Submitted URL: https://evapro-test-2.swisslife.de/
Effective URL: https://evapro-test-2.swisslife.de/pos/pos
Submission: On March 12 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 18.196.113.141, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is evapro-test-2.swisslife.de.
TLS certificate: Issued by Amazon RSA 2048 M02 on March 12th 2024. Valid for: a year.
This is the only time evapro-test-2.swisslife.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 18.196.113.141 16509 (AMAZON-02)
10 1
Apex Domain
Subdomains
Transfer
11 swisslife.de
evapro-test-2.swisslife.de
1 MB
10 1
Domain Requested by
11 evapro-test-2.swisslife.de 1 redirects evapro-test-2.swisslife.de
10 1

This site contains no links.

Subject Issuer Validity Valid
evapro-test-2.swisslife.de
Amazon RSA 2048 M02
2024-03-12 -
2025-04-10
a year crt.sh

This page contains 1 frames:

Primary Page: https://evapro-test-2.swisslife.de/pos/pos
Frame ID: 2A787B4D8C11408F74B4718B795ED715
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

Swiss Life EVApro 20241.2.0.6

Page URL History Show full URLs

  1. https://evapro-test-2.swisslife.de/ HTTP 302
    https://evapro-test-2.swisslife.de/pos/pos Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1132 kB
Transfer

1127 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://evapro-test-2.swisslife.de/ HTTP 302
    https://evapro-test-2.swisslife.de/pos/pos Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request pos
evapro-test-2.swisslife.de/pos/
Redirect Chain
  • https://evapro-test-2.swisslife.de/
  • https://evapro-test-2.swisslife.de/pos/pos
5 KB
5 KB
Document
General
Full URL
https://evapro-test-2.swisslife.de/pos/pos
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.113.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-113-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
52c98328733ed912650e92cabf8c7a801aa990fe5f1357e631da6afa06a9868e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, must-revalidate, no-store
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
content-type
text/html;charset=UTF-8
date
Tue, 12 Mar 2024 14:46:24 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff

Redirect headers

content-length
138
content-type
text/html
date
Tue, 12 Mar 2024 14:46:24 GMT
location
https://evapro-test-2.swisslife.de/pos/pos
rap-client.js
evapro-test-2.swisslife.de/pos/rwt-resources/370/
979 KB
981 KB
Script
General
Full URL
https://evapro-test-2.swisslife.de/pos/rwt-resources/370/rap-client.js
Requested by
Host: evapro-test-2.swisslife.de
URL: https://evapro-test-2.swisslife.de/pos/pos
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.113.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-113-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
16df01f299bd8a6e41c1de04127f793a5a013c6068db951f1e24f74cfc87f620
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://evapro-test-2.swisslife.de/pos/pos
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 14:46:24 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 07 Mar 2024 13:57:47 GMT
etag
W/"1002851-1709819867766"
content-type
application/javascript
content-length
1002851
resources.js
evapro-test-2.swisslife.de/pos/rwt-resources/370/
19 KB
19 KB
Script
General
Full URL
https://evapro-test-2.swisslife.de/pos/rwt-resources/370/resources.js
Requested by
Host: evapro-test-2.swisslife.de
URL: https://evapro-test-2.swisslife.de/pos/pos
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.113.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-113-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
8df34747fee89c772e6e6649eee919a3602f23b3b0bc7a980dcab4b65e5d99bf
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://evapro-test-2.swisslife.de/pos/pos
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 14:46:24 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 07 Mar 2024 13:57:47 GMT
etag
W/"19477-1709819867838"
content-type
application/javascript
content-length
19477
c8fd9721.png
evapro-test-2.swisslife.de/pos/rwt-resources/themes/images/
3 KB
3 KB
Image
General
Full URL
https://evapro-test-2.swisslife.de/pos/rwt-resources/themes/images/c8fd9721.png
Requested by
Host: evapro-test-2.swisslife.de
URL: https://evapro-test-2.swisslife.de/pos/pos
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.113.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-113-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
34ca5bd77527c8bd4a713985726aac08884848763eb460d2c0cc463e6347e40c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://evapro-test-2.swisslife.de/pos/pos
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 14:46:24 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 07 Mar 2024 13:57:47 GMT
etag
W/"2962-1709819867822"
content-type
image/png
content-length
2962
rap-rwt.theme.Fallback.json
evapro-test-2.swisslife.de/pos/rwt-resources/
40 KB
41 KB
XHR
General
Full URL
https://evapro-test-2.swisslife.de/pos/rwt-resources/rap-rwt.theme.Fallback.json
Requested by
Host: evapro-test-2.swisslife.de
URL: https://evapro-test-2.swisslife.de/pos/rwt-resources/370/rap-client.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.113.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-113-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
9d479663d7630460b2c58be3724b6d5262f4f6656c30165509246db3da9c1c25
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://evapro-test-2.swisslife.de/pos/pos
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

date
Tue, 12 Mar 2024 14:46:24 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 07 Mar 2024 13:57:47 GMT
etag
W/"41354-1709819867790"
content-type
application/json
content-length
41354
rap-rwt.theme.Custom_4af0b9ca.json
evapro-test-2.swisslife.de/pos/rwt-resources/
76 KB
76 KB
XHR
General
Full URL
https://evapro-test-2.swisslife.de/pos/rwt-resources/rap-rwt.theme.Custom_4af0b9ca.json
Requested by
Host: evapro-test-2.swisslife.de
URL: https://evapro-test-2.swisslife.de/pos/rwt-resources/370/rap-client.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.113.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-113-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
71156dbaf070f90abcf0af861c8bcd7ab340c7266209419013ac95041b5d7a79
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://evapro-test-2.swisslife.de/pos/pos
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

date
Tue, 12 Mar 2024 14:46:24 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 07 Mar 2024 13:57:47 GMT
etag
W/"77598-1709819867834"
content-type
application/json
content-length
77598
pos
evapro-test-2.swisslife.de/pos/
4 KB
5 KB
XHR
General
Full URL
https://evapro-test-2.swisslife.de/pos/pos
Requested by
Host: evapro-test-2.swisslife.de
URL: https://evapro-test-2.swisslife.de/pos/rwt-resources/370/rap-client.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.113.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-113-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
1a42ee7c18489185a34abe82b882c59aec17f0dfb0347154bb427cc40ccdc518
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://evapro-test-2.swisslife.de/pos/pos
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

date
Tue, 12 Mar 2024 14:46:25 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
content-length
4514
content-type
application/json;charset=UTF-8
9f835836.gif
evapro-test-2.swisslife.de/pos/rwt-resources/generated/
82 B
457 B
Image
General
Full URL
https://evapro-test-2.swisslife.de/pos/rwt-resources/generated/9f835836.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.113.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-113-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
3fadc62437d72b12aa12c2ab4ff106d7153fd8008ea55b6877a059c9ba9026c8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://evapro-test-2.swisslife.de/pos/pos
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 14:46:25 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 07 Mar 2024 14:00:03 GMT
etag
W/"82-1709820003695"
content-type
image/gif
content-length
82
blank.gif
evapro-test-2.swisslife.de/pos/rwt-resources/resource/static/image/
49 B
425 B
Image
General
Full URL
https://evapro-test-2.swisslife.de/pos/rwt-resources/resource/static/image/blank.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.113.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-113-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://evapro-test-2.swisslife.de/pos/pos
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 14:46:25 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 07 Mar 2024 13:57:47 GMT
etag
W/"49-1709819867834"
content-type
image/gif
content-length
49
9f835836.gif
evapro-test-2.swisslife.de/pos/rwt-resources/generated/
82 B
457 B
Image
General
Full URL
https://evapro-test-2.swisslife.de/pos/rwt-resources/generated/9f835836.gif
Requested by
Host: evapro-test-2.swisslife.de
URL: https://evapro-test-2.swisslife.de/pos/rwt-resources/370/rap-client.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.113.141 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-113-141.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
3fadc62437d72b12aa12c2ab4ff106d7153fd8008ea55b6877a059c9ba9026c8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://evapro-test-2.swisslife.de/pos/pos
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Tue, 12 Mar 2024 14:46:25 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 07 Mar 2024 14:00:03 GMT
etag
W/"82-1709820003695"
content-type
image/gif
content-length
82

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| redirectOSP object| rwt object| rap object| SWT object| org undefined| msg

2 Cookies

Domain/Path Name / Value
evapro-test-2.swisslife.de/pos Name: JSESSIONID
Value: OsMQoEkXbxQdZ4-9V_Any5kKx_M9Iel5CkZyOsCV.test-2-5cbc7d4cf9-wcwbc
evapro-test-2.swisslife.de/ Name: INGRESSCOOKIE
Value: 8da81acb2951ae7bc8992457f2d92421|d778795f2c211b3d80f30afd356628db

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.versdiagnose.fb-preview.de *.versdiagnose.de *.factsheetslive.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff