urlscan.io logo urlscan.io
SecurityTrails logo

auth.dev.krd Open in urlscan Pro
93.91.201.48  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://dashboard.myaccount.dev.krd/
Effective URL: https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyaccount-client-bff%26c...
Submission: On July 18 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 93.91.201.48, located in Erbil, Iraq and belongs to NEWROZ-TELECOM-ASN, IQ. The main domain is auth.dev.krd.
TLS certificate: Issued by R10 on July 1st 2024. Valid for: 3 months.
This is the only time auth.dev.krd was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 93.91.201.45 21277 (NEWROZ-TE...)
1 9 93.91.201.48 21277 (NEWROZ-TE...)
8 1
Apex Domain
Subdomains		 Transfer
10 dev.krd
dashboard.myaccount.dev.krd
auth.dev.krd
1 MB
8 1
Domain Requested by
9 auth.dev.krd 1 redirects auth.dev.krd
1 dashboard.myaccount.dev.krd 1 redirects
8 2

This site contains no links.

Subject Issuer Validity Valid
auth.dev.krd
R10		 2024-07-01 -
2024-09-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyaccount-client-bff%26code_challenge%3DJnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20%26code_challenge_method%3DS256%26nonce%3Duq6MdYWyo2X-xtlbwKxaeFvZsufu90WLu9CmJ35Yvu4%26redirect_uri%3Dhttps%253A%252F%252Fdashboard.myaccount.dev.krd%252Fauth%252Fcallback%26response_type%3Dcode%26scope%3Dopenid%2520offline_access%2520myaccount%2520corsight-wrapper-api.faces.detect%2520corsight-wrapper-api.faces.analyze%26state%3Dw7WkMOqy9ipfU-UOLGgiLmU88KRWSqbAK4Os400AwLQ%253A%252F
Frame ID: 9DCC7225CE1D455BE363296D112D0024
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login - Kurdistan Regional Government

Page URL History Show full URLs

  1. https://dashboard.myaccount.dev.krd/ HTTP 302
    https://auth.dev.krd/connect/authorize?client_id=myaccount-client-bff&code_challenge=JnUcv0Q-g8kP... HTTP 302
    https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyac... Page URL

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

1180 kB
Transfer

1173 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dashboard.myaccount.dev.krd/ HTTP 302
    https://auth.dev.krd/connect/authorize?client_id=myaccount-client-bff&code_challenge=JnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20&code_challenge_method=S256&nonce=uq6MdYWyo2X-xtlbwKxaeFvZsufu90WLu9CmJ35Yvu4&redirect_uri=https%3A%2F%2Fdashboard.myaccount.dev.krd%2Fauth%2Fcallback&response_type=code&scope=openid+offline_access+myaccount+corsight-wrapper-api.faces.detect+corsight-wrapper-api.faces.analyze&state=w7WkMOqy9ipfU-UOLGgiLmU88KRWSqbAK4Os400AwLQ%3A%2F HTTP 302
    https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyaccount-client-bff%26code_challenge%3DJnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20%26code_challenge_method%3DS256%26nonce%3Duq6MdYWyo2X-xtlbwKxaeFvZsufu90WLu9CmJ35Yvu4%26redirect_uri%3Dhttps%253A%252F%252Fdashboard.myaccount.dev.krd%252Fauth%252Fcallback%26response_type%3Dcode%26scope%3Dopenid%2520offline_access%2520myaccount%2520corsight-wrapper-api.faces.detect%2520corsight-wrapper-api.faces.analyze%26state%3Dw7WkMOqy9ipfU-UOLGgiLmU88KRWSqbAK4Os400AwLQ%253A%252F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login
auth.dev.krd/Account/
Redirect Chain
  • https://dashboard.myaccount.dev.krd/
  • https://auth.dev.krd/connect/authorize?client_id=myaccount-client-bff&code_challenge=JnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20&code_challenge_method=S256&nonce=uq6MdYWyo2X-xtlbwKxaeFvZsufu90WLu9C...
  • https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyaccount-client-bff%26code_challenge%3DJnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20%26code_challenge_met...
11 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyaccount-client-bff%26code_challenge%3DJnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20%26code_challenge_method%3DS256%26nonce%3Duq6MdYWyo2X-xtlbwKxaeFvZsufu90WLu9CmJ35Yvu4%26redirect_uri%3Dhttps%253A%252F%252Fdashboard.myaccount.dev.krd%252Fauth%252Fcallback%26response_type%3Dcode%26scope%3Dopenid%2520offline_access%2520myaccount%2520corsight-wrapper-api.faces.detect%2520corsight-wrapper-api.faces.analyze%26state%3Dw7WkMOqy9ipfU-UOLGgiLmU88KRWSqbAK4Os400AwLQ%253A%252F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.91.201.48 Erbil, Iraq, ASN21277 (NEWROZ-TELECOM-ASN, IQ),
Reverse DNS
93-91-201-48.newroztelecom.com
Software
Kestrel /
Resource Hash
b44d39678d927e86b606c1ee4b991f1e52fa8b054f099a5557833af323d7b1c9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' https://fonts.googleapis.com https://code.ionicframework.com; font-src 'self' https://fonts.gstatic.com https://code.ionicframework.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; img-src 'self' data:
X-Content-Security-Policy default-src 'self'; style-src 'self' https://fonts.googleapis.com https://code.ionicframework.com; font-src 'self' https://fonts.gstatic.com https://code.ionicframework.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store
content-security-policy
default-src 'self'; style-src 'self' https://fonts.googleapis.com https://code.ionicframework.com; font-src 'self' https://fonts.gstatic.com https://code.ionicframework.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; img-src 'self' data:
content-type
text/html; charset=utf-8
date
Thu, 18 Jul 2024 10:17:38 GMT
pragma
no-cache
referrer-policy
no-referrer
server
Kestrel
x-content-security-policy
default-src 'self'; style-src 'self' https://fonts.googleapis.com https://code.ionicframework.com; font-src 'self' https://fonts.gstatic.com https://code.ionicframework.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; img-src 'self' data:
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

content-length
0
date
Thu, 18 Jul 2024 10:17:37 GMT
location
https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyaccount-client-bff%26code_challenge%3DJnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20%26code_challenge_method%3DS256%26nonce%3Duq6MdYWyo2X-xtlbwKxaeFvZsufu90WLu9CmJ35Yvu4%26redirect_uri%3Dhttps%253A%252F%252Fdashboard.myaccount.dev.krd%252Fauth%252Fcallback%26response_type%3Dcode%26scope%3Dopenid%2520offline_access%2520myaccount%2520corsight-wrapper-api.faces.detect%2520corsight-wrapper-api.faces.analyze%26state%3Dw7WkMOqy9ipfU-UOLGgiLmU88KRWSqbAK4Os400AwLQ%253A%252F
server
Kestrel
site.min.css
auth.dev.krd/css/ 		26 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.dev.krd/css/site.min.css?v=NMIPa4JK_MI_-zHt1pLLszDY3YaaGq2R6reIrwm4VqQ
Requested by
Host: auth.dev.krd
URL: https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyaccount-client-bff%26code_challenge%3DJnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20%26code_challenge_method%3DS256%26nonce%3Duq6MdYWyo2X-xtlbwKxaeFvZsufu90WLu9CmJ35Yvu4%26redirect_uri%3Dhttps%253A%252F%252Fdashboard.myaccount.dev.krd%252Fauth%252Fcallback%26response_type%3Dcode%26scope%3Dopenid%2520offline_access%2520myaccount%2520corsight-wrapper-api.faces.detect%2520corsight-wrapper-api.faces.analyze%26state%3Dw7WkMOqy9ipfU-UOLGgiLmU88KRWSqbAK4Os400AwLQ%253A%252F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.91.201.48 Erbil, Iraq, ASN21277 (NEWROZ-TELECOM-ASN, IQ),
Reverse DNS
93-91-201-48.newroztelecom.com
Software
Kestrel /
Resource Hash
34c20f6b824afcc23ffb31edd692cbb330d8dd869a1aad91eab788af09b856a4

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 10:17:38 GMT
last-modified
Tue, 09 Jan 2024 08:31:30 GMT
server
Kestrel
accept-ranges
bytes
etag
"1da42d63e827528"
content-length
26664
content-type
text/css
logo-horizontal-2x.png
auth.dev.krd/img/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.dev.krd/img/logo-horizontal-2x.png
Requested by
Host: auth.dev.krd
URL: https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyaccount-client-bff%26code_challenge%3DJnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20%26code_challenge_method%3DS256%26nonce%3Duq6MdYWyo2X-xtlbwKxaeFvZsufu90WLu9CmJ35Yvu4%26redirect_uri%3Dhttps%253A%252F%252Fdashboard.myaccount.dev.krd%252Fauth%252Fcallback%26response_type%3Dcode%26scope%3Dopenid%2520offline_access%2520myaccount%2520corsight-wrapper-api.faces.detect%2520corsight-wrapper-api.faces.analyze%26state%3Dw7WkMOqy9ipfU-UOLGgiLmU88KRWSqbAK4Os400AwLQ%253A%252F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.91.201.48 Erbil, Iraq, ASN21277 (NEWROZ-TELECOM-ASN, IQ),
Reverse DNS
93-91-201-48.newroztelecom.com
Software
Kestrel /
Resource Hash
d9faceb91a33c9e7e3917470c2bdd9e613b9ecb34f59e169265f1bdb9ba394d9

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 10:17:38 GMT
last-modified
Tue, 09 Jan 2024 08:31:30 GMT
server
Kestrel
accept-ranges
bytes
etag
"1da42d63e823e5e"
content-length
9054
content-type
image/png
logo-vertical-2x.png
auth.dev.krd/img/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.dev.krd/img/logo-vertical-2x.png
Requested by
Host: auth.dev.krd
URL: https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyaccount-client-bff%26code_challenge%3DJnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20%26code_challenge_method%3DS256%26nonce%3Duq6MdYWyo2X-xtlbwKxaeFvZsufu90WLu9CmJ35Yvu4%26redirect_uri%3Dhttps%253A%252F%252Fdashboard.myaccount.dev.krd%252Fauth%252Fcallback%26response_type%3Dcode%26scope%3Dopenid%2520offline_access%2520myaccount%2520corsight-wrapper-api.faces.detect%2520corsight-wrapper-api.faces.analyze%26state%3Dw7WkMOqy9ipfU-UOLGgiLmU88KRWSqbAK4Os400AwLQ%253A%252F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.91.201.48 Erbil, Iraq, ASN21277 (NEWROZ-TELECOM-ASN, IQ),
Reverse DNS
93-91-201-48.newroztelecom.com
Software
Kestrel /
Resource Hash
c9114c81b8f02e4d15ad3bee4ed95ce967007720f93761027c8a904b94414dfe

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 10:17:38 GMT
last-modified
Tue, 09 Jan 2024 08:31:30 GMT
server
Kestrel
accept-ranges
bytes
etag
"1da42d63e822ad0"
content-length
14288
content-type
image/png
site.min.js
auth.dev.krd/js/ 		92 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.dev.krd/js/site.min.js?v=TV7HI-kyjFT1iqxwc-3L3BCtT7-0N7D1NUFJsNxCzqI
Requested by
Host: auth.dev.krd
URL: https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyaccount-client-bff%26code_challenge%3DJnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20%26code_challenge_method%3DS256%26nonce%3Duq6MdYWyo2X-xtlbwKxaeFvZsufu90WLu9CmJ35Yvu4%26redirect_uri%3Dhttps%253A%252F%252Fdashboard.myaccount.dev.krd%252Fauth%252Fcallback%26response_type%3Dcode%26scope%3Dopenid%2520offline_access%2520myaccount%2520corsight-wrapper-api.faces.detect%2520corsight-wrapper-api.faces.analyze%26state%3Dw7WkMOqy9ipfU-UOLGgiLmU88KRWSqbAK4Os400AwLQ%253A%252F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.91.201.48 Erbil, Iraq, ASN21277 (NEWROZ-TELECOM-ASN, IQ),
Reverse DNS
93-91-201-48.newroztelecom.com
Software
Kestrel /
Resource Hash
4d5ec723e9328c54f58aac7073edcbdc10ad4fbfb437b0f5354149b0dc42cea2

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 10:17:38 GMT
last-modified
Tue, 09 Jan 2024 08:31:30 GMT
server
Kestrel
accept-ranges
bytes
etag
"1da42d63e837396"
content-length
93846
content-type
application/javascript
Inter-var.ttf
auth.dev.krd/fonts/ 		785 KB
788 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://auth.dev.krd/fonts/Inter-var.ttf
Requested by
Host: auth.dev.krd
URL: https://auth.dev.krd/css/site.min.css?v=NMIPa4JK_MI_-zHt1pLLszDY3YaaGq2R6reIrwm4VqQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.91.201.48 Erbil, Iraq, ASN21277 (NEWROZ-TELECOM-ASN, IQ),
Reverse DNS
93-91-201-48.newroztelecom.com
Software
Kestrel /
Resource Hash
b9a8e5e213977665be2a56db66945a16c686da3d9861af1e7851322cf15495ea

Request headers

Referer
https://auth.dev.krd/css/site.min.css?v=NMIPa4JK_MI_-zHt1pLLszDY3YaaGq2R6reIrwm4VqQ
Origin
https://auth.dev.krd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 10:17:38 GMT
last-modified
Tue, 09 Jan 2024 08:31:30 GMT
server
Kestrel
accept-ranges
bytes
etag
"1da42d63e8e5f38"
content-length
803384
content-type
application/x-font-ttf
droid-arabic.woff2
auth.dev.krd/fonts/ 		113 KB
114 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://auth.dev.krd/fonts/droid-arabic.woff2
Requested by
Host: auth.dev.krd
URL: https://auth.dev.krd/css/site.min.css?v=NMIPa4JK_MI_-zHt1pLLszDY3YaaGq2R6reIrwm4VqQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.91.201.48 Erbil, Iraq, ASN21277 (NEWROZ-TELECOM-ASN, IQ),
Reverse DNS
93-91-201-48.newroztelecom.com
Software
Kestrel /
Resource Hash
b401107106c5b1bfde5a7d9b5cb95f0c9290d03cd7ba80480fa699f957f781f4

Request headers

Referer
https://auth.dev.krd/css/site.min.css?v=NMIPa4JK_MI_-zHt1pLLszDY3YaaGq2R6reIrwm4VqQ
Origin
https://auth.dev.krd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 10:17:38 GMT
last-modified
Tue, 09 Jan 2024 08:31:30 GMT
server
Kestrel
accept-ranges
bytes
etag
"1da42d63e83d838"
content-length
116024
content-type
font/woff2
favicon.ico
auth.dev.krd/ 		123 KB
124 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://auth.dev.krd/favicon.ico?v=DotTsd20zhiht5SAASOPQdnA4efpIR6-uMw6Wz0dJTc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.91.201.48 Erbil, Iraq, ASN21277 (NEWROZ-TELECOM-ASN, IQ),
Reverse DNS
93-91-201-48.newroztelecom.com
Software
Kestrel /
Resource Hash
0e8b53b1ddb4ce18a1b7948001238f41d9c0e1e7e9211ebeb8cc3a5b3d1d2537

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 10:17:39 GMT
last-modified
Tue, 09 Jan 2024 08:31:30 GMT
server
Kestrel
accept-ranges
bytes
etag
"1da42d63e83f092"
content-length
126354
content-type
image/x-icon

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dropdown object| fido object| site function| $ function| jQuery

4 Cookies

Domain/Path Name / Value
dashboard.myaccount.dev.krd/ Name: myaccount-auth_csrf
Value: KrRkLk_-9wX4iwIVsAqqo-0wJrVE3QuZmkV8D4yL6UMzjk0svYgxNx9tXAO1qwqDtAvVQT8EDm76q8hnTbMI6NBiccKyOLJc7TVTG9HD_9vdh9ggLS8weDNTnNzOByA6U7bBOiFBRiAnjBZ8CkdyvUZ8Nv8fR95mpSWz5EGnkEiPUnN3VFGJ2wSShAvAjGItxpEyAvfnybeEiIoReUw0-U9G5ymNy1957lej5ljTZChz0qb1Mc8F5ZyMuefIUw==|1721297858|bSe_yupND57iEvl8ZZcZMHTriQG3EFpjgWvIuTf8nUE=
dashboard.myaccount.dev.krd/ Name: BIGipServer~k8s-dev~Shared~traefik_443_traefik_dashboard_myaccount_dev_krd
Value: 3643935242.31095.0000
auth.dev.krd/ Name: BIGipServer~k8s-dev~Shared~traefik_443_traefik_auth_dev_krd
Value: 3660712458.31095.0000
auth.dev.krd/ Name: .AspNetCore.Antiforgery.9TtSrW0hzOs
Value: CfDJ8BEQeL1pF1tCqub5H73395-FKd0V4gd-Dmw1Y10Li_Ibk3D6ldi89-__VmV4yIKS6BZfpYCT-hfJWDQ9dAC6Zz5Z6aGGmgjRSa162AZpVnTPwALR-RXUmphEd2CInLHhLrocpjL3j_Z1fINKNIGBmqk

1 Console Messages

Source Level URL
Text
security warning URL: https://auth.dev.krd/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmyaccount-client-bff%26code_challenge%3DJnUcv0Q-g8kP7USsXsvgoj1ZufMuN_BYf_CUSc54Q20%26code_challenge_method%3DS256%26nonce%3Duq6MdYWyo2X-xtlbwKxaeFvZsufu90WLu9CmJ35Yvu4%26redirect_uri%3Dhttps%253A%252F%252Fdashboard.myaccount.dev.krd%252Fauth%252Fcallback%26response_type%3Dcode%26scope%3Dopenid%2520offline_access%2520myaccount%2520corsight-wrapper-api.faces.detect%2520corsight-wrapper-api.faces.analyze%26state%3Dw7WkMOqy9ipfU-UOLGgiLmU88KRWSqbAK4Os400AwLQ%253A%252F
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; style-src 'self' https://fonts.googleapis.com https://code.ionicframework.com; font-src 'self' https://fonts.gstatic.com https://code.ionicframework.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; img-src 'self' data:
X-Content-Security-Policy default-src 'self'; style-src 'self' https://fonts.googleapis.com https://code.ionicframework.com; font-src 'self' https://fonts.gstatic.com https://code.ionicframework.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN