urlscan.io logo urlscan.io
SecurityTrails logo

flowableaccount.b2clogin.com Open in urlscan Pro
20.190.159.68  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://work.prod.account.flowable.io/
Effective URL: https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=c...
Submission: On January 12 via automatic, source certstream-suspicious — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 11 HTTP transactions. The main IP is 20.190.159.68, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is flowableaccount.b2clogin.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on October 19th 2022. Valid for: a year.
This is the only time flowableaccount.b2clogin.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 20.126.191.40 8075 (MICROSOFT...)
3 20.190.159.68 8075 (MICROSOFT...)
4 20.60.251.161 8075 (MICROSOFT...)
1 142.250.201.202 15169 (GOOGLE)
3 142.250.74.195 15169 (GOOGLE)
11 4
2    20.126.191.40 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
work.prod.account.flowable.io
3    20.190.159.68 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
flowableaccount.b2clogin.com
4    20.60.251.161 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
customoauthview.blob.core.windows.net
1    142.250.201.202 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s35-in-f10.1e100.net
fonts.googleapis.com
3    142.250.74.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f3.1e100.net
fonts.gstatic.com
Domain Requested by
4 customoauthview.blob.core.windows.net flowableaccount.b2clogin.com
customoauthview.blob.core.windows.net
3 fonts.gstatic.com fonts.googleapis.com
3 flowableaccount.b2clogin.com flowableaccount.b2clogin.com
2 work.prod.account.flowable.io 2 redirects
1 fonts.googleapis.com flowableaccount.b2clogin.com
11 5

This site contains links to these domains. Also see Links.

Domain
deploy-preview-362--flowable3x.netlify.app
Subject Issuer Validity Valid
graph.windows.net
DigiCert SHA2 Secure Server CA		 2022-10-19 -
2023-10-19		 a year crt.sh
*.blob.core.windows.net
Microsoft RSA TLS CA 01		 2022-12-20 -
2023-12-20		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1c-71ae-40c4-85cc-22adff89ea1d%20openid%20profile%20email&state=tbPTnT5A-B6_GsiHKoiiJO0qJ005fOjzHOx2Z3yoSbs%3D&redirect_uri=https://work.prod.account.flowable.io/login/oauth2/code/azure&nonce=WIPXtrqy3CuNMnVOLsL7v3TwoYbXyatjOn2sXtLJaOA
Frame ID: 5DD65F9A1C3A810D2E776CD5B9047094
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Flowable Cloud | Try Flowable Work now

Page URL History Show full URLs

  1. https://work.prod.account.flowable.io/ HTTP 302
    https://work.prod.account.flowable.io/oauth2/authorization/azure HTTP 302
    https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SI... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

757 kB
Transfer

1033 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://work.prod.account.flowable.io/ HTTP 302
    https://work.prod.account.flowable.io/oauth2/authorization/azure HTTP 302
    https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1c-71ae-40c4-85cc-22adff89ea1d%20openid%20profile%20email&state=tbPTnT5A-B6_GsiHKoiiJO0qJ005fOjzHOx2Z3yoSbs%3D&redirect_uri=https://work.prod.account.flowable.io/login/oauth2/code/azure&nonce=WIPXtrqy3CuNMnVOLsL7v3TwoYbXyatjOn2sXtLJaOA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request authorize
flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/
Redirect Chain
  • https://work.prod.account.flowable.io/
  • https://work.prod.account.flowable.io/oauth2/authorization/azure
  • https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1...
431 KB
157 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1c-71ae-40c4-85cc-22adff89ea1d%20openid%20profile%20email&state=tbPTnT5A-B6_GsiHKoiiJO0qJ005fOjzHOx2Z3yoSbs%3D&redirect_uri=https://work.prod.account.flowable.io/login/oauth2/code/azure&nonce=WIPXtrqy3CuNMnVOLsL7v3TwoYbXyatjOn2sXtLJaOA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.159.68 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7c379e8ad6393765f0d995d69881776533188b484351e7ca1e92a31d4140988c
Security Headers
Name Value
Content-Security-Policy script-src 'strict-dynamic' 'self' 'nonce-d06pVWSsQsi9ebmODiG7pQ==' 'report-sample'; report-uri /flowableaccount.onmicrosoft.com/B2C_1A_FLW_signup_signin/client/cspreport?p=B2C_1A_FLW_signup_signin
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Allow
OPTIONS TRACE GET HEAD POST
Cache-Control
no-store, must-revalidate, no-cache
Content-Encoding
gzip
Content-Length
158122
Content-Security-Policy
script-src 'strict-dynamic' 'self' 'nonce-d06pVWSsQsi9ebmODiG7pQ==' 'report-sample'; report-uri /flowableaccount.onmicrosoft.com/B2C_1A_FLW_signup_signin/client/cspreport?p=B2C_1A_FLW_signup_signin
Content-Type
text/html; charset=utf-8
Date
Thu, 12 Jan 2023 17:03:30 GMT
Expires
-1
Public
OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Build
1.0.2819.0
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Request-ID
fa07d200-1876-4491-b459-63e3805cf208
X-UA-Compatible
IE=edge
X-XSS-Protection
1; mode=block
x-ms-gateway-requestid
84f83222-9b1f-4133-9ddf-d1c25c2fb150

Redirect headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Thu, 12 Jan 2023 17:03:30 GMT
expires
0
location
https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1c-71ae-40c4-85cc-22adff89ea1d%20openid%20profile%20email&state=tbPTnT5A-B6_GsiHKoiiJO0qJ005fOjzHOx2Z3yoSbs%3D&redirect_uri=https://work.prod.account.flowable.io/login/oauth2/code/azure&nonce=WIPXtrqy3CuNMnVOLsL7v3TwoYbXyatjOn2sXtLJaOA
pragma
no-cache
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
cspreport
flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/B2C_1A_FLW_signup_signin/client/ 		0
447 B 		Other
General
Check archive.org
Download Go to
Full URL
https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/B2C_1A_FLW_signup_signin/client/cspreport?p=B2C_1A_FLW_signup_signin
Requested by
Host: flowableaccount.b2clogin.com
URL: https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1c-71ae-40c4-85cc-22adff89ea1d%20openid%20profile%20email&state=tbPTnT5A-B6_GsiHKoiiJO0qJ005fOjzHOx2Z3yoSbs%3D&redirect_uri=https://work.prod.account.flowable.io/login/oauth2/code/azure&nonce=WIPXtrqy3CuNMnVOLsL7v3TwoYbXyatjOn2sXtLJaOA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.159.68 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1c-71ae-40c4-85cc-22adff89ea1d%20openid%20profile%20email&state=tbPTnT5A-B6_GsiHKoiiJO0qJ005fOjzHOx2Z3yoSbs%3D&redirect_uri=https://work.prod.account.flowable.io/login/oauth2/code/azure&nonce=WIPXtrqy3CuNMnVOLsL7v3TwoYbXyatjOn2sXtLJaOA
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/csp-report

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 12 Jan 2023 17:03:30 GMT
X-Content-Type-Options
nosniff
Allow
OPTIONS, TRACE, GET, HEAD, POST
X-Frame-Options
DENY
Public
OPTIONS,TRACE,GET,HEAD,POST
Cache-Control
no-store, must-revalidate, no-cache
x-ms-gateway-requestid
b8aad4be-cef9-4fa8-8563-cf96dd7b2275
Content-Length
0
X-XSS-Protection
1; mode=block
index.html
customoauthview.blob.core.windows.net/root/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://customoauthview.blob.core.windows.net/root/index.html
Requested by
Host: flowableaccount.b2clogin.com
URL: https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1c-71ae-40c4-85cc-22adff89ea1d%20openid%20profile%20email&state=tbPTnT5A-B6_GsiHKoiiJO0qJ005fOjzHOx2Z3yoSbs%3D&redirect_uri=https://work.prod.account.flowable.io/login/oauth2/code/azure&nonce=WIPXtrqy3CuNMnVOLsL7v3TwoYbXyatjOn2sXtLJaOA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.251.161 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e7e6a331fe48da62ab061523e012c1a72546d25b1540c37b0c90a59bb8c30785

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://flowableaccount.b2clogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 12 Jan 2023 17:03:30 GMT
Last-Modified
Thu, 12 Jan 2023 10:33:06 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
VDlGeJ+fNA+T8gbukhVA8Q==
ETag
0x8DAF488649C8513
Vary
Origin
Content-Type
text/html
Access-Control-Allow-Origin
https://flowableaccount.b2clogin.com
x-ms-request-id
7fad348f-001e-00d1-23a7-268b12000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Credentials
true
x-ms-version
2009-09-19
Content-Length
1617
flowable_logo.svg
customoauthview.blob.core.windows.net/root/assets/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customoauthview.blob.core.windows.net/root/assets/flowable_logo.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.251.161 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
ca69418697e18cb7886848ec2c917fafdf2bf58a2668a55866b3ecc0199a73bb

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://flowableaccount.b2clogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 12 Jan 2023 17:03:31 GMT
Last-Modified
Thu, 12 Jan 2023 10:26:33 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
bVdPKTXsJzczDv1x/iXAAA==
ETag
0x8DAF4877A298D72
Vary
Origin
Content-Type
image/svg+xml
x-ms-request-id
7ff4debb-001e-00b9-70a7-269121000000
x-ms-version
2009-09-19
Content-Length
3130
css2
fonts.googleapis.com/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&display=swap
Requested by
Host: flowableaccount.b2clogin.com
URL: https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1c-71ae-40c4-85cc-22adff89ea1d%20openid%20profile%20email&state=tbPTnT5A-B6_GsiHKoiiJO0qJ005fOjzHOx2Z3yoSbs%3D&redirect_uri=https://work.prod.account.flowable.io/login/oauth2/code/azure&nonce=WIPXtrqy3CuNMnVOLsL7v3TwoYbXyatjOn2sXtLJaOA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.201.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s35-in-f10.1e100.net
Software
ESF /
Resource Hash
45e78216d62e7ef2a2c7d0bda526ddfb789444fb8a986b024d059373acb27c16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://flowableaccount.b2clogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 12 Jan 2023 17:03:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 12 Jan 2023 16:14:58 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 12 Jan 2023 17:03:31 GMT
style.css
customoauthview.blob.core.windows.net/root/assets/ 		3 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://customoauthview.blob.core.windows.net/root/assets/style.css
Requested by
Host: flowableaccount.b2clogin.com
URL: https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1c-71ae-40c4-85cc-22adff89ea1d%20openid%20profile%20email&state=tbPTnT5A-B6_GsiHKoiiJO0qJ005fOjzHOx2Z3yoSbs%3D&redirect_uri=https://work.prod.account.flowable.io/login/oauth2/code/azure&nonce=WIPXtrqy3CuNMnVOLsL7v3TwoYbXyatjOn2sXtLJaOA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.251.161 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
d25464e7c746ae108c03cbc12d9478d4a899e25381c85ec6929d79437cd7351d

Request headers

Referer
https://flowableaccount.b2clogin.com/
Origin
https://flowableaccount.b2clogin.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 12 Jan 2023 17:03:30 GMT
Last-Modified
Thu, 12 Jan 2023 10:26:13 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
ppqcmNVB9TH0cTm03udfJA==
ETag
0x8DAF4876E5F32CB
Vary
Origin
Content-Type
text/css
Access-Control-Allow-Origin
https://flowableaccount.b2clogin.com
x-ms-request-id
7fad34a5-001e-00d1-35a7-268b12000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Credentials
true
x-ms-version
2009-09-19
Content-Length
3289
perftrace
flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/B2C_1A_FLW_signup_signin/client/ 		0
447 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/B2C_1A_FLW_signup_signin/client/perftrace?tx=StateProperties=eyJUSUQiOiJmYTA3ZDIwMC0xODc2LTQ0OTEtYjQ1OS02M2UzODA1Y2YyMDgifQ&p=B2C_1A_FLW_signup_signin
Requested by
Host: flowableaccount.b2clogin.com
URL: https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1c-71ae-40c4-85cc-22adff89ea1d%20openid%20profile%20email&state=tbPTnT5A-B6_GsiHKoiiJO0qJ005fOjzHOx2Z3yoSbs%3D&redirect_uri=https://work.prod.account.flowable.io/login/oauth2/code/azure&nonce=WIPXtrqy3CuNMnVOLsL7v3TwoYbXyatjOn2sXtLJaOA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.159.68 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://flowableaccount.b2clogin.com/flowableaccount.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_FLW_SIGNUP_SIGNIN&response_type=code&client_id=07314b1c-71ae-40c4-85cc-22adff89ea1d&scope=07314b1c-71ae-40c4-85cc-22adff89ea1d%20openid%20profile%20email&state=tbPTnT5A-B6_GsiHKoiiJO0qJ005fOjzHOx2Z3yoSbs%3D&redirect_uri=https://work.prod.account.flowable.io/login/oauth2/code/azure&nonce=WIPXtrqy3CuNMnVOLsL7v3TwoYbXyatjOn2sXtLJaOA
X-Requested-With
XMLHttpRequest
X-CSRF-TOKEN
dmdsRWVkNkVYRmRsQUhDTkZ6ZDl6bVhGK2wxclU1cG1IZUpIU3FmNTFxbXBSaCt3RmNtcnNocU9IRkRLNG93UlZ0d0xDOUtUdS9ERDNEUy9GUTE1bEE9PTsyMDIzLTAxLTEyVDE3OjAzOjMwLjg1MDk1MjNaO0sxWUwzcDFZU0tPelpDSVhRU0lGRkE9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 12 Jan 2023 17:03:31 GMT
X-Content-Type-Options
nosniff
Allow
OPTIONS, TRACE, GET, HEAD, POST
X-Frame-Options
DENY
Public
OPTIONS,TRACE,GET,HEAD,POST
Cache-Control
no-store, must-revalidate, no-cache
x-ms-gateway-requestid
c4b7aaf8-a016-4941-96f0-5fb28e2c8194
Content-Length
0
X-XSS-Protection
1; mode=block
flowable_work_banner_2800.jpg
customoauthview.blob.core.windows.net/root/assets/ 		497 KB
497 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customoauthview.blob.core.windows.net/root/assets/flowable_work_banner_2800.jpg
Requested by
Host: customoauthview.blob.core.windows.net
URL: https://customoauthview.blob.core.windows.net/root/assets/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.251.161 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
fe64e98033dedd770385788525d782d2d4004e7e6806c40edcafd14a7f0d0046

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://customoauthview.blob.core.windows.net/root/assets/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 12 Jan 2023 17:03:31 GMT
Last-Modified
Thu, 12 Jan 2023 10:26:29 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
834t5IHidNAJPv0zizQQJw==
ETag
0x8DAF48777A714E6
Vary
Origin
Content-Type
image/jpeg
x-ms-request-id
7ff4dec2-001e-00b9-74a7-269121000000
x-ms-version
2009-09-19
Content-Length
508559
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f3.1e100.net
Software
sffe /
Resource Hash
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://flowableaccount.b2clogin.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 16:06:09 GMT
x-content-type-options
nosniff
age
176243
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30928
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 18:57:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 Jan 2024 16:06:09 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f3.1e100.net
Software
sffe /
Resource Hash
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://flowableaccount.b2clogin.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 16:06:09 GMT
x-content-type-options
nosniff
age
176243
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30928
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 18:57:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 Jan 2024 16:06:09 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f3.1e100.net
Software
sffe /
Resource Hash
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://flowableaccount.b2clogin.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 16:06:09 GMT
x-content-type-options
nosniff
age
176243
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30928
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 18:57:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 Jan 2024 16:06:09 GMT

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| CP object| SA_FIELDS object| CONTENT object| SETTINGS string| staticHost string| targetSlice string| targetDc number| initializationTimeout boolean| diagsAlways number| maxTrace function| sanitizeHtml function| PageLoadTime function| _isFunction function| _mapObject function| _getPerformanceObjectData function| $trace object| $diags object| $santizer object| preloadCssLink object| $i2e object| $predicateValidation object| $element function| checkCssPreloaded function| preloadJavaScript object| $cors function| applyTenantBranding function| sendPageLoadTime function| $ function| jQuery boolean| pageReady object| Handlebars boolean| contentReady

5 Cookies

Domain/Path Name / Value
work.prod.account.flowable.io/ Name: XSRF-TOKEN
Value: 2caf2ce9-454c-4d51-a339-609ad5751939
work.prod.account.flowable.io/ Name: JSESSIONID
Value: 2ACBC1647077968B1C92B47F0465AE1D
.flowableaccount.b2clogin.com/ Name: x-ms-cpim-csrf
Value: dmdsRWVkNkVYRmRsQUhDTkZ6ZDl6bVhGK2wxclU1cG1IZUpIU3FmNTFxbXBSaCt3RmNtcnNocU9IRkRLNG93UlZ0d0xDOUtUdS9ERDNEUy9GUTE1bEE9PTsyMDIzLTAxLTEyVDE3OjAzOjMwLjg1MDk1MjNaO0sxWUwzcDFZU0tPelpDSVhRU0lGRkE9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==
.flowableaccount.b2clogin.com/ Name: x-ms-cpim-cache|anih-nyykus0wwpjgfzyca_0
Value: m1.BimSEt4Oso1FWC3L.bItwIB/ysjI/6A2u7Bv/Xw==.0.hcG/dH7MefV1mzflMxewL1DUtoiDYlheoXrbdAd/pADCIIkGuo/SNmcqDFo6y5zWJaPJEQ3l/F+DFKBByCgBTy+vCOZetNKm0dIt+AZd2kChsSU6LAGpUfwRTyePW0hiDCDSlGIbGbO5LdzH4qVXS4HfwPsaOU7duIzYcJvGPRep/49dbPBwigkDS4LmV0JCSTIP0oKwWpJM02W0StKwFBKOgw+bcunY9VcrgRcPGHkmgqdVCK3+7wGUM0J1c+YBizgfQjZDqzj1xqsEMDYv7PWO1wynCqWLc1AB/lAsujL1FYWXvpqR6x7MzxprOjMoApxv7Ek27rXpeOmY6HMh3xqES/ZlO/P5v63ju1f3X2XZlvf5oW4Q/fB/Lb207Sh237amgpa06VssFEozGJZJUMiu826TWCvitWG/XHImMlWdUcVgBTMH89hVDCPANeB/AsO5gky29Xnh9e9Leunx7Zej/FiEf1yGoPlinS1d47yAD/4MqxVuaK+3KdPsfDfJeT0SM09rGRR3IVR2hxMbwvn1tg4TihrCinc/zNOQe7m7NZpfVdyYX9hfQ7ln7RrSmz0bPLJMUNkKUFgS/YqCQwaIsbrHaxtAVxxVo/fupZgbJ7Ot/M+k6fxGUUq5HVt/9f4gh9Kx9mdBUH+Bu7lxKZtLBIXQMzkK6sQzvPMYGRWhE5vzChszUWUhHM7pTCq9tH8rGEG9QAuwPaUlnILY2J096+Ln5fbyRw==
.flowableaccount.b2clogin.com/ Name: x-ms-cpim-trans
Value: eyJUX0RJQyI6W3siSSI6ImZhMDdkMjAwLTE4NzYtNDQ5MS1iNDU5LTYzZTM4MDVjZjIwOCIsIlQiOiJmbG93YWJsZWFjY291bnQub25taWNyb3NvZnQuY29tIiwiUCI6IkIyQ18xQV9GTFdfU0lHTlVQX1NJR05JTiIsIkMiOiIwNzMxNGIxYy03MWFlLTQwYzQtODVjYy0yMmFkZmY4OWVhMWQiLCJTIjoxLCJNIjp7fSwiRCI6MH1dLCJDX0lEIjoiZmEwN2QyMDAtMTg3Ni00NDkxLWI0NTktNjNlMzgwNWNmMjA4In0=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'strict-dynamic' 'self' 'nonce-d06pVWSsQsi9ebmODiG7pQ==' 'report-sample'; report-uri /flowableaccount.onmicrosoft.com/B2C_1A_FLW_signup_signin/client/cspreport?p=B2C_1A_FLW_signup_signin
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block