urlscan.io logo urlscan.io
SecurityTrails logo

uat1.dbhiponet.deutschebank.pl Open in urlscan Pro
160.83.7.66  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://uat1.dbhiponet.deutschebank.pl/
Effective URL: https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
Submission: On January 24 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 160.83.7.66, located in Frankfurt am Main, Germany and belongs to DEUBA-NET Germany, DE. The main domain is uat1.dbhiponet.deutschebank.pl.
TLS certificate: Issued by Deutsche Bank Server CA 6 on September 23rd 2022. Valid for: a year.
This is the only time uat1.dbhiponet.deutschebank.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 160.83.7.66 8373 (DEUBA-NET...)
7 2
Apex Domain
Subdomains		 Transfer
8 deutschebank.pl
uat1.dbhiponet.deutschebank.pl
586 KB
7 1
Domain Requested by
8 uat1.dbhiponet.deutschebank.pl 1 redirects uat1.dbhiponet.deutschebank.pl
7 1

This site contains links to these domains. Also see Links.

Domain
country.db.com
Subject Issuer Validity Valid
uat1.dbhiponet.deutschebank.pl
Deutsche Bank Server CA 6		 2022-09-23 -
2023-09-23		 a year crt.sh

This page contains 1 frames:

Primary Page: https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
Frame ID: FABDBDBCE52B855F9C3331798741F032
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

db hipoNET - system Internetowej Obsługi Kredytu

Page URL History Show full URLs

  1. https://uat1.dbhiponet.deutschebank.pl/ HTTP 302
    https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html Page URL

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

585 kB
Transfer

2488 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://uat1.dbhiponet.deutschebank.pl/ HTTP 302
    https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request auth.html
uat1.dbhiponet.deutschebank.pl/frontend-web/app/
Redirect Chain
  • https://uat1.dbhiponet.deutschebank.pl/
  • https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.83.7.66 Frankfurt am Main, Germany, ASN8373 (DEUBA-NET Germany, DE),
Reverse DNS
Software
Apache /
Resource Hash
812850ed4def3e74d2d4115485f77454b4a7c37a7149cbed7b904ea889e01f78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers
content-range,content-type,mi24-upload-current-chunk,mi24-upload-total-chunks,Authorization
Access-Control-Allow-Methods
GET,POST,PUT,HEAD,OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=5184000
Connection
Keep-Alive
Content-Encoding
gzip
Content-Language
de-DE
Content-Type
text/html;charset=UTF-8
DB-Nickname
VTJGc2RHVmtYMSs5VWVUdzdYeDBvV3Q5R0d2aXlpa1FZUENZOUZrKzRKOD0=
Date
Tue, 24 Jan 2023 15:51:10 GMT
Expires
Mon, 13 Feb 2023 08:53:57 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000 max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Application-Context
application
X-Content-Type-Options
nosniff
X-DB-NAR
102294-1
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
vary
accept-encoding

Redirect headers

Access-Control-Allow-Headers
content-range,content-type,mi24-upload-current-chunk,mi24-upload-total-chunks,Authorization
Access-Control-Allow-Methods
GET,POST,PUT,HEAD,OPTIONS
Access-Control-Allow-Origin
*
Cache-Controls
no-cache, no-store, must-revalidate, max-age=0
Connection
Keep-Alive
DB-Nickname
VTJGc2RHVmtYMSs5VWVUdzdYeDBvV3Q5R0d2aXlpa1FZUENZOUZrKzRKOD0=
Date
Tue, 24 Jan 2023 15:51:10 GMT
Expires
0
Keep-Alive
timeout=5, max=100
Location
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html#/content/login
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000 max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Application-Context
application
X-Content-Type-Options
nosniff
X-DB-NAR
102294-1
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
e828dffc.es6-shim.min.js
uat1.dbhiponet.deutschebank.pl/frontend-web/app/ 		56 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/e828dffc.es6-shim.min.js
Requested by
Host: uat1.dbhiponet.deutschebank.pl
URL: https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.83.7.66 Frankfurt am Main, Germany, ASN8373 (DEUBA-NET Germany, DE),
Reverse DNS
Software
Apache /
Resource Hash
ba1f5a29f4374a0ea8e9b06cac1f49c85f336c74bcd269ad5873f46cac0b22b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Tue, 24 Jan 2023 15:51:10 GMT
Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Content-Disposition
inline; filename="e828dffc.es6-shim.min.js"
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Application-Context
application
X-DB-NAR
102294-1
Server
Apache
DB-Nickname
VTJGc2RHVmtYMSs5VWVUdzdYeDBvV3Q5R0d2aXlpa1FZUENZOUZrKzRKOD0=
X-Frame-Options
SAMEORIGIN
vary
accept-encoding
Access-Control-Allow-Methods
GET,POST,PUT,HEAD,OPTIONS
Access-Control-Allow-Origin
*
Content-Type
text/javascript
Cache-Control
public, max-age=5184000
Access-Control-Allow-Headers
content-range,content-type,mi24-upload-current-chunk,mi24-upload-total-chunks,Authorization
Keep-Alive
timeout=5, max=98
Expires
Mon, 13 Feb 2023 08:53:58 GMT
61105e09.authentication.js
uat1.dbhiponet.deutschebank.pl/frontend-web/app/ 		29 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/61105e09.authentication.js
Requested by
Host: uat1.dbhiponet.deutschebank.pl
URL: https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.83.7.66 Frankfurt am Main, Germany, ASN8373 (DEUBA-NET Germany, DE),
Reverse DNS
Software
Apache /
Resource Hash
b02be6e257afed324bddc2f569f7218119077ff78f14fb3a67c663bc73820f46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Tue, 24 Jan 2023 15:51:10 GMT
Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Content-Disposition
inline; filename="61105e09.authentication.js"
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Application-Context
application
X-DB-NAR
102294-1
Server
Apache
DB-Nickname
VTJGc2RHVmtYMSs5VWVUdzdYeDBvV3Q5R0d2aXlpa1FZUENZOUZrKzRKOD0=
X-Frame-Options
SAMEORIGIN
vary
accept-encoding
Access-Control-Allow-Methods
GET,POST,PUT,HEAD,OPTIONS
Access-Control-Allow-Origin
*
Content-Type
text/javascript
Cache-Control
public, max-age=5184000
Access-Control-Allow-Headers
content-range,content-type,mi24-upload-current-chunk,mi24-upload-total-chunks,Authorization
Keep-Alive
timeout=5, max=100
Expires
Mon, 13 Feb 2023 08:53:58 GMT
54065edd.2.chunk.js
uat1.dbhiponet.deutschebank.pl/frontend-web/app/ 		2 MB
536 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/54065edd.2.chunk.js
Requested by
Host: uat1.dbhiponet.deutschebank.pl
URL: https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/61105e09.authentication.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.83.7.66 Frankfurt am Main, Germany, ASN8373 (DEUBA-NET Germany, DE),
Reverse DNS
Software
Apache /
Resource Hash
b225445b87bf697b746e1548410c06f87915141415028a5947987d17e1d3d504
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Tue, 24 Jan 2023 15:51:11 GMT
Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Content-Disposition
inline; filename="54065edd.2.chunk.js"
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Application-Context
application
X-DB-NAR
102294-1
Server
Apache
DB-Nickname
VTJGc2RHVmtYMSs5VWVUdzdYeDBvV3Q5R0d2aXlpa1FZUENZOUZrKzRKOD0=
X-Frame-Options
SAMEORIGIN
vary
accept-encoding
Access-Control-Allow-Methods
GET,POST,PUT,HEAD,OPTIONS
Access-Control-Allow-Origin
*
Content-Type
text/javascript
Cache-Control
public, max-age=5184000
Access-Control-Allow-Headers
content-range,content-type,mi24-upload-current-chunk,mi24-upload-total-chunks,Authorization
Keep-Alive
timeout=5, max=99
Expires
Mon, 13 Feb 2023 08:53:58 GMT
b6c19bb6.1.chunk.js
uat1.dbhiponet.deutschebank.pl/frontend-web/app/ 		69 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/b6c19bb6.1.chunk.js
Requested by
Host: uat1.dbhiponet.deutschebank.pl
URL: https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/61105e09.authentication.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.83.7.66 Frankfurt am Main, Germany, ASN8373 (DEUBA-NET Germany, DE),
Reverse DNS
Software
Apache /
Resource Hash
c9c3ea47001378c97387e37ac50ef7df00a473d60b59c877796761dd93d0cb6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Tue, 24 Jan 2023 15:51:10 GMT
Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Content-Disposition
inline; filename="b6c19bb6.1.chunk.js"
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Application-Context
application
X-DB-NAR
102294-1
Server
Apache
DB-Nickname
VTJGc2RHVmtYMSs5VWVUdzdYeDBvV3Q5R0d2aXlpa1FZUENZOUZrKzRKOD0=
X-Frame-Options
SAMEORIGIN
vary
accept-encoding
Access-Control-Allow-Methods
GET,POST,PUT,HEAD,OPTIONS
Access-Control-Allow-Origin
*
Content-Type
text/javascript
Cache-Control
public, max-age=5184000
Access-Control-Allow-Headers
content-range,content-type,mi24-upload-current-chunk,mi24-upload-total-chunks,Authorization
Keep-Alive
timeout=5, max=97
Expires
Mon, 13 Feb 2023 08:53:58 GMT
j_spring_security_check
uat1.dbhiponet.deutschebank.pl/frontend-web/app/ 		4 B
808 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/j_spring_security_check
Requested by
Host: uat1.dbhiponet.deutschebank.pl
URL: https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/54065edd.2.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.83.7.66 Frankfurt am Main, Germany, ASN8373 (DEUBA-NET Germany, DE),
Reverse DNS
Software
Apache /
Resource Hash
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Tue, 24 Jan 2023 15:51:11 GMT
Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Application-Context
application
Pragma
no-cache
X-DB-NAR
102294-1
Server
Apache
DB-Nickname
VTJGc2RHVmtYMSs5VWVUdzdYeDBvV3Q5R0d2aXlpa1FZUENZOUZrKzRKOD0=
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,POST,PUT,HEAD,OPTIONS
Access-Control-Allow-Origin
*
Cache-Controls
no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Headers
content-range,content-type,mi24-upload-current-chunk,mi24-upload-total-chunks,Authorization
Keep-Alive
timeout=5, max=98
Expires
0
get_resources
uat1.dbhiponet.deutschebank.pl/frontend-web/api/login_page_resources/get/ 		126 B
1015 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://uat1.dbhiponet.deutschebank.pl/frontend-web/api/login_page_resources/get/get_resources?lang=en
Requested by
Host: uat1.dbhiponet.deutschebank.pl
URL: https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/54065edd.2.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.83.7.66 Frankfurt am Main, Germany, ASN8373 (DEUBA-NET Germany, DE),
Reverse DNS
Software
Apache /
Resource Hash
ca362ef0ea1a46b1cd80c17c4697f0e82a0f2207ce435d7201543e42c3cd0b6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://uat1.dbhiponet.deutschebank.pl/frontend-web/app/auth.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Tue, 24 Jan 2023 15:51:11 GMT
Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Application-Context
application
Pragma
no-cache
X-DB-NAR
102294-1
Server
Apache
DB-Nickname
VTJGc2RHVmtYMSs5VWVUdzdYeDBvV3Q5R0d2aXlpa1FZUENZOUZrKzRKOD0=
X-Frame-Options
SAMEORIGIN
vary
accept-encoding
Access-Control-Allow-Methods
GET,POST,PUT,HEAD,OPTIONS
Access-Control-Allow-Origin
*
Content-Type
application/json
Cache-Control
no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Headers
content-range,content-type,mi24-upload-current-chunk,mi24-upload-total-chunks,Authorization
Keep-Alive
timeout=5, max=97
Expires
0
truncated
/ 		229 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bdd1f53ccbbd3885f1b6857579f8381a2beb527d7c61fb39aa00c8b0263ee5ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange undefined| myrem string| resourceBaseUrl boolean| isBrowserCompatible string| openIdAddress string| openIdLoginPageUri string| openIdLoginRedirect object| csrf_token object| less object| returnExports object| webpackJsonp_name_ function| singleSpaNavigate object| authentication object| __core-js_shared__ object| angular function| _ object| Rx function| setImmediate function| clearImmediate boolean| suspendPlatformModuleBoot object| ngMaterial number| ng339

2 Cookies

Domain/Path Name / Value
uat1.dbhiponet.deutschebank.pl/ Name: JSESSIONID
Value: 6AD777D60272BAD6E9113EAE7F51B6E5
uat1.dbhiponet.deutschebank.pl/ Name: language
Value: en

1 Console Messages

Source Level URL
Text
network error URL: https://uat1.dbhiponet.deutschebank.pl/frontend-web/api/login_page_resources/get/get_resources?lang=en
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000 max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block