urlscan.io logo urlscan.io
SecurityTrails logo

backoffice.mancala66.com Open in urlscan Pro
213.183.44.119  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://backoffice.mancala66.com/activation#code=52a9062e11aa710c6f42471ff0f830e4dc05b87771959a275b6c01f39914262c7259ce837f4cf666...
Effective URL: https://backoffice.mancala66.com/activation
Submission: On March 28 via manual from CR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 213.183.44.119, located in Lithuania and belongs to MELBICOM-EU-AS Melbikomas UAB, LT. The main domain is backoffice.mancala66.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 2nd 2022. Valid for: a year.
This is the only time backoffice.mancala66.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 213.183.44.119 56630 (MELBICOM-...)
12 1
Apex Domain
Subdomains		 Transfer
12 mancala66.com
backoffice.mancala66.com
2 MB
12 1
Domain Requested by
12 backoffice.mancala66.com backoffice.mancala66.com
12 1

This site contains no links.

Subject Issuer Validity Valid
*.mancala66.com
Sectigo RSA Domain Validation Secure Server CA		 2022-05-02 -
2023-05-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://backoffice.mancala66.com/activation
Frame ID: FEA71B3FB597F4FAEDA3043F568EC466
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

backoffice.mancala66.com

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]*class="ant-(?:btn|col|row|layout|breadcrumb|menu|pagination|steps|select|cascader|checkbox|calendar|form|input-number|input|mention|rate|radio|slider|switch|tree-select|time-picker|transfer|upload|avatar|badge|card|carousel|collapse|list|popover|tooltip|table|tabs|tag|timeline|tree|alert|modal|message|notification|progress|popconfirm|spin|anchor|back-top|divider|drawer)

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2343 kB
Transfer

11062 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request activation
backoffice.mancala66.com/ 		11 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://backoffice.mancala66.com/activation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
8d6740f29443e01ca5eaf69249dcad713396b49339b881c18957e67f35fa671b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-64a52dc0-d22c-4c32-87f2-eb11aa0a28bd' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-cache, no-store, must-revalidate
content-encoding
gzip
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-64a52dc0-d22c-4c32-87f2-eb11aa0a28bd' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
content-type
text/html; charset=utf-8
date
Tue, 28 Mar 2023 20:14:39 GMT
etag
W/"2c96-89d7YHKCYGTEoRbgtc/Ps9p3w/A"
expires
-1
pragma
no-cache
server
nginx
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
styles.c106e0c81463d3ef4629.css
backoffice.mancala66.com/public/ 		890 KB
96 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://backoffice.mancala66.com/public/styles.c106e0c81463d3ef4629.css
Requested by
Host: backoffice.mancala66.com
URL: https://backoffice.mancala66.com/activation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
83a21bc0004c098f2f53abe817eb09532de4aca33c6f39dffc4b0677e050ad09
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-fd77321b-e62e-429c-b761-883c027f44b4' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://backoffice.mancala66.com/activation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 20:14:39 GMT
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-fd77321b-e62e-429c-b761-883c027f44b4' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 23 Mar 2023 07:32:47 GMT
server
nginx
content-encoding
gzip
etag
W/"de64c-1870d626d18"
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=2592000
x-xss-protection
1; mode=block
styles.aa406d4ecdd1ef5706e1.css
backoffice.mancala66.com/public/ 		607 KB
65 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://backoffice.mancala66.com/public/styles.aa406d4ecdd1ef5706e1.css
Requested by
Host: backoffice.mancala66.com
URL: https://backoffice.mancala66.com/activation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
aa697bb7277f17dea0ade50822811ceaa99b0fc3a096162ef6c666e830050f9c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-e1b394f0-7bbb-4ca4-a27e-aec658a909d8' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://backoffice.mancala66.com/activation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 20:14:39 GMT
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-e1b394f0-7bbb-4ca4-a27e-aec658a909d8' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 23 Mar 2023 07:32:47 GMT
server
nginx
content-encoding
gzip
etag
W/"97d8a-1870d626d18"
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=2592000
x-xss-protection
1; mode=block
favicon-custom.svg
backoffice.mancala66.com/assets/favicon/ 		821 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://backoffice.mancala66.com/assets/favicon/favicon-custom.svg?size=64
Requested by
Host: backoffice.mancala66.com
URL: https://backoffice.mancala66.com/activation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
f9d8e1ccec7c6a696b4a32ab1b8eeab3ea1af734ec022e5ad38e1537c1bad213
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-07ddf0a5-6806-43cd-873a-99ff6bf4c343' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://backoffice.mancala66.com/activation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 20:14:39 GMT
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-07ddf0a5-6806-43cd-873a-99ff6bf4c343' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
nginx
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public, max-age=2592000
content-length
821
x-xss-protection
1; mode=block
en-GB.js
backoffice.mancala66.com/web-api/i18n-source/ 		72 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://backoffice.mancala66.com/web-api/i18n-source/en-GB.js?bn=1679556699708
Requested by
Host: backoffice.mancala66.com
URL: https://backoffice.mancala66.com/activation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
8a0f160fe0710faf936713199dc0f1db83dee93ba4313f974b96473150d63dae
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-b0475175-758d-4735-b704-67637efceedc' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://backoffice.mancala66.com/activation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 20:14:39 GMT
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-b0475175-758d-4735-b704-67637efceedc' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
server
nginx
etag
W/"11e4a-R9BV4x6BgQOMg6YXo+O3KElHfxI"
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=864000
x-xss-protection
1; mode=block
chunk.c106e0c81463d3ef4629.js
backoffice.mancala66.com/public/ 		8 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://backoffice.mancala66.com/public/chunk.c106e0c81463d3ef4629.js
Requested by
Host: backoffice.mancala66.com
URL: https://backoffice.mancala66.com/activation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
fbe5b698b022ed2927726a4ed62ae62be4eb9ae402287cbdeddf1d4debb67054
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-66e211f2-a0fe-41e1-a098-9ac18119eb64' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://backoffice.mancala66.com/activation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 20:14:39 GMT
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-66e211f2-a0fe-41e1-a098-9ac18119eb64' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 23 Mar 2023 07:32:47 GMT
server
nginx
content-encoding
gzip
etag
W/"791a84-1870d626d18"
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=2592000
x-xss-protection
1; mode=block
bundle.ba881cf209140c2aee5a.js
backoffice.mancala66.com/public/ 		899 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://backoffice.mancala66.com/public/bundle.ba881cf209140c2aee5a.js
Requested by
Host: backoffice.mancala66.com
URL: https://backoffice.mancala66.com/activation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
bf9b0d37d7dee4cff9aabe17b9cdaa5ce59e7a52464a5c2955a9961dac7f971f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-e4db9b71-3309-4164-ae6f-4d041abca888' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://backoffice.mancala66.com/activation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 20:14:39 GMT
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-e4db9b71-3309-4164-ae6f-4d041abca888' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 23 Mar 2023 07:32:47 GMT
server
nginx
content-encoding
gzip
etag
W/"e0a3f-1870d626d18"
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=2592000
x-xss-protection
1; mode=block
/
backoffice.mancala66.com/web-api/report-csp/ 		0
668 B 		Other
General
Check archive.org
Download Go to
Full URL
https://backoffice.mancala66.com/web-api/report-csp/
Requested by
Host: backoffice.mancala66.com
URL: https://backoffice.mancala66.com/activation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-f4f920e3-4681-4b3e-90a3-e93e6ed5d957' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://backoffice.mancala66.com/activation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 28 Mar 2023 20:14:39 GMT
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-f4f920e3-4681-4b3e-90a3-e93e6ed5d957' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
nginx
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
/
backoffice.mancala66.com/web-api/report-csp/ 		0
668 B 		Other
General
Check archive.org
Download Go to
Full URL
https://backoffice.mancala66.com/web-api/report-csp/
Requested by
Host: backoffice.mancala66.com
URL: https://backoffice.mancala66.com/public/chunk.c106e0c81463d3ef4629.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-81c7125d-b60c-4858-99f7-62a37ff4ad80' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://backoffice.mancala66.com/activation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 28 Mar 2023 20:14:39 GMT
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-81c7125d-b60c-4858-99f7-62a37ff4ad80' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
nginx
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
/
backoffice.mancala66.com/web-api/report-csp/ 		0
669 B 		Other
General
Check archive.org
Download Go to
Full URL
https://backoffice.mancala66.com/web-api/report-csp/
Requested by
Host: backoffice.mancala66.com
URL: https://backoffice.mancala66.com/public/chunk.c106e0c81463d3ef4629.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-5e3f9508-9bb2-4c80-8bbf-d6416584340f' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://backoffice.mancala66.com/activation
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 28 Mar 2023 20:14:39 GMT
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-5e3f9508-9bb2-4c80-8bbf-d6416584340f' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
nginx
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
chunk.fed36fbbce35b3d75b9a.js
backoffice.mancala66.com/public/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://backoffice.mancala66.com/public/chunk.fed36fbbce35b3d75b9a.js
Requested by
Host: backoffice.mancala66.com
URL: https://backoffice.mancala66.com/public/bundle.ba881cf209140c2aee5a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
8f17ad223c1ff56530f89e75a0586f8fc24ef105bbfbb02677adcc5c506fe2d3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-04738f48-be2b-4b61-a676-c5a8626fd299' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://backoffice.mancala66.com/activation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 20:14:40 GMT
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-04738f48-be2b-4b61-a676-c5a8626fd299' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 23 Mar 2023 07:32:47 GMT
server
nginx
content-encoding
gzip
etag
W/"87c-1870d626d18"
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=2592000
x-xss-protection
1; mode=block
chunk.897c9c0ef0a275a27f1a.js
backoffice.mancala66.com/public/ 		830 KB
394 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://backoffice.mancala66.com/public/chunk.897c9c0ef0a275a27f1a.js
Requested by
Host: backoffice.mancala66.com
URL: https://backoffice.mancala66.com/public/bundle.ba881cf209140c2aee5a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.183.44.119 , Lithuania, ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT),
Reverse DNS
Software
nginx /
Resource Hash
1d579a6b4048955ca709a2268ff2a8781e866a20a92117d44c9d7864eb0483fb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-6c187660-73c4-4ba8-98e3-96747ec57226' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://backoffice.mancala66.com/activation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 20:14:39 GMT
content-security-policy
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-6c187660-73c4-4ba8-98e3-96747ec57226' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 23 Mar 2023 07:32:47 GMT
server
nginx
content-encoding
gzip
etag
W/"cf74e-1870d626d18"
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=2592000
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| __APOLLO_STATE__ function| initMomentLocale object| webpackJsonp function| setImmediate function| clearImmediate object| regeneratorRuntime object| scCGSHMRCache function| saveAs function| moment object| platform

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-64a52dc0-d22c-4c32-87f2-eb11aa0a28bd' 'unsafe-inline' 'report-sample' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/api2/ https://mc.yandex.ru/ https://recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https:; object-src 'none'; base-uri 'self'; report-uri /web-api/report-csp/
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block