Submitted URL: https://esaf.infakt.pl/
Effective URL: https://esaf.infakt.pl/sessions/new
Submission: On June 20 via api from US — Scanned from PL

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 172.66.43.166, located in United States and belongs to CLOUDFLARENET, US. The main domain is esaf.infakt.pl.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on March 24th 2024. Valid for: a year.
This is the only time esaf.infakt.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 8 172.66.43.166 13335 (CLOUDFLAR...)
1 104.18.10.207 13335 (CLOUDFLAR...)
1 151.101.66.137 54113 (FASTLY)
2 142.250.186.142 15169 (GOOGLE)
1 104.16.80.73 13335 (CLOUDFLAR...)
1 209.85.202.84 15169 (GOOGLE)
12 6
Apex Domain
Subdomains
Transfer
8 infakt.pl
esaf.infakt.pl
www.infakt.pl
10 KB
3 google.com
apis.google.com — Cisco Umbrella Rank: 217
accounts.google.com — Cisco Umbrella Rank: 45
82 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1073
7 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 816
86 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1286
22 KB
12 5
Domain Requested by
7 esaf.infakt.pl 2 redirects esaf.infakt.pl
static.cloudflareinsights.com
2 apis.google.com esaf.infakt.pl
apis.google.com
1 www.infakt.pl
1 accounts.google.com apis.google.com
1 static.cloudflareinsights.com esaf.infakt.pl
1 code.jquery.com esaf.infakt.pl
1 maxcdn.bootstrapcdn.com esaf.infakt.pl
12 7

This site contains no links.

Subject Issuer Validity Valid
*.infakt.pl
GeoTrust TLS RSA CA G1
2024-03-24 -
2025-04-24
a year crt.sh
bootstrapcdn.com
GTS CA 1P5
2024-05-25 -
2024-08-23
3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh
*.apis.google.com
WR2
2024-06-03 -
2024-08-26
3 months crt.sh
cloudflareinsights.com
GTS CA 1P5
2024-05-08 -
2024-08-06
3 months crt.sh
accounts.google.com
WR2
2024-06-03 -
2024-08-26
3 months crt.sh

This page contains 3 frames:

Primary Page: https://esaf.infakt.pl/sessions/new
Frame ID: 46E606AD8D7CA45C3807742D260CD3D8
Requests: 9 HTTP requests in this frame

Frame: https://esaf.infakt.pl/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js
Frame ID: 0956C0F07A029BA27625E12C3E3C06B8
Requests: 2 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 53D8AD9D92550C14EBEA95FE4F74EBD3
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

eSAF Web

Page URL History Show full URLs

  1. https://esaf.infakt.pl/ HTTP 302
    https://esaf.infakt.pl/sessions/new Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <meta[^>]*google-signin-client_id
  • <iframe[^>]*accounts\.google\.com/o/oauth2
  • apis\.google\.com/js/platform\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

92 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

6
IPs

2
Countries

207 kB
Transfer

672 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://esaf.infakt.pl/ HTTP 302
    https://esaf.infakt.pl/sessions/new Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://esaf.infakt.pl/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://esaf.infakt.pl/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request new
esaf.infakt.pl/sessions/
Redirect Chain
  • https://esaf.infakt.pl/
  • https://esaf.infakt.pl/sessions/new
3 KB
2 KB
Document
General
Full URL
https://esaf.infakt.pl/sessions/new
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.43.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
277a6fd598e902e4798b04d555ecb4099e37670476115cddf01f849b0cab803d
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
896bc9a23b8f34b0-WAW
content-encoding
br
content-type
text/html
date
Thu, 20 Jun 2024 12:33:30 GMT
server
cloudflare
strict-transport-security
max-age=604800; includeSubDomains
viaproxy
Yes
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
896bc9a1aa8434b0-WAW
content-type
text/html
date
Thu, 20 Jun 2024 12:33:29 GMT
location
/sessions/new
server
cloudflare
strict-transport-security
max-age=604800; includeSubDomains
viaproxy
Yes
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/
118 KB
22 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Requested by
Host: esaf.infakt.pl
URL: https://esaf.infakt.pl/sessions/new
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://esaf.infakt.pl/
Origin
https://esaf.infakt.pl
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 20 Jun 2024 12:33:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
cdn-edgestorageid
1150
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-cachedat
05/09/2024 02:50:50
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"ec3bb52a00e176a7181d454dffaea219"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
ea79d97aed556e90ee7e12b9fd656c66
timing-allow-origin
*
cdn-requestcountrycode
JP
cdn-status
200
cf-ray
896bc9a3eb5eb1eb-WAW
cdn-requestpullsuccess
True
jquery-1.12.3.js
code.jquery.com/
287 KB
86 KB
Script
General
Full URL
https://code.jquery.com/jquery-1.12.3.js
Requested by
Host: esaf.infakt.pl
URL: https://esaf.infakt.pl/sessions/new
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d5732912d03878a5cd3695dc275a6630fb3c255fa7c0b744ab08897824049327

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://esaf.infakt.pl/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 20 Jun 2024 12:33:30 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
2599338
x-cache
HIT, HIT
content-length
87241
x-served-by
cache-lga21983-LGA, cache-fra-eddf8230027-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1718886810.472083,VS0,VE0
etag
W/"28feccc0-47b12"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
14422, 59
app.4704db6255c34e8f404a7a1fa5bdbf769c5ca19f23f6d3f897fb76546029b901.js
esaf.infakt.pl/assets/
4 KB
2 KB
Script
General
Full URL
https://esaf.infakt.pl/assets/app.4704db6255c34e8f404a7a1fa5bdbf769c5ca19f23f6d3f897fb76546029b901.js
Requested by
Host: esaf.infakt.pl
URL: https://esaf.infakt.pl/sessions/new
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.43.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4704db6255c34e8f404a7a1fa5bdbf769c5ca19f23f6d3f897fb76546029b901
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://esaf.infakt.pl/sessions/new
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 20 Jun 2024 12:33:30 GMT
strict-transport-security
max-age=604800; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Tue, 18 Jun 2024 00:35:06 GMT
server
cloudflare
age
1850
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
content-encoding
br
cf-ray
896bc9a2ed93b5fd-WAW
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
viaproxy
Yes
platform.js
apis.google.com/js/
55 KB
22 KB
Script
General
Full URL
https://apis.google.com/js/platform.js
Requested by
Host: esaf.infakt.pl
URL: https://esaf.infakt.pl/sessions/new
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f14.1e100.net
Software
sffe /
Resource Hash
ee7b860cb882c585f62e113a6b3db3f9764dbf10ffb01d1c6041ea5dd1babe60
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://esaf.infakt.pl/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 20 Jun 2024 12:33:31 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21592
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"10e2b8c0b993f417"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Jun 2024 12:33:31 GMT
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/
19 KB
7 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: esaf.infakt.pl
URL: https://esaf.infakt.pl/sessions/new
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.80.73 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://esaf.infakt.pl/
Origin
https://esaf.infakt.pl
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 20 Jun 2024 12:33:31 GMT
content-encoding
gzip
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
server
cloudflare
etag
W/"2024.6.1"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
896bc9a8c91dbf45-WAW
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.pl.edy7RZCje9Q.O/m=signin2/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_SA_fsYiDw71HJEx-jIFKT2MtU2g/
178 KB
61 KB
Script
General
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.pl.edy7RZCje9Q.O/m=signin2/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_SA_fsYiDw71HJEx-jIFKT2MtU2g/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f14.1e100.net
Software
sffe /
Resource Hash
9c69df18d4f1e00031f9bcbcdf31862700668c9ebece5e6dd35e9b16a336d156
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://esaf.infakt.pl/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 17 Jun 2024 18:09:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
239036
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61763
x-xss-protection
0
last-modified
Thu, 06 Jun 2024 15:21:04 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 17 Jun 2025 18:09:35 GMT
main.js
esaf.infakt.pl/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/ Frame 0956
Redirect Chain
  • https://esaf.infakt.pl/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://esaf.infakt.pl/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js
8 KB
4 KB
Script
General
Full URL
https://esaf.infakt.pl/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js
Requested by
Host: esaf.infakt.pl
URL: https://esaf.infakt.pl/sessions/new
Protocol
H3
Server
172.66.43.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ec05f6c15d72ad7b965bbff510a94eb6f0f7cad2bf7f4d8c121cb7928ba623c
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 20 Jun 2024 12:33:31 GMT
strict-transport-security
max-age=604800; includeSubDomains
x-content-type-options
nosniff
content-encoding
br
server
cloudflare
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
896bc9a99e3ab5fd-WAW
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Thu, 20 Jun 2024 12:33:31 GMT
strict-transport-security
max-age=604800; includeSubDomains
server
cloudflare
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
896bc9a95dcfb5fd-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
iframe
accounts.google.com/o/oauth2/ Frame 53D8
0
0
Document
General
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.pl.edy7RZCje9Q.O/m=signin2/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_SA_fsYiDw71HJEx-jIFKT2MtU2g/cb=gapi.loaded_0?le=scs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
209.85.202.84 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
dg-in-f84.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-qyz_w7t8kGdO5duN-j_StA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://esaf.infakt.pl/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-qyz_w7t8kGdO5duN-j_StA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Thu, 20 Jun 2024 12:33:31 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
Anx7P+ykxPk2cvb3pmDcFJrtthuvm2pPqF/N9DW2XnD4tw+GvaXWaUhemhtJeK2OiYYjgVfcdmEkym+Al84WUQEAAABReyJvcmlnaW4iOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTl9 AgwNkGShU7jmThCwETvmNknL6SkfRK4HUOBOkR6DTLS3TOAs8YQVA2BAX9dts4v0gDOKplt/w6+QXoSpVnb4RQMAAABmeyJvcmlnaW4iOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkZlZENtV2l0aFN0b3JhZ2VBY2Nlc3NBUEkiLCJleHBpcnkiOjE3Mjc4MjcxOTl9
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
reporting-endpoints
default="/_/IdpIFrameHttp/web-reports?context=eJzjctHikmJw1JBikPj6kkkDiJ3SZ7AGAbFP_QzWGCBuvXmOdSoQW988z5r07zxrERC3f77AOh2Il0RcZD2UeJFViIdj9uELm9kEVhx4-5dJSS0pvzA-MyU1rySzpFI3P7G0JEM3o6SkIN7IwMjEwMzAUs_AIr7AAAArwjFx"
server
ESF
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-xss-protection
0
896bc9a23b8f34b0
esaf.infakt.pl/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 0956
0
427 B
XHR
General
Full URL
https://esaf.infakt.pl/cdn-cgi/challenge-platform/h/g/jsd/r/896bc9a23b8f34b0
Requested by
Host: esaf.infakt.pl
URL: https://esaf.infakt.pl/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.43.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 20 Jun 2024 12:33:31 GMT
strict-transport-security
max-age=604800; includeSubDomains
server
cloudflare
cf-ray
896bc9aa9fa9b5fd-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain; charset=UTF-8
rum
esaf.infakt.pl/cdn-cgi/
0
140 B
XHR
General
Full URL
https://esaf.infakt.pl/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.43.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://esaf.infakt.pl/sessions/new
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Thu, 20 Jun 2024 12:33:32 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://esaf.infakt.pl
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
896bc9b15971b5fd-WAW
favicon.png
www.infakt.pl/images/layout/
182 B
2 KB
Other
General
Full URL
https://www.infakt.pl/images/layout/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.43.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da0321d3386a5423a5dc2e1c1015f3e7a508e0f9bbbfde938fcf6cccf473ce24
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss: *.infakt.pl infakt.pl *.infakt.pl infakt.pl *.infakt.infaktcdn.pl production.infaktcdn.pl www.recaptcha.net www.google.be www.google.com.cy www.google.cz www.google.gr www.google.lu www.google.pl www.google.ad www.google.ae www.google.at www.google.be www.google.by www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.ma www.google.co.th www.google.co.tz www.google.co.uk www.google.co.za www.google.com.au www.google.com.co www.google.com.cy www.google.com.do www.google.com.kh www.google.com.mt www.google.com.np www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.ua www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hr www.google.ie www.google.is www.google.it www.google.kz www.google.lk www.google.lt www.google.lu www.google.mu www.google.nl www.google.no www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk *.google.com *.googlesyndication.com *.youtube.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com stats.g.doubleclick.net googleads.g.doubleclick.net *.fls.doubleclick.net code.jquery.com *.facebook.com *.fbsbx.com *.facebook.net cx.atdmt.com api-js.mixpanel.com js-agent.newrelic.com nr-data.net *.nr-data.net loader.wisepops.com cdn.mxpnl.com cdn4.mxpnl.com cdn.datatables.net static.zdassets.com ekr.zdassets.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com *.zopim.com *.zopim.io media.zeise.cloud s3.amazonaws.com *.s3.amazonaws.com *.s3.eu-central-1.amazonaws.com *.s3.eu-west-1.amazonaws.com infakt-maintenance-page.s3.eu-central-1.amazonaws.com platnosci.bm.pl pg-accept.blue.pl infaktpodatki.mint.net.pl wl-api.mf.gov.pl *.hotjar.com wss://*.hotjar.com *.hotjar.io *.callpage.io cdnjs.cloudflare.com centrum24.pl *.payu.com maxcdn.bootstrapcdn.com d4z6dx8qrln4r.cloudfront.net use.fontawesome.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com t.co *.t.co form.typeform.com infakt.typeform.com *.licdn.com *.linkedin.com *.quora.com *.honeybadger.io infakt.user.com media.user.com widget.user.com https://snowplow.visma.com https://cdn.cookielaw.org https://*.onetrust.com https://optanon.blob.core.windows.net https://cdn.jsdelivr.net; frame-ancestors 'self';
Strict-Transport-Security max-age=604800; includeSubDomains
X-Frame-Options SAMEORIGIN, SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://esaf.infakt.pl/
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-runtime
0.006954
date
Thu, 20 Jun 2024 12:33:32 GMT
strict-transport-security
max-age=604800; includeSubDomains
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss: *.infakt.pl infakt.pl *.infakt.pl infakt.pl *.infakt.infaktcdn.pl production.infaktcdn.pl www.recaptcha.net www.google.be www.google.com.cy www.google.cz www.google.gr www.google.lu www.google.pl www.google.ad www.google.ae www.google.at www.google.be www.google.by www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.ma www.google.co.th www.google.co.tz www.google.co.uk www.google.co.za www.google.com.au www.google.com.co www.google.com.cy www.google.com.do www.google.com.kh www.google.com.mt www.google.com.np www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.ua www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.hr www.google.ie www.google.is www.google.it www.google.kz www.google.lk www.google.lt www.google.lu www.google.mu www.google.nl www.google.no www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk *.google.com *.googlesyndication.com *.youtube.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com stats.g.doubleclick.net googleads.g.doubleclick.net *.fls.doubleclick.net code.jquery.com *.facebook.com *.fbsbx.com *.facebook.net cx.atdmt.com api-js.mixpanel.com js-agent.newrelic.com nr-data.net *.nr-data.net loader.wisepops.com cdn.mxpnl.com cdn4.mxpnl.com cdn.datatables.net static.zdassets.com ekr.zdassets.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com *.zopim.com *.zopim.io media.zeise.cloud s3.amazonaws.com *.s3.amazonaws.com *.s3.eu-central-1.amazonaws.com *.s3.eu-west-1.amazonaws.com infakt-maintenance-page.s3.eu-central-1.amazonaws.com platnosci.bm.pl pg-accept.blue.pl infaktpodatki.mint.net.pl wl-api.mf.gov.pl *.hotjar.com wss://*.hotjar.com *.hotjar.io *.callpage.io cdnjs.cloudflare.com centrum24.pl *.payu.com maxcdn.bootstrapcdn.com d4z6dx8qrln4r.cloudfront.net use.fontawesome.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com t.co *.t.co form.typeform.com infakt.typeform.com *.licdn.com *.linkedin.com *.quora.com *.honeybadger.io infakt.user.com media.user.com widget.user.com https://snowplow.visma.com https://cdn.cookielaw.org https://*.onetrust.com https://optanon.blob.core.windows.net https://cdn.jsdelivr.net; frame-ancestors 'self';
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/plain
cf-ray
896bc9b1680a34b0-WAW
alt-svc
h3=":443"; ma=86400
content-length
182
x-request-id
bcda74be-59d1-46a6-95c3-48bffc31df63

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 undefined| event object| fence object| sharedStorage function| $ function| jQuery function| googleAuthSigninErrorMessage function| onSignIn object| ___gcfg object| gapi object| ___jsl object| ___gu object| __cfBeacon object| _F_toggles object| osapi

5 Cookies

Domain/Path Name / Value
.infakt.pl/ Name: __cf_bm
Value: iCLR1sEwAoQPcbR5tczq5SLKaRf6ajCf35EjQrk59aA-1718886809-1.0.1.1-VybyK6yyALlQcYwp3RaukPyHefPO28LiAkSndxfaRgWH2g8MnIn3bCscAOLfWrrw_lZ1bC1HzDsoo6W0_1rRQQ
.esaf.infakt.pl/ Name: G_ENABLED_IDPS
Value: google
.infakt.pl/ Name: cf_clearance
Value: VsXPK5OR23XV7C3DvgjO_jyO7DRBamBkq84XCxD9MAI-1718886811-1.0.1.1-weWr9tf9lJ0y2iSjalbExSYCvcVomKAI81BS5AG14JavTscCYM5X1s7XUoiWf88DNR16Akd7BSHVH9BRzPoVWA
www.infakt.pl/ Name: AWSALB
Value: kyaB5JrWpY8toCsxOFmptZ1JYXCkoQ14DeNAPUrLOPkZ+5DvfpaWT0z6CTo3zPjgxRVtxFWBf4a7EnQ+Xj2W8PSC11Lkq5cGnqHMr9i3y+anpiy7zeePfHViOCmo
www.infakt.pl/ Name: AWSALBCORS
Value: kyaB5JrWpY8toCsxOFmptZ1JYXCkoQ14DeNAPUrLOPkZ+5DvfpaWT0z6CTo3zPjgxRVtxFWBf4a7EnQ+Xj2W8PSC11Lkq5cGnqHMr9i3y+anpiy7zeePfHViOCmo

2 Console Messages

Source Level URL
Text
security warning URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.pl.edy7RZCje9Q.O/m=signin2/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_SA_fsYiDw71HJEx-jIFKT2MtU2g/cb=gapi.loaded_0?le=scs(Line 195)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network error URL: https://www.infakt.pl/images/layout/favicon.png
Message:
Failed to load resource: the server responded with a status of 500 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=604800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block