urlscan.io logo urlscan.io
SecurityTrails logo

api.tst.bawagpsk.com Open in urlscan Pro
51.138.68.215  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://depo.tst.easybank.at/
Effective URL: https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/auth?client_id=depo-easybank&redirect_uri=https%3A%2F%2F...
Submission: On February 24 via automatic, source certstream-suspicious — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 19 HTTP transactions. The main IP is 51.138.68.215, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is api.tst.bawagpsk.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on February 26th 2021. Valid for: a year.
This is the only time api.tst.bawagpsk.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
19 51.138.68.215 8075 (MICROSOFT...)
19 1
Apex Domain
Subdomains		 Transfer
12 bawagpsk.com
api.tst.bawagpsk.com
3 MB
7 easybank.at
depo.tst.easybank.at
282 KB
19 2
Domain Requested by
12 api.tst.bawagpsk.com depo.tst.easybank.at
api.tst.bawagpsk.com
7 depo.tst.easybank.at depo.tst.easybank.at
19 2

This site contains links to these domains. Also see Links.

Domain
identifizierung.easybank.at
Subject Issuer Validity Valid
depo.tst.easybank.at
Entrust Certification Authority - L1K		 2022-02-23 -
2023-03-22		 a year crt.sh
*.tst.bawagpsk.com
Entrust Certification Authority - L1K		 2021-02-26 -
2022-03-25		 a year crt.sh

This page contains 2 frames:

Primary Page: https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/auth?client_id=depo-easybank&redirect_uri=https%3A%2F%2Fdepo.tst.easybank.at%2F&state=fab9adb0-907b-4109-8135-c3da91e8fc56&response_mode=fragment&response_type=code&scope=openid&nonce=4d115b8b-37ca-4b59-ae88-af0efc0d7d89
Frame ID: EDBBA5E42267D0DF340D1E480138137B
Requests: 17 HTTP requests in this frame

Frame: https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/3p-cookies/step2.html
Frame ID: 13BDE13F38784E6B452EBE9C66CAF989
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BAWAG Group AG | Onboarding

Page URL History Show full URLs

  1. https://depo.tst.easybank.at/ Page URL
  2. https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/auth?client_id=depo-easybank&redirec... Page URL

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

2958 kB
Transfer

3408 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://depo.tst.easybank.at/ Page URL
  2. https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/auth?client_id=depo-easybank&redirect_uri=https%3A%2F%2Fdepo.tst.easybank.at%2F&state=fab9adb0-907b-4109-8135-c3da91e8fc56&response_mode=fragment&response_type=code&scope=openid&nonce=4d115b8b-37ca-4b59-ae88-af0efc0d7d89 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
depo.tst.easybank.at/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://depo.tst.easybank.at/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
4e5a36f581a0d86cdc6a2063f974bebb5844df6bd90455b39b108899ea99fdd9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9

Response headers

server
nginx
date
Thu, 24 Feb 2022 02:47:15 GMT
content-type
text/html
last-modified
Wed, 23 Feb 2022 11:04:49 GMT
etag
W/"621614d1-715"
x-frame-options
SAMEORIGIN SAMEORIGIN
content-encoding
gzip
x-envoy-upstream-service-time
3
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-xss-protection
1; mode=block
runtime.085ed786d577cf34.js
depo.tst.easybank.at/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://depo.tst.easybank.at/runtime.085ed786d577cf34.js
Requested by
Host: depo.tst.easybank.at
URL: https://depo.tst.easybank.at/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
f7cd71028630ce3914bf0cc85f3e44794818c829b84727d13b5c809a2ef73772
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://depo.tst.easybank.at/
Origin
https://depo.tst.easybank.at
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 23 Feb 2022 11:04:46 GMT
server
nginx
etag
W/"621614ce-d3e"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
x-envoy-upstream-service-time
5
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
polyfills.5d93ab28466c203b.js
depo.tst.easybank.at/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://depo.tst.easybank.at/polyfills.5d93ab28466c203b.js
Requested by
Host: depo.tst.easybank.at
URL: https://depo.tst.easybank.at/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
ebc8af8c5bd8ab1053edb68e4bdee581ce33f0f9ed4b351e09034f25fb63082f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://depo.tst.easybank.at/
Origin
https://depo.tst.easybank.at
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 23 Feb 2022 11:04:46 GMT
server
nginx
etag
W/"621614ce-912c"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
x-envoy-upstream-service-time
7
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
main.47cfd560e2b38a07.js
depo.tst.easybank.at/ 		504 KB
174 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://depo.tst.easybank.at/main.47cfd560e2b38a07.js
Requested by
Host: depo.tst.easybank.at
URL: https://depo.tst.easybank.at/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
417bead7a05e20a77ba50c5e30885b575f72c52d0d0ee9f45356349623ef5707
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://depo.tst.easybank.at/
Origin
https://depo.tst.easybank.at
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 23 Feb 2022 11:04:46 GMT
server
nginx
etag
W/"621614ce-7de3e"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
x-envoy-upstream-service-time
9
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
styles.4033a979965639f4.css
depo.tst.easybank.at/ 		14 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://depo.tst.easybank.at/styles.4033a979965639f4.css
Requested by
Host: depo.tst.easybank.at
URL: https://depo.tst.easybank.at/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
cfc8c1a44aeb5e088c71d3bc4fc0da0a8b48933ed4673dd5caa40eb08832a7e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://depo.tst.easybank.at/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 23 Feb 2022 11:04:46 GMT
server
nginx
etag
W/"621614ce-36e6"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/css
x-envoy-upstream-service-time
1
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
DINPro-Regular.5d9fe33e25fef294.otf
depo.tst.easybank.at/ 		85 KB
86 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://depo.tst.easybank.at/DINPro-Regular.5d9fe33e25fef294.otf
Requested by
Host: depo.tst.easybank.at
URL: https://depo.tst.easybank.at/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
617311af2fbd10bf1a1c15643661740c83fb812ac56fcd83478c00e239eb5080
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://depo.tst.easybank.at/
Origin
https://depo.tst.easybank.at
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:15 GMT
x-content-type-options
nosniff
last-modified
Wed, 23 Feb 2022 11:04:46 GMT
server
nginx
etag
"621614ce-15544"
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/octet-stream
x-envoy-upstream-service-time
3
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
content-length
87364
x-xss-protection
1; mode=block
config.json
depo.tst.easybank.at/assets/config/ 		276 B
591 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://depo.tst.easybank.at/assets/config/config.json
Requested by
Host: depo.tst.easybank.at
URL: https://depo.tst.easybank.at/polyfills.5d93ab28466c203b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
38137c0ef752e00b735424af37711a8aa53cc1543dae7aef1bc65118b4a8f8a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://depo.tst.easybank.at/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:15 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 23 Feb 2022 11:06:03 GMT
server
nginx
x-frame-options
SAMEORIGIN, SAMEORIGIN
etag
W/"6216151b-114"
vary
Accept-Encoding
content-type
application/json
x-envoy-upstream-service-time
3
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
step1.html
api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/3p-cookies/ Frame 13BD 		955 B
997 B 		Document
General
Check archive.org
Download Go to
Full URL
https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/3p-cookies/step1.html
Requested by
Host: depo.tst.easybank.at
URL: https://depo.tst.easybank.at/main.47cfd560e2b38a07.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
8e08d6c979c3b89f8735ddec57645eea1633c985de66818d1c9d7a2478bcbd32
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self' *.easybank.at *.bawag.com *.bawagpsk.com; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://depo.tst.easybank.at/

Response headers

server
nginx
date
Thu, 24 Feb 2022 02:47:15 GMT
content-type
text/html;charset=utf-8
vary
Accept-Encoding
cache-control
no-cache, must-revalidate, no-transform, no-store
p3p
CP="This is not a P3P policy!"
x-xss-protection
1; mode=block
referrer-policy
no-referrer
content-security-policy
frame-src 'self'; frame-ancestors 'self' *.easybank.at *.bawag.com *.bawagpsk.com; object-src 'none';
x-robots-tag
none
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff nosniff
x-envoy-upstream-service-time
4
x-frame-options
SAMEORIGIN
content-encoding
br
step2.html
api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/3p-cookies/ Frame 13BD 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/3p-cookies/step2.html
Requested by
Host: api.tst.bawagpsk.com
URL: https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/3p-cookies/step1.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
20ae6a4a7d0d0a5cf52120dea92dcfc64fe95a1aa230399bbbeef27d2e5fe074
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self' *.easybank.at *.bawag.com *.bawagpsk.com; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9

Response headers

server
nginx
date
Thu, 24 Feb 2022 02:47:15 GMT
content-type
text/html;charset=utf-8
vary
Accept-Encoding
cache-control
no-cache, must-revalidate, no-transform, no-store
p3p
CP="This is not a P3P policy!"
x-xss-protection
1; mode=block
referrer-policy
no-referrer
content-security-policy
frame-src 'self'; frame-ancestors 'self' *.easybank.at *.bawag.com *.bawagpsk.com; object-src 'none';
x-robots-tag
none
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff nosniff
x-envoy-upstream-service-time
3
x-frame-options
SAMEORIGIN
content-encoding
br
Primary Request auth
api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/auth?client_id=depo-easybank&redirect_uri=https%3A%2F%2Fdepo.tst.easybank.at%2F&state=fab9adb0-907b-4109-8135-c3da91e8fc56&response_mode=fragment&response_type=code&scope=openid&nonce=4d115b8b-37ca-4b59-ae88-af0efc0d7d89
Requested by
Host: depo.tst.easybank.at
URL: https://depo.tst.easybank.at/main.47cfd560e2b38a07.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
465b67564feb30b9de502e227e6166bfa5c4c3e59c2218613bb9b1dc1701560a
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self' *.easybank.at *.bawag.com *.bawagpsk.com; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://depo.tst.easybank.at/

Response headers

server
nginx
date
Thu, 24 Feb 2022 02:47:16 GMT
content-type
text/html;charset=utf-8
vary
Accept-Encoding
cache-control
no-store, must-revalidate, max-age=0
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN SAMEORIGIN
referrer-policy
no-referrer
content-security-policy
frame-src 'self'; frame-ancestors 'self' *.easybank.at *.bawag.com *.bawagpsk.com; object-src 'none';
x-robots-tag
none
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff nosniff
content-language
de
x-envoy-upstream-service-time
13
content-encoding
br
login.css
api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/css/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/css/login.css
Requested by
Host: api.tst.bawagpsk.com
URL: https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/auth?client_id=depo-easybank&redirect_uri=https%3A%2F%2Fdepo.tst.easybank.at%2F&state=fab9adb0-907b-4109-8135-c3da91e8fc56&response_mode=fragment&response_type=code&scope=openid&nonce=4d115b8b-37ca-4b59-ae88-af0efc0d7d89
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
f6d4524accd63c5fdab6deda39dd4750adc1575b2e297a47dea2dbf4e2719254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:16 GMT
content-encoding
gzip
referrer-policy
no-referrer
server
nginx
x-frame-options
SAMEORIGIN
content-type
text/css;charset=UTF-8
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-envoy-upstream-service-time
1
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
content-length
1869
x-content-type-options
nosniff, nosniff
actions.js
api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/script/ 		483 B
615 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/script/actions.js
Requested by
Host: api.tst.bawagpsk.com
URL: https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/auth?client_id=depo-easybank&redirect_uri=https%3A%2F%2Fdepo.tst.easybank.at%2F&state=fab9adb0-907b-4109-8135-c3da91e8fc56&response_mode=fragment&response_type=code&scope=openid&nonce=4d115b8b-37ca-4b59-ae88-af0efc0d7d89
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
9ea18907896a6e04fa431be4f1a5f697ea6703db029557f8be6092abe7a1d65b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:16 GMT
content-encoding
gzip
referrer-policy
no-referrer
server
nginx
x-frame-options
SAMEORIGIN
content-type
text/javascript;charset=UTF-8
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-envoy-upstream-service-time
3
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
content-length
257
x-content-type-options
nosniff, nosniff
logo.jpg
api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/img/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/img/logo.jpg
Requested by
Host: api.tst.bawagpsk.com
URL: https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/auth?client_id=depo-easybank&redirect_uri=https%3A%2F%2Fdepo.tst.easybank.at%2F&state=fab9adb0-907b-4109-8135-c3da91e8fc56&response_mode=fragment&response_type=code&scope=openid&nonce=4d115b8b-37ca-4b59-ae88-af0efc0d7d89
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
28f30fb6670284bfd6fe7ba0539aa55fa3288f3c5b6801d266b06aa5d80d5272
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:16 GMT
referrer-policy
no-referrer
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=2592000
x-envoy-upstream-service-time
4
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
validations.js
api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/script/ 		2 KB
898 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/script/validations.js
Requested by
Host: api.tst.bawagpsk.com
URL: https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/auth?client_id=depo-easybank&redirect_uri=https%3A%2F%2Fdepo.tst.easybank.at%2F&state=fab9adb0-907b-4109-8135-c3da91e8fc56&response_mode=fragment&response_type=code&scope=openid&nonce=4d115b8b-37ca-4b59-ae88-af0efc0d7d89
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
f839e684c29a919995b7fe8347567396b7198f54c44abd344f16c4ebe8c8481a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:16 GMT
content-encoding
gzip
referrer-policy
no-referrer
server
nginx
x-frame-options
SAMEORIGIN
content-type
text/javascript;charset=UTF-8
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-envoy-upstream-service-time
1
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
content-length
540
x-content-type-options
nosniff, nosniff
form-helper.js
api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/script/ 		2 KB
902 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/script/form-helper.js
Requested by
Host: api.tst.bawagpsk.com
URL: https://api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/auth?client_id=depo-easybank&redirect_uri=https%3A%2F%2Fdepo.tst.easybank.at%2F&state=fab9adb0-907b-4109-8135-c3da91e8fc56&response_mode=fragment&response_type=code&scope=openid&nonce=4d115b8b-37ca-4b59-ae88-af0efc0d7d89
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
d99f6c83382803abaa8e09190c9abc63334f9595d3aad5129bc149acec0068e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:16 GMT
content-encoding
gzip
referrer-policy
no-referrer
server
nginx
x-frame-options
SAMEORIGIN
content-type
text/javascript;charset=UTF-8
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-envoy-upstream-service-time
3
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
content-length
544
x-content-type-options
nosniff, nosniff
hidden.svg
api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/img/ 		1 KB
960 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/img/hidden.svg
Requested by
Host: api.tst.bawagpsk.com
URL: https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/css/login.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
18a362c9f3887b2224104a949c95028728effba06423864d0b0eec5321d76571
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:16 GMT
content-encoding
gzip
referrer-policy
no-referrer
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-envoy-upstream-service-time
1
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
content-length
612
x-content-type-options
nosniff, nosniff
bg-easy-big.png
api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/img/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/img/bg-easy-big.png
Requested by
Host: api.tst.bawagpsk.com
URL: https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/css/login.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
eeaa833dc615433d5cf227c06eb097d868263cee63beca9792a3e505218096ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:16 GMT
referrer-policy
no-referrer
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=2592000
x-envoy-upstream-service-time
4
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
DINPro-Light.otf
api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/fonts/ 		86 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/fonts/DINPro-Light.otf
Requested by
Host: api.tst.bawagpsk.com
URL: https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/css/login.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
f26fe203a4ca1f9bcb69ca93a33c8df19a3656e1a4a634d92f4aac53036d269e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://api.tst.bawagpsk.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:16 GMT
content-encoding
gzip
referrer-policy
no-referrer
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-envoy-upstream-service-time
2
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff, nosniff
DINPro-Regular.otf
api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/fonts/ 		85 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/fonts/DINPro-Regular.otf
Requested by
Host: api.tst.bawagpsk.com
URL: https://api.tst.bawagpsk.com/auth/resources/ic908/login/libra-keycloak-theme-craftsmen-easy-generic/css/login.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.138.68.215 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
617311af2fbd10bf1a1c15643661740c83fb812ac56fcd83478c00e239eb5080
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://api.tst.bawagpsk.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 02:47:16 GMT
content-encoding
gzip
referrer-policy
no-referrer
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-envoy-upstream-service-time
1
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff, nosniff

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| submitForm function| handleError function| validateInputsListeners function| validateEmailInput function| validatePasswordInput function| loginButtonDisabled function| validateEmailListener function| validatePasswordListener function| validateLoginButtonListener function| handleInputLabel function| handleEmailInputLabel function| handlePasswordInputLabel function| handlePasswordVisibility

4 Cookies

Domain/Path Name / Value
api.tst.bawagpsk.com/auth/realms/eps/protocol/openid-connect/3p-cookies Name: KEYCLOAK_3P_COOKIE_SAMESITE
Value: supported
api.tst.bawagpsk.com/auth/realms/eps/ Name: AUTH_SESSION_ID
Value: 611d949a-13d1-47fe-a2bc-0d80245e950a.keycloak-1
api.tst.bawagpsk.com/auth/realms/eps/ Name: AUTH_SESSION_ID_LEGACY
Value: 611d949a-13d1-47fe-a2bc-0d80245e950a.keycloak-1
api.tst.bawagpsk.com/auth/realms/eps/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwMmQ1OTA0YS0xMzc1LTQyMGItYWU4MC1iNTUwZGVkNWM2YTQifQ.eyJjaWQiOiJkZXBvLWVhc3liYW5rIiwicHR5Ijoib3BlbmlkLWNvbm5lY3QiLCJydXJpIjoiaHR0cHM6Ly9kZXBvLnRzdC5lYXN5YmFuay5hdC8iLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJzY29wZSI6Im9wZW5pZCIsImlzcyI6Imh0dHBzOi8vYXBpLnRzdC5iYXdhZ3Bzay5jb20vYXV0aC9yZWFsbXMvZXBzIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwczovL2RlcG8udHN0LmVhc3liYW5rLmF0LyIsInN0YXRlIjoiZmFiOWFkYjAtOTA3Yi00MTA5LTgxMzUtYzNkYTkxZThmYzU2Iiwibm9uY2UiOiI0ZDExNWI4Yi0zN2NhLTRiNTktYWU4OC1hZjBlZmMwZDdkODkiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQifX0.BDGRFJRBRB6UdhpxUfI1xJTd08_TrBx8_0woGE404b8

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block