ2
Requested by
Host: auth.bcc.no
URL: https://auth.bcc.no/assets/index.9361b2e5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
dd9daa292bb45cb588ad71232a3c09d0c07827435bfe963cdf0fb5f0dd717065
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 16 Feb 2023 14:43:56 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
77335
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 16 Feb 2023 14:43:56 GMT
collect
region1.google-analytics.com/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-DMNCQ6FZQ2&gtm=45je32f0&_p=1118774813&cid=1512534355.1676558636&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1676558636&sct=1&seg=0&dl=https%3A%2F%2Fauth.bcc.no%2F%3Fclient_id%3DF17tny0a4z55HysZmdppNF0RCLTMiyet%26connection%3D%26lang%3Dno-NO%252Cno%253Bq%253D0.9%26error%3Dunauthorized_client%26error_description%3DCallback%2520URL%2520mismatch.%2520https%253A%252F%252Fdiscord.developer.bcc.no%2520is%2520not%2520in%2520the%2520list%2520of%2520allowed%2520callback%2520URLs%26tracking%3D629920bc26a5d0bc0c0a&dt=BCC%20Sign-on%3A%20General%20error&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DMNCQ6FZQ2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
no-NO,no;q=0.9
Referer
https://auth.bcc.no/?client_id=F17tny0a4z55HysZmdppNF0RCLTMiyet&connection=&lang=no-NO%2Cno%3Bq%3D0.9&error=unauthorized_client&error_description=Callback%20URL%20mismatch.%20https%3A%2F%2Fdiscord.developer.bcc.no%20is%20not%20in%20the%20list%20of%20allowed%20callback%20URLs&tracking=629920bc26a5d0bc0c0a
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Feb 2023 14:43:56 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://auth.bcc.no
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange object| __dynProto$Gbl object| google_tag_manager object| google_tag_data object| dataLayer function| gtag function| onYouTubeIframeAPIReady object| __ga4React__ object| gaGlobal

6 Cookies

Domain/Path Name / Value
login.bcc.no/ Name: did
Value: s%3Av0%3A55cd1b30-ae08-11ed-a580-275689f1af58.k3Fv%2B55Sp7zg2veP9TSqi0afsEvF1P9UdwMbdDE2lNY
login.bcc.no/ Name: did_compat
Value: s%3Av0%3A55cd1b30-ae08-11ed-a580-275689f1af58.k3Fv%2B55Sp7zg2veP9TSqi0afsEvF1P9UdwMbdDE2lNY
.login.bcc.no/ Name: __cf_bm
Value: N1o.zfm5q0C9TE1aEYK3qDrewmKmbSg1G.XHKevhnlQ-1676558634-0-Abm7K5xelow3E5NoeQN9ASDQ+GmmpHbHKb9soGSDDjs9LIl9KjglPFC7gKboi7An7zJDbL4u0Lec74xh9bLllTQ=
auth.bcc.no/ Name: ai_user
Value: 3uWmP1RmSFm4S7o+XLISPJ|2023-02-16T14:43:55.129Z
.bcc.no/ Name: _ga
Value: GA1.1.1512534355.1676558636
.bcc.no/ Name: _ga_DMNCQ6FZQ2
Value: GS1.1.1676558636.1.0.1676558636.0.0.0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block