urlscan.io logo urlscan.io
SecurityTrails logo

accounting-system-staging.lab.codeinside.ru Open in urlscan Pro
85.237.57.85  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.accounting-system-staging.lab.codeinside.ru/
Effective URL: https://accounting-system-staging.lab.codeinside.ru/
Submission: On December 29 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 17 HTTP transactions. The main IP is 85.237.57.85, located in Penza, Russian Federation and belongs to ROSTELECOM-AS, RU. The main domain is accounting-system-staging.lab.codeinside.ru.
TLS certificate: Issued by R3 on December 29th 2023. Valid for: 3 months.
This is the only time accounting-system-staging.lab.codeinside.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

8    85.237.57.85 (Penza, Russian Federation)

ASN12389 (ROSTELECOM-AS, RU)
PTR: host-85-237-57-85.dsl.sura.ru
www.accounting-system-staging.lab.codeinside.ru
accounting-system-staging.lab.codeinside.ru
1    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a02:6b8::1:114 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
oauth.yandex.ru
1    2a02:6b8::24 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
passport.yandex.ru
2    2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
3    2a00:1450:400c:c09::54 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
accounts.google.com
1    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a02:6b8::428 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
csp.yandex.net
Apex Domain
Subdomains		 Transfer
8 codeinside.ru
www.accounting-system-staging.lab.codeinside.ru
accounting-system-staging.lab.codeinside.ru
1 MB
5 google.com
apis.google.com — Cisco Umbrella Rank: 116
accounts.google.com — Cisco Umbrella Rank: 23
50 KB
2 yandex.ru
oauth.yandex.ru — Cisco Umbrella Rank: 205225
passport.yandex.ru — Cisco Umbrella Rank: 16970
2 KB
1 yandex.net
csp.yandex.net — Cisco Umbrella Rank: 28609
107 B
1 gstatic.com
www.gstatic.com
37 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
17 6
Domain Requested by
7 accounting-system-staging.lab.codeinside.ru accounting-system-staging.lab.codeinside.ru
3 accounts.google.com apis.google.com
accounting-system-staging.lab.codeinside.ru
www.gstatic.com
2 apis.google.com accounting-system-staging.lab.codeinside.ru
apis.google.com
1 csp.yandex.net accounting-system-staging.lab.codeinside.ru
1 www.gstatic.com accounts.google.com
1 passport.yandex.ru accounting-system-staging.lab.codeinside.ru
1 oauth.yandex.ru 1 redirects
1 fonts.googleapis.com accounting-system-staging.lab.codeinside.ru
1 www.accounting-system-staging.lab.codeinside.ru 1 redirects
17 9

This site contains no links.

Subject Issuer Validity Valid
accounting-system-staging.lab.codeinside.ru
R3		 2023-12-29 -
2024-03-28		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
passport.yandex.ru
GlobalSign RSA OV SSL CA 2018		 2023-09-25 -
2024-04-26		 7 months crt.sh
*.apis.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
csp.yandex.net
GlobalSign RSA OV SSL CA 2018		 2023-10-03 -
2024-04-02		 6 months crt.sh

This page contains 3 frames:

Primary Page: https://accounting-system-staging.lab.codeinside.ru/
Frame ID: 3E77183E03CE43EBEE7CD0175378FCFE
Requests: 11 HTTP requests in this frame

Frame: https://passport.yandex.ru/auth?retpath=https%3A%2F%2Foauth.yandex.ru%2Fauthorize%3Fresponse_type%3Dtoken%26client_id%3D4ecfb12ade6b4789aa62c4d8599b4aae%26redirect_uri%3Dhttps%253A%252F%252Faccounting-system-staging.lab.codeinside.ru%26display%3Dpopup&noreturn=1&origin=oauth
Frame ID: E57D73A1174C716A84E02E7837A13441
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 2C084199F24ED3F8E9E67F26DF71C592
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Accounting System

Page URL History Show full URLs

  1. https://www.accounting-system-staging.lab.codeinside.ru/ HTTP 308
    https://accounting-system-staging.lab.codeinside.ru/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <iframe[^>]*accounts\.google\.com/o/oauth2
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js

Page Statistics

17
Requests

94 %
HTTPS

88 %
IPv6

6
Domains

9
Subdomains

8
IPs

3
Countries

1193 kB
Transfer

1360 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.accounting-system-staging.lab.codeinside.ru/ HTTP 308
    https://accounting-system-staging.lab.codeinside.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://oauth.yandex.ru/authorize?response_type=token&client_id=4ecfb12ade6b4789aa62c4d8599b4aae&redirect_uri=https%3A%2F%2Faccounting-system-staging.lab.codeinside.ru&display=popup HTTP 302
  • https://passport.yandex.ru/auth?retpath=https%3A%2F%2Foauth.yandex.ru%2Fauthorize%3Fresponse_type%3Dtoken%26client_id%3D4ecfb12ade6b4789aa62c4d8599b4aae%26redirect_uri%3Dhttps%253A%252F%252Faccounting-system-staging.lab.codeinside.ru%26display%3Dpopup&noreturn=1&origin=oauth

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
accounting-system-staging.lab.codeinside.ru/
Redirect Chain
  • https://www.accounting-system-staging.lab.codeinside.ru/
  • https://accounting-system-staging.lab.codeinside.ru/
778 B
957 B 		Document
General
Check archive.org
Download Go to
Full URL
https://accounting-system-staging.lab.codeinside.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
85.237.57.85 Penza, Russian Federation, ASN12389 (ROSTELECOM-AS, RU),
Reverse DNS
host-85-237-57-85.dsl.sura.ru
Software
/
Resource Hash
e9aaa28f5465e6373c6baf859935c47d0ef3c74d7c7fbbfd248eb424b323c38f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
778
content-type
text/html
date
Fri, 29 Dec 2023 16:16:38 GMT
etag
"658eee90-30a"
last-modified
Fri, 29 Dec 2023 16:06:40 GMT
strict-transport-security
max-age=15724800; includeSubDomains

Redirect headers

content-length
164
content-type
text/html
date
Fri, 29 Dec 2023 16:16:38 GMT
location
https://accounting-system-staging.lab.codeinside.ru
css2
fonts.googleapis.com/ 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700;800&display=swap
Requested by
Host: accounting-system-staging.lab.codeinside.ru
URL: https://accounting-system-staging.lab.codeinside.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f8cbafd49c896a6e02a3a959409874806cff8792343936c0ba532f58ecc95333
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounting-system-staging.lab.codeinside.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 29 Dec 2023 16:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 29 Dec 2023 14:19:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 29 Dec 2023 16:16:38 GMT
main.8c64a147.js
accounting-system-staging.lab.codeinside.ru/static/js/ 		928 KB
930 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accounting-system-staging.lab.codeinside.ru/static/js/main.8c64a147.js
Requested by
Host: accounting-system-staging.lab.codeinside.ru
URL: https://accounting-system-staging.lab.codeinside.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
85.237.57.85 Penza, Russian Federation, ASN12389 (ROSTELECOM-AS, RU),
Reverse DNS
host-85-237-57-85.dsl.sura.ru
Software
/
Resource Hash
c1199e8c1e013ad1e9b29ed8bc55b7e682fb5be7525fdc37f67323999d4a446f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounting-system-staging.lab.codeinside.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 16:16:38 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 29 Dec 2023 16:06:40 GMT
accept-ranges
bytes
etag
"658eee90-e7f33"
content-length
950067
content-type
application/javascript
main.404a35c2.css
accounting-system-staging.lab.codeinside.ru/static/css/ 		159 KB
159 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounting-system-staging.lab.codeinside.ru/static/css/main.404a35c2.css
Requested by
Host: accounting-system-staging.lab.codeinside.ru
URL: https://accounting-system-staging.lab.codeinside.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
85.237.57.85 Penza, Russian Federation, ASN12389 (ROSTELECOM-AS, RU),
Reverse DNS
host-85-237-57-85.dsl.sura.ru
Software
/
Resource Hash
1a592986105eff8c65344f40b4c9772a5ba22bcb7274c2df42a166c091b14d28
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounting-system-staging.lab.codeinside.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 16:16:38 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 29 Dec 2023 16:06:40 GMT
accept-ranges
bytes
etag
"658eee90-27b35"
content-length
162613
content-type
text/css
auth
passport.yandex.ru/ Frame E57D
Redirect Chain
  • https://oauth.yandex.ru/authorize?response_type=token&client_id=4ecfb12ade6b4789aa62c4d8599b4aae&redirect_uri=https%3A%2F%2Faccounting-system-staging.lab.codeinside.ru&display=popup
  • https://passport.yandex.ru/auth?retpath=https%3A%2F%2Foauth.yandex.ru%2Fauthorize%3Fresponse_type%3Dtoken%26client_id%3D4ecfb12ade6b4789aa62c4d8599b4aae%26redirect_uri%3Dhttps%253A%252F%252Faccount...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://passport.yandex.ru/auth?retpath=https%3A%2F%2Foauth.yandex.ru%2Fauthorize%3Fresponse_type%3Dtoken%26client_id%3D4ecfb12ade6b4789aa62c4d8599b4aae%26redirect_uri%3Dhttps%253A%252F%252Faccounting-system-staging.lab.codeinside.ru%26display%3Dpopup&noreturn=1&origin=oauth
Requested by
Host: accounting-system-staging.lab.codeinside.ru
URL: https://accounting-system-staging.lab.codeinside.ru/static/js/main.8c64a147.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::24 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none';style-src 'self' yastatic.net 'unsafe-inline' 'unsafe-eval' s3.mds.yandex.net s3.mdst.yandex.net;script-src 'self' yastatic.net mc.admetrica.ru mc.yandex.ru chat.s3.yandex.net api-maps.yandex.ru suggest-maps.yandex.net export.yandex.ru 'unsafe-eval' 'unsafe-inline' 'nonce-9d0f00f0-020f-4b39-8206-f7fb580b5447' https://yastatic.net/s3/frontend/butterfly/latest/butterfly.js;img-src 'self' yastatic.net https://ysa-static.passport.yandex.ru https://ysa-static.passport.yandex.net yandex.st data: mc.admetrica.ru mc.yandex.ru api-maps.yandex.ru *.captcha.yandex.net s3.mds.yandex.net s3.mdst.yandex.net avatars.mds.yandex.net avatars.mdst.yandex.net clck.yandex.ru *.maps.yandex.net yapic.yandex.ru img.yandex.ru static-maps.yandex.ru https://video-tub-ru.yandex.net https://img0-tub-ru.yandex.net https://img1-tub-ru.yandex.net https://img2-tub-ru.yandex.net https://img3-tub-ru.yandex.net yango.com blob: mc.webvisor.com mc.webvisor.org https://downloader.disk.yandex.ru;font-src 'self' data: yastatic.net;object-src yastatic.net;media-src *.captcha.yandex.net data: yastatic.net;connect-src mail.yandex.ru 'self' mc.admetrica.ru mc.yandex.ru trust.yandex.ru trust.yandex.com suggest-maps.yandex.net mc.webvisor.com mc.webvisor.org yandex.ru api.passport.yandex.ru *.disk.yandex.net;frame-ancestors 'self';frame-src 'self' yandex.st s4.money.yandex.net https://yandex.ru/chat split.yandex.ru yastatic.net yandex.ru sso.passport.yandex.ru sso.ya.ru null pass.yandex.ru passport.yandex.ru https://trust.yandex.ru blob: mc.yandex.ru magic.passport.yandex.ru https://yandex.ru/forms https://forms.yandex.ru/;child-src 'self' yandex.st yandex.ru null passport.yandex.ru pass.yandex.ru https://trust.yandex.ru blob: mc.yandex.ru;report-uri https://csp.yandex.net/csp?from=passport&project=passport&yandex_login=&yandexuid=;manifest-src 'self' yastatic.net
Strict-Transport-Security max-age=15552000; includeSubDomains max-age=315360000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://accounting-system-staging.lab.codeinside.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-CH
Sec-CH-Prefers-Color-Scheme
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
default-src 'none';style-src 'self' yastatic.net 'unsafe-inline' 'unsafe-eval' s3.mds.yandex.net s3.mdst.yandex.net;script-src 'self' yastatic.net mc.admetrica.ru mc.yandex.ru chat.s3.yandex.net api-maps.yandex.ru suggest-maps.yandex.net export.yandex.ru 'unsafe-eval' 'unsafe-inline' 'nonce-9d0f00f0-020f-4b39-8206-f7fb580b5447' https://yastatic.net/s3/frontend/butterfly/latest/butterfly.js;img-src 'self' yastatic.net https://ysa-static.passport.yandex.ru https://ysa-static.passport.yandex.net yandex.st data: mc.admetrica.ru mc.yandex.ru api-maps.yandex.ru *.captcha.yandex.net s3.mds.yandex.net s3.mdst.yandex.net avatars.mds.yandex.net avatars.mdst.yandex.net clck.yandex.ru *.maps.yandex.net yapic.yandex.ru img.yandex.ru static-maps.yandex.ru https://video-tub-ru.yandex.net https://img0-tub-ru.yandex.net https://img1-tub-ru.yandex.net https://img2-tub-ru.yandex.net https://img3-tub-ru.yandex.net yango.com blob: mc.webvisor.com mc.webvisor.org https://downloader.disk.yandex.ru;font-src 'self' data: yastatic.net;object-src yastatic.net;media-src *.captcha.yandex.net data: yastatic.net;connect-src mail.yandex.ru 'self' mc.admetrica.ru mc.yandex.ru trust.yandex.ru trust.yandex.com suggest-maps.yandex.net mc.webvisor.com mc.webvisor.org yandex.ru api.passport.yandex.ru *.disk.yandex.net;frame-ancestors 'self';frame-src 'self' yandex.st s4.money.yandex.net https://yandex.ru/chat split.yandex.ru yastatic.net yandex.ru sso.passport.yandex.ru sso.ya.ru null pass.yandex.ru passport.yandex.ru https://trust.yandex.ru blob: mc.yandex.ru magic.passport.yandex.ru https://yandex.ru/forms https://forms.yandex.ru/;child-src 'self' yandex.st yandex.ru null passport.yandex.ru pass.yandex.ru https://trust.yandex.ru blob: mc.yandex.ru;report-uri https://csp.yandex.net/csp?from=passport&project=passport&yandex_login=&yandexuid=;manifest-src 'self' yastatic.net
Content-Type
text/html; charset=utf-8
Critical-CH
Sec-CH-Prefers-Color-Scheme
Date
Fri, 29 Dec 2023 16:16:39 GMT
Expires
0
Keep-Alive
timeout=120
P3P
policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"
Pragma
no-cache
Referrer-Policy
origin
Server
nginx
Strict-Transport-Security
max-age=15552000; includeSubDomains max-age=315360000; includeSubDomains; preload
Surrogate-Control
no-store
Transfer-Encoding
chunked
Vary
Accept-Encoding Sec-CH-Prefers-Color-Scheme
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
0
X-Yandex-Passport-Authorize
1

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Length
610
Content-Security-Policy
default-src 'none'; style-src yastatic.net 'unsafe-inline' 'unsafe-eval'; script-src 'self' yastatic.net yandex.st mc.yandex.ru 'unsafe-eval' 'nonce-4b831772-8fe6-4a2b-a337-57b8db8a241d'; img-src yastatic.net mc.yandex.ru yandex.st data: *.captcha.yandex.net avatars.mds.yandex.net avatars.mdst.yandex.net clck.yandex.ru yapic.yandex.ru img.yandex.ru mc.admetrica.ru; font-src data: yastatic.net; object-src yastatic.net; media-src *.captcha.yandex.net data:; connect-src 'self' passport.yandex.ru mc.yandex.ru yandex.ru autofill.yandex.ru; frame-src 'self' yandex.st yandex.ru; child-src 'self' yandex.st; manifest-src 'self' yastatic.net; report-uri https://csp.yandex.net/csp?from=oauth&yandex_login=&yandexuid=
Content-Type
text/html; charset=utf-8
Date
Fri, 29 Dec 2023 16:16:39 GMT
Expires
0
Location
https://passport.yandex.ru/auth?retpath=https%3A%2F%2Foauth.yandex.ru%2Fauthorize%3Fresponse_type%3Dtoken%26client_id%3D4ecfb12ade6b4789aa62c4d8599b4aae%26redirect_uri%3Dhttps%253A%252F%252Faccounting-system-staging.lab.codeinside.ru%26display%3Dpopup&noreturn=1&origin=oauth
Pragma
no-cache
Server
nginx
Strict-Transport-Security
max-age=15552000; includeSubDomains
Surrogate-Control
no-store
Vary
Accept
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
X-Robots-Tag
noindex
X-XSS-Protection
1; mode=block
loginLogo.dc724ad551e208f6f67f0331cc346833.svg
accounting-system-staging.lab.codeinside.ru/static/media/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounting-system-staging.lab.codeinside.ru/static/media/loginLogo.dc724ad551e208f6f67f0331cc346833.svg
Requested by
Host: accounting-system-staging.lab.codeinside.ru
URL: https://accounting-system-staging.lab.codeinside.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
85.237.57.85 Penza, Russian Federation, ASN12389 (ROSTELECOM-AS, RU),
Reverse DNS
host-85-237-57-85.dsl.sura.ru
Software
/
Resource Hash
c3fcd764822534e2904cce3613eb506f2583f1673e21bff1f2c2be4c4ca03b0b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounting-system-staging.lab.codeinside.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 16:16:39 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 29 Dec 2023 16:06:40 GMT
accept-ranges
bytes
etag
"658eee90-262b"
content-length
9771
content-type
image/svg+xml
google.67564641a8b990820c98d1f3091974b5.svg
accounting-system-staging.lab.codeinside.ru/static/media/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounting-system-staging.lab.codeinside.ru/static/media/google.67564641a8b990820c98d1f3091974b5.svg
Requested by
Host: accounting-system-staging.lab.codeinside.ru
URL: https://accounting-system-staging.lab.codeinside.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
85.237.57.85 Penza, Russian Federation, ASN12389 (ROSTELECOM-AS, RU),
Reverse DNS
host-85-237-57-85.dsl.sura.ru
Software
/
Resource Hash
8b18b35a4a17302cd832518c807582df8ebe22ecc8d80ca58667904f1155eb13
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounting-system-staging.lab.codeinside.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 16:16:39 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 29 Dec 2023 16:06:40 GMT
accept-ranges
bytes
etag
"658eee90-40f"
content-length
1039
content-type
image/svg+xml
gitlab.429100bfa2906c5295204b9eb0761750.svg
accounting-system-staging.lab.codeinside.ru/static/media/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounting-system-staging.lab.codeinside.ru/static/media/gitlab.429100bfa2906c5295204b9eb0761750.svg
Requested by
Host: accounting-system-staging.lab.codeinside.ru
URL: https://accounting-system-staging.lab.codeinside.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
85.237.57.85 Penza, Russian Federation, ASN12389 (ROSTELECOM-AS, RU),
Reverse DNS
host-85-237-57-85.dsl.sura.ru
Software
/
Resource Hash
d2d5a1cb2c3f80a4c4b780d128a791ef46fc3261edca84e2c37059ea85c3cc82
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounting-system-staging.lab.codeinside.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 16:16:39 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 29 Dec 2023 16:06:40 GMT
accept-ranges
bytes
etag
"658eee90-81e"
content-length
2078
content-type
image/svg+xml
yandex.ba51d19ca42a8d712f59c6d773ff082a.svg
accounting-system-staging.lab.codeinside.ru/static/media/ 		600 B
783 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounting-system-staging.lab.codeinside.ru/static/media/yandex.ba51d19ca42a8d712f59c6d773ff082a.svg
Requested by
Host: accounting-system-staging.lab.codeinside.ru
URL: https://accounting-system-staging.lab.codeinside.ru/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
85.237.57.85 Penza, Russian Federation, ASN12389 (ROSTELECOM-AS, RU),
Reverse DNS
host-85-237-57-85.dsl.sura.ru
Software
/
Resource Hash
2229464879944717906b4275e55098f3958fc121af007a3e712077367bc8b234
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounting-system-staging.lab.codeinside.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 16:16:39 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 29 Dec 2023 16:06:40 GMT
accept-ranges
bytes
etag
"658eee90-258"
content-length
600
content-type
image/svg+xml
api.js
apis.google.com/js/ 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/api.js
Requested by
Host: accounting-system-staging.lab.codeinside.ru
URL: https://accounting-system-staging.lab.codeinside.ru/static/js/main.8c64a147.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34cde982ba3e4dc07422431edb59a249fa3157b297aea11c0647474a27b6161b
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounting-system-staging.lab.codeinside.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 29 Dec 2023 16:16:39 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7117
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"46707f02a004c0ee"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 29 Dec 2023 16:16:39 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/ 		119 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d85f21be5db07a2ea03381f9ba5f984d5fd971f4ceb3174957e8cb6f28949aa9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounting-system-staging.lab.codeinside.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 21:15:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
154861
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40961
x-xss-protection
0
last-modified
Wed, 06 Dec 2023 19:05:16 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 26 Dec 2024 21:15:38 GMT
iframe
accounts.google.com/o/oauth2/ Frame 2C08 		286 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/cb=gapi.loaded_0?le=scs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a6c2d2d8ea434abbd577d3a72b7c41ccc8b97b88b7c3ed89caff3bc6b75c24c4
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-_kqYPGdWriJMJ19TgEs70A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounting-system-staging.lab.codeinside.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-_kqYPGdWriJMJ19TgEs70A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Fri, 29 Dec 2023 16:16:39 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
server
ESF
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-xss-protection
0
m=base
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.oJjHVnmvPe0.es5.O/am=wA/d=1/rs=AOaEmlGb21RoF-Da6FkBz01QI2e1C4KOQw/ Frame 2C08 		107 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.oJjHVnmvPe0.es5.O/am=wA/d=1/rs=AOaEmlGb21RoF-Da6FkBz01QI2e1C4KOQw/m=base
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
efc37ba8c632c554a630d4c7c0328ff0c7f31d33c29af5f79a773600c2807a27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 26 Dec 2023 01:10:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
313583
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37602
x-xss-protection
0
last-modified
Sat, 09 Dec 2023 05:45:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 25 Dec 2024 01:10:16 GMT
cspreport
accounts.google.com/_/IdpIFrameHttp/ Frame 2C08 		2 KB
912 B 		Other
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/_/IdpIFrameHttp/cspreport
Requested by
Host: accounting-system-staging.lab.codeinside.ru
URL: https://accounting-system-staging.lab.codeinside.ru/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
4e9c47283d212c1bc7338817b57c76c48a5adca7daf7b1ee15a0f920f7c3008e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Fri, 29 Dec 2023 16:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
iframerpc
accounts.google.com/o/oauth2/ Frame 2C08 		50 B
90 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Faccounting-system-staging.lab.codeinside.ru&client_id=310035439442-g5uba3benj6k2bpko8ru2gdceu5gu105.apps.googleusercontent.com
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.oJjHVnmvPe0.es5.O/am=wA/d=1/rs=AOaEmlGb21RoF-Da6FkBz01QI2e1C4KOQw/m=base
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c09::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
427653d8b0569e986b88bb7dca1852b627a034f69be1da68b150eb0d2bbacb5d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-xP1Iy0yEJyrDIcKR_wiXTQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
X-Requested-With
XmlHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 16:16:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
script-src 'report-sample' 'nonce-xP1Iy0yEJyrDIcKR_wiXTQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
content-encoding
gzip
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site, Origin
content-type
application/json; charset=utf-8
cache-control
public, max-age=3600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Fri, 29 Dec 2023 17:16:39 GMT
csp
csp.yandex.net/ 		0
107 B 		Other
General
Check archive.org
Download Go to
Full URL
https://csp.yandex.net/csp?from=passport&project=passport&yandex_login=&yandexuid=
Requested by
Host: accounting-system-staging.lab.codeinside.ru
URL: https://accounting-system-staging.lab.codeinside.ru/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::428 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://accounting-system-staging.lab.codeinside.ru/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/csp-report

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 29 Dec 2023 16:16:40 GMT
Content-Length
0

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| documentPictureInPicture object| gapi object| ___jsl object| _F_toggles object| osapi

4 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 511=thAx0Eu64SjUolQ6F2gGHtL5UKH0lrXGNo9Pl5bSk8Q1fnzxgo17I-B9kn7-bgk9_DvQ84Ek3LDiN_BAh9RDXTa-pStM0MrD7KRGXaXbOIp-vGgiT4qR5I4RMvFqHN7Ml0_MP3uQVNbxNiKl4o8lootlhXejNYTT_zzmu6ZkWTQ
.accounting-system-staging.lab.codeinside.ru/ Name: G_ENABLED_IDPS
Value: google
.yandex.ru/ Name: i
Value: e81xN5AaejJ4a0DnpULR28+TcxxGD+/utC6Q5a+OkVcaQbPHsv5MFKFr40dV1e7n9ho6HWlK+NYGrLn6JjvYo3nwbA0=
.yandex.ru/ Name: yandexuid
Value: 7628084301703866599

4 Console Messages

Source Level URL
Text
security warning URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/cb=gapi.loaded_0?le=scs(Line 186)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://accounts.google.com/_/IdpIFrameHttp/cspreport
Message:
Failed to load resource: the server responded with a status of 400 ()
security error
Message:
Refused to frame 'https://passport.yandex.ru/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounting-system-staging.lab.codeinside.ru
accounts.google.com
apis.google.com
csp.yandex.net
fonts.googleapis.com
oauth.yandex.ru
passport.yandex.ru
www.accounting-system-staging.lab.codeinside.ru
www.gstatic.com
2a00:1450:4001:81c::200e
2a00:1450:4001:82f::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c09::54
2a02:6b8::1:114
2a02:6b8::24
2a02:6b8::428
85.237.57.85
1a592986105eff8c65344f40b4c9772a5ba22bcb7274c2df42a166c091b14d28
2229464879944717906b4275e55098f3958fc121af007a3e712077367bc8b234
34cde982ba3e4dc07422431edb59a249fa3157b297aea11c0647474a27b6161b
427653d8b0569e986b88bb7dca1852b627a034f69be1da68b150eb0d2bbacb5d
4e9c47283d212c1bc7338817b57c76c48a5adca7daf7b1ee15a0f920f7c3008e
8b18b35a4a17302cd832518c807582df8ebe22ecc8d80ca58667904f1155eb13
a6c2d2d8ea434abbd577d3a72b7c41ccc8b97b88b7c3ed89caff3bc6b75c24c4
c1199e8c1e013ad1e9b29ed8bc55b7e682fb5be7525fdc37f67323999d4a446f
c3fcd764822534e2904cce3613eb506f2583f1673e21bff1f2c2be4c4ca03b0b
d2d5a1cb2c3f80a4c4b780d128a791ef46fc3261edca84e2c37059ea85c3cc82
d85f21be5db07a2ea03381f9ba5f984d5fd971f4ceb3174957e8cb6f28949aa9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9aaa28f5465e6373c6baf859935c47d0ef3c74d7c7fbbfd248eb424b323c38f
efc37ba8c632c554a630d4c7c0328ff0c7f31d33c29af5f79a773600c2807a27
f8cbafd49c896a6e02a3a959409874806cff8792343936c0ba532f58ecc95333