urlscan.io logo urlscan.io
SecurityTrails logo

cm.harica.gr Open in urlscan Pro
2001:648:2800:a94:155:207:94:11  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://cm.harica.gr/
Effective URL: https://cm.harica.gr/Login?ReturnUrl=%2F
Submission: On December 22 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 2001:648:2800:a94:155:207:94:11, located in Thessaloniki, Greece and belongs to ASAUTHNET AUTH-NET-AS, GR. The main domain is cm.harica.gr.
TLS certificate: Issued by HARICA Institutional TLS RSA 2 on June 30th 2023. Valid for: a year.
This is the only time cm.harica.gr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

8    2001:648:2800:a94:155:207:94:11 (Thessaloniki, Greece)

ASN5470 (ASAUTHNET AUTH-NET-AS, GR)
cm.harica.gr
2    2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
1    2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
3    2a00:1450:400c:c09::54 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
accounts.google.com
1    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
8 harica.gr
cm.harica.gr
894 KB
5 google.com
apis.google.com — Cisco Umbrella Rank: 116
accounts.google.com — Cisco Umbrella Rank: 23
82 KB
2 gstatic.com
fonts.gstatic.com
www.gstatic.com
53 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
995 B
14 4
Domain Requested by
8 cm.harica.gr 2 redirects cm.harica.gr
3 accounts.google.com apis.google.com
cm.harica.gr
www.gstatic.com
2 apis.google.com cm.harica.gr
apis.google.com
1 www.gstatic.com accounts.google.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com cm.harica.gr
14 6

This site contains no links.

Subject Issuer Validity Valid
cm.harica.gr
HARICA Institutional TLS RSA 2		 2023-06-30 -
2024-07-31		 a year crt.sh
*.apis.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://cm.harica.gr/Login?ReturnUrl=%2F
Frame ID: 2D3D7A14501AE78F5A4EF0E52DCBD590
Requests: 12 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 9895407AC73D25C4A0F4B3606B2B872B
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Harica CertManager - Login

Page URL History Show full URLs

  1. http://cm.harica.gr/ HTTP 301
    https://cm.harica.gr/ HTTP 302
    https://cm.harica.gr/Login?ReturnUrl=%2F Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <meta[^>]*google-signin-client_id
  • apis\.google\.com/js/platform\.js
Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js

Page Statistics

14
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

6
Subdomains

7
IPs

3
Countries

1030 kB
Transfer

1939 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cm.harica.gr/ HTTP 301
    https://cm.harica.gr/ HTTP 302
    https://cm.harica.gr/Login?ReturnUrl=%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login
cm.harica.gr/
Redirect Chain
  • http://cm.harica.gr/
  • https://cm.harica.gr/
  • https://cm.harica.gr/Login?ReturnUrl=%2F
12 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.harica.gr/Login?ReturnUrl=%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2001:648:2800:a94:155:207:94:11 Thessaloniki, Greece, ASN5470 (ASAUTHNET AUTH-NET-AS, GR),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a13cc7b6038b559d5fd615bf6eae16495ffb82be8131021e1c8c153cd25b9ffb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options Deny
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
2771
Content-Type
text/html; charset=utf-8
Date
Fri, 22 Dec 2023 11:18:58 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Server
Apache/2.4.29 (Ubuntu)
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
Deny
X-XSS-Protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
0
Date
Fri, 22 Dec 2023 11:18:58 GMT
Keep-Alive
timeout=5, max=100
Location
https://cm.harica.gr/Login?ReturnUrl=%2F
Server
Apache/2.4.29 (Ubuntu)
X-Content-Type-Options
nosniff
X-Frame-Options
Deny
X-XSS-Protection
1; mode=block
vendor.css
cm.harica.gr/dist/ 		212 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cm.harica.gr/dist/vendor.css?v=PIRblvTBP3z_BYca-ENLmGMvcK9K35XPKe4JEyHEgJ8
Requested by
Host: cm.harica.gr
URL: https://cm.harica.gr/Login?ReturnUrl=%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2001:648:2800:a94:155:207:94:11 Thessaloniki, Greece, ASN5470 (ASAUTHNET AUTH-NET-AS, GR),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
3c845b96f4c13f7cff05871af8434b98632f70af4adf95cf29ee091321c4809f
Security Headers
Name Value
X-Frame-Options Deny

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cm.harica.gr/Login?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Fri, 22 Dec 2023 11:18:58 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Oct 2023 09:37:18 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"1d9fc268686d550-gzip"
X-Frame-Options
Deny
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
29735
login-page.css
cm.harica.gr/dist/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cm.harica.gr/dist/login-page.css?v=DyQz8gc4rWv2bDcpMw5MkUFJuoW2vCDB1C0Rees9qfw
Requested by
Host: cm.harica.gr
URL: https://cm.harica.gr/Login?ReturnUrl=%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2001:648:2800:a94:155:207:94:11 Thessaloniki, Greece, ASN5470 (ASAUTHNET AUTH-NET-AS, GR),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
0f2433f20738ad6bf66c3729330e4c914149ba85b6bc20c1d42d1179eb3da9fc
Security Headers
Name Value
X-Frame-Options Deny

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cm.harica.gr/Login?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Fri, 22 Dec 2023 11:18:58 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Oct 2023 09:43:43 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"1d9fc276bffefc0-gzip"
X-Frame-Options
Deny
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1203
vendor.js
cm.harica.gr/dist/ 		140 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cm.harica.gr/dist/vendor.js?v=rNH5X5C2dAxUaZMjixF2Lzmw6t_ML5XnrPmGpfvMAHo
Requested by
Host: cm.harica.gr
URL: https://cm.harica.gr/Login?ReturnUrl=%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2001:648:2800:a94:155:207:94:11 Thessaloniki, Greece, ASN5470 (ASAUTHNET AUTH-NET-AS, GR),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
acd1f95f90b6740c546993238b11762f39b0eadfcc2f95e7acf986a5fbcc007a
Security Headers
Name Value
X-Frame-Options Deny

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cm.harica.gr/Login?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Fri, 22 Dec 2023 11:18:58 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Oct 2023 09:37:18 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"1d9fc268687aa94-gzip"
X-Frame-Options
Deny
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
44346
login-page.js
cm.harica.gr/dist/ 		563 KB
174 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cm.harica.gr/dist/login-page.js?v=_AhzDARC6jnVImyp95BWIprQkLetsDtrDdS0xubIZcM
Requested by
Host: cm.harica.gr
URL: https://cm.harica.gr/Login?ReturnUrl=%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2001:648:2800:a94:155:207:94:11 Thessaloniki, Greece, ASN5470 (ASAUTHNET AUTH-NET-AS, GR),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
fc08730c0442ea39d5226ca9f79056229ad090b7adb03b6b0dd4b4c6e6c865c3
Security Headers
Name Value
X-Frame-Options Deny

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cm.harica.gr/Login?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Fri, 22 Dec 2023 11:18:58 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Oct 2023 09:43:43 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"1d9fc276bf73b64-gzip"
X-Frame-Options
Deny
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
platform.js
apis.google.com/js/ 		56 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/platform.js
Requested by
Host: cm.harica.gr
URL: https://cm.harica.gr/Login?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d6761121e36dada7b2cb2088e9749ddc66c64da9a262386e1e358c8dbbeeeeb
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cm.harica.gr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 22 Dec 2023 11:18:59 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21932
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"744e1fa93653e48f"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 22 Dec 2023 11:18:59 GMT
css2
fonts.googleapis.com/ 		2 KB
995 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@500&display=swap
Requested by
Host: cm.harica.gr
URL: https://cm.harica.gr/Login?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bbffca692cf40b9d0611e20983dadef6e2adf9ce02b398257d0273245c619bbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cm.harica.gr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 22 Dec 2023 11:18:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 22 Dec 2023 10:02:26 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 22 Dec 2023 11:18:59 GMT
80c07943565d91b976e1e9cdd77d03fb.ttf
cm.harica.gr/dist/dist/ 		642 KB
642 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cm.harica.gr/dist/dist/80c07943565d91b976e1e9cdd77d03fb.ttf
Requested by
Host: cm.harica.gr
URL: https://cm.harica.gr/dist/vendor.css?v=PIRblvTBP3z_BYca-ENLmGMvcK9K35XPKe4JEyHEgJ8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2001:648:2800:a94:155:207:94:11 Thessaloniki, Greece, ASN5470 (ASAUTHNET AUTH-NET-AS, GR),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
6f6940be0835c3ddec9199e5fc42be4cbc61ebcfd58c623fdf719366253f1780
Security Headers
Name Value
X-Frame-Options Deny

Request headers

Referer
https://cm.harica.gr/dist/vendor.css?v=PIRblvTBP3z_BYca-ENLmGMvcK9K35XPKe4JEyHEgJ8
Origin
https://cm.harica.gr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Fri, 22 Dec 2023 11:18:58 GMT
Last-Modified
Wed, 11 Oct 2023 09:29:35 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"1d9fc2572876ebc"
X-Frame-Options
Deny
Content-Type
font/ttf
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
657212
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aa862f3a28198aeeb5edd9251568b43918883d6c4bf9a8243efd63f5dbe1d4ca

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fba0c212a69b191cb0176907077662712905034bf0561f34e6d212056067b196

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type
image/png
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=signin2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/ 		166 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=signin2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24e4c0f2c3568c57cc09ba3cf29a8ca8344c48977d26cd82cbcd3ac9b6861ef7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cm.harica.gr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 21:27:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
136304
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
58389
x-xss-protection
0
last-modified
Wed, 06 Dec 2023 19:05:16 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 19 Dec 2024 21:27:15 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://cm.harica.gr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Mon, 18 Dec 2023 17:38:05 GMT
x-content-type-options
nosniff
age
322854
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 17 Dec 2024 17:38:05 GMT
iframe
accounts.google.com/o/oauth2/ Frame 9895 		286 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=signin2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/cb=gapi.loaded_0?le=scs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2b9f41b2815ced7f516fea15b792b4e54b319bb9d4ed8e5dff6d814409d87b42
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-6X0PnaiTxQbeI_owDjJUwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cm.harica.gr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-6X0PnaiTxQbeI_owDjJUwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Fri, 22 Dec 2023 11:18:59 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
server
ESF
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-xss-protection
0
m=base
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.oJjHVnmvPe0.es5.O/am=wA/d=1/rs=AOaEmlGb21RoF-Da6FkBz01QI2e1C4KOQw/ Frame 9895 		107 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.oJjHVnmvPe0.es5.O/am=wA/d=1/rs=AOaEmlGb21RoF-Da6FkBz01QI2e1C4KOQw/m=base
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
efc37ba8c632c554a630d4c7c0328ff0c7f31d33c29af5f79a773600c2807a27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 01:10:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
295723
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37602
x-xss-protection
0
last-modified
Sat, 09 Dec 2023 05:45:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 18 Dec 2024 01:10:16 GMT
cspreport
accounts.google.com/_/IdpIFrameHttp/ Frame 9895 		2 KB
918 B 		Other
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/_/IdpIFrameHttp/cspreport
Requested by
Host: cm.harica.gr
URL: https://cm.harica.gr/Login?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a7bc30e17ca3ee3382b142ddfd6148d9268c5d23809e97f815d74f84eea4ef2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Fri, 22 Dec 2023 11:18:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
iframerpc
accounts.google.com/o/oauth2/ Frame 9895 		49 B
94 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fcm.harica.gr&client_id=451777600155-q6jbtpqn4qbng8mbcu41d18lptuv97ka.apps.googleusercontent.com
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.oJjHVnmvPe0.es5.O/am=wA/d=1/rs=AOaEmlGb21RoF-Da6FkBz01QI2e1C4KOQw/m=base
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c09::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4836b6031bc4af96767f0121fa458714583340054aea6338ef99a1bc4011f43b
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-kIa6XrSfq0l-cJi7rjAdHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
X-Requested-With
XmlHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 11:18:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-kIa6XrSfq0l-cJi7rjAdHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
content-encoding
gzip
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site, Origin
content-type
application/json; charset=utf-8
cache-control
public, max-age=3600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Fri, 22 Dec 2023 12:18:59 GMT

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| vendor_9f7f4a80386e441948f6 function| _ object| FontAwesomeConfig object| ___FONT_AWESOME___ object| gapi object| ___jsl object| _F_toggles object| osapi

3 Cookies

Domain/Path Name / Value
cm.harica.gr/ Name: HARICA-Antiforgery
Value: CfDJ8N2QYxACy2lDo55XYXI8VvO-FgF9dzGbqEfkIsRdhoL54RY9QLtOZTIoPlsDxPz1ZarBA8haexoW06Xr47sLIJEvk7wZ4zfyuz4mnAFEjGXHNq9r5LQSth8uWyTgoUOU2pCh3zeOIQ3aJLE3cXNCyy0
.google.com/ Name: NID
Value: 511=pnAZkftgQCVhtbLQp-alCa0lo0QAS5C1rhvvHnzvLMHEF1GWfGAOg8gg2B3VdnePBbOwLif6_f9yutbhB9aRxwAibLyZYlVgn6UuLIDIAm7CsK3G4_1GR8P_QipmxgPrzenwYcTh_LISV9GR1ridA_5wTg-o9YHR3kVNBdADg48
.cm.harica.gr/ Name: G_ENABLED_IDPS
Value: google

3 Console Messages

Source Level URL
Text
security warning URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=signin2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/cb=gapi.loaded_0?le=scs(Line 186)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://accounts.google.com/_/IdpIFrameHttp/cspreport
Message:
Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options Deny
X-Xss-Protection 1; mode=block