urlscan.io logo urlscan.io
SecurityTrails logo

hsbcbranch.test.ecommerce.dh.com Open in urlscan Pro
95.101.111.48  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://hsbcbranch.test.ecommerce.dh.com/
Effective URL: https://hsbcbranch.test.ecommerce.dh.com/en/login
Submission: On October 19 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 95.101.111.48, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is hsbcbranch.test.ecommerce.dh.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on September 29th 2023. Valid for: a year.
This is the only time hsbcbranch.test.ecommerce.dh.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 7 95.101.111.48 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
6 2
Apex Domain
Subdomains		 Transfer
7 dh.com
hsbcbranch.test.ecommerce.dh.com
256 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 49
1 KB
6 2
Domain Requested by
7 hsbcbranch.test.ecommerce.dh.com 2 redirects hsbcbranch.test.ecommerce.dh.com
1 fonts.googleapis.com hsbcbranch.test.ecommerce.dh.com
6 2

This site contains links to these domains. Also see Links.

Domain
dh.ezshield.com
Subject Issuer Validity Valid
dh-cheques.finastra.com
Entrust Certification Authority - L1K		 2023-09-29 -
2024-10-15		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-09-28 -
2023-12-21		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://hsbcbranch.test.ecommerce.dh.com/en/login
Frame ID: 9AD90DBA0CE9CDC9E00AB6BEAF5E9DD8
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

D+H business cheques

Page URL History Show full URLs

  1. https://hsbcbranch.test.ecommerce.dh.com/ HTTP 302
    https://hsbcbranch.test.ecommerce.dh.com/en/ HTTP 302
    https://hsbcbranch.test.ecommerce.dh.com/en/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

253 kB
Transfer

746 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hsbcbranch.test.ecommerce.dh.com/ HTTP 302
    https://hsbcbranch.test.ecommerce.dh.com/en/ HTTP 302
    https://hsbcbranch.test.ecommerce.dh.com/en/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
hsbcbranch.test.ecommerce.dh.com/en/
Redirect Chain
  • https://hsbcbranch.test.ecommerce.dh.com/
  • https://hsbcbranch.test.ecommerce.dh.com/en/
  • https://hsbcbranch.test.ecommerce.dh.com/en/login
17 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hsbcbranch.test.ecommerce.dh.com/en/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-48.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 /
Resource Hash
c3c8ff208dd92965398dc3d5ac9a01cc14542f462d3c983f765088e964c76335
Security Headers
Name Value
Content-Security-Policy default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
6046
content-security-policy
default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Thu, 19 Oct 2023 15:25:53 GMT
expires
Thu, 19 Oct 2023 15:25:53 GMT
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment *; usb 'none'
pragma
no-cache
referrer-policy
same-origin
report-to
{"group": "cspreport","max_age": 100,"endpoints": [{"url": "/en/cspreportto/"}, {"url": "/fr/cspreportto/"}]}
request-context
appId=cid-v1:36d12ede-220b-49a7-86e3-6b01538f17eb
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
max-age=0, no-cache, no-store
content-length
0
content-security-policy
default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
date
Thu, 19 Oct 2023 15:25:53 GMT
expires
Thu, 19 Oct 2023 15:25:53 GMT
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment *; usb 'none'
location
/en/login
pragma
no-cache
referrer-policy
same-origin
report-to
{"group": "cspreport","max_age": 100,"endpoints": [{"url": "/en/cspreportto/"}, {"url": "/fr/cspreportto/"}]}
request-context
appId=cid-v1:36d12ede-220b-49a7-86e3-6b01538f17eb
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600
Requested by
Host: hsbcbranch.test.ecommerce.dh.com
URL: https://hsbcbranch.test.ecommerce.dh.com/en/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
93c9b0c2e8b47042c9f1cff90e635f3fe72d3a0384ea73b0a122dd28dd33316d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 19 Oct 2023 15:25:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 19 Oct 2023 14:57:54 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 19 Oct 2023 15:25:53 GMT
xozodc1mavbigpb0f0oyrzhigynwfv7xm866xatampi.min.css
hsbcbranch.test.ecommerce.dh.com/bundles/ 		330 KB
86 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hsbcbranch.test.ecommerce.dh.com/bundles/xozodc1mavbigpb0f0oyrzhigynwfv7xm866xatampi.min.css
Requested by
Host: hsbcbranch.test.ecommerce.dh.com
URL: https://hsbcbranch.test.ecommerce.dh.com/en/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-48.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 /
Resource Hash
8adc9445613a6572916aa52af766695b8a8571c3413f58ab8f1e56683d7593f1
Security Headers
Name Value
Content-Security-Policy default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hsbcbranch.test.ecommerce.dh.com/en/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy
default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 19 Oct 2023 15:25:53 GMT
content-length
85971
x-xss-protection
1; mode=block
request-context
appId=cid-v1:36d12ede-220b-49a7-86e3-6b01538f17eb
referrer-policy
same-origin
last-modified
Mon, 16 Oct 2023 15:44:07 GMT
server
Microsoft-IIS/10.0
etag
"1da004798fc14a6"
vary
Accept-Encoding
report-to
{"group": "cspreport","max_age": 100,"endpoints": [{"url": "/en/cspreportto/"}, {"url": "/fr/cspreportto/"}]}
content-type
text/css
x-frame-options
SAMEORIGIN
cache-control
public, no-cache, no-store
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment *; usb 'none'
accept-ranges
bytes
zvpkoktmvziv1m82g0yd_jev0z1pyxsqdwtbdw4b0xo202329225.min.js
hsbcbranch.test.ecommerce.dh.com/bundles/ 		88 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hsbcbranch.test.ecommerce.dh.com/bundles/zvpkoktmvziv1m82g0yd_jev0z1pyxsqdwtbdw4b0xo202329225.min.js
Requested by
Host: hsbcbranch.test.ecommerce.dh.com
URL: https://hsbcbranch.test.ecommerce.dh.com/en/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-48.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 /
Resource Hash
a8bfc9abb49488ca0f2a5073e777048be27ef7fe0f9740cadc8331eb00f95a97
Security Headers
Name Value
Content-Security-Policy default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hsbcbranch.test.ecommerce.dh.com/en/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy
default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 19 Oct 2023 15:25:54 GMT
content-length
40586
x-xss-protection
1; mode=block
request-context
appId=cid-v1:36d12ede-220b-49a7-86e3-6b01538f17eb
referrer-policy
same-origin
last-modified
Thu, 19 Oct 2023 03:25:09 GMT
server
Microsoft-IIS/10.0
etag
"1da023bdcb5c68d"
vary
Accept-Encoding
report-to
{"group": "cspreport","max_age": 100,"endpoints": [{"url": "/en/cspreportto/"}, {"url": "/fr/cspreportto/"}]}
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, no-cache, no-store
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment *; usb 'none'
accept-ranges
bytes
gwuzwn7v_xdqyzoe5xyscwxkrie4u2j2svgnbb-z3_a202329225.min.js
hsbcbranch.test.ecommerce.dh.com/bundles/ 		297 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hsbcbranch.test.ecommerce.dh.com/bundles/gwuzwn7v_xdqyzoe5xyscwxkrie4u2j2svgnbb-z3_a202329225.min.js
Requested by
Host: hsbcbranch.test.ecommerce.dh.com
URL: https://hsbcbranch.test.ecommerce.dh.com/en/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-48.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 /
Resource Hash
f1216816383e3ba61aeefbfcef5fbc34aafd4e72f64a2184235ff08862877e22
Security Headers
Name Value
Content-Security-Policy default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hsbcbranch.test.ecommerce.dh.com/en/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy
default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 19 Oct 2023 15:25:54 GMT
x-xss-protection
1; mode=block
request-context
appId=cid-v1:36d12ede-220b-49a7-86e3-6b01538f17eb
referrer-policy
same-origin
last-modified
Thu, 19 Oct 2023 03:25:09 GMT
server
Microsoft-IIS/10.0
etag
"1da023bdcb03d0e"
vary
Accept-Encoding
report-to
{"group": "cspreport","max_age": 100,"endpoints": [{"url": "/en/cspreportto/"}, {"url": "/fr/cspreportto/"}]}
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, no-cache, no-store
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment *; usb 'none'
accept-ranges
bytes
DH_Finastra_English2.png
hsbcbranch.test.ecommerce.dh.com/Content/Images/uploaded/ 		5 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hsbcbranch.test.ecommerce.dh.com/Content/Images/uploaded/DH_Finastra_English2.png
Requested by
Host: hsbcbranch.test.ecommerce.dh.com
URL: https://hsbcbranch.test.ecommerce.dh.com/bundles/xozodc1mavbigpb0f0oyrzhigynwfv7xm866xatampi.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-48.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 /
Resource Hash
c4fd4232eb3aca7c626e6955275271139ff1dca727fa79e3ad84853d091dada0
Security Headers
Name Value
Content-Security-Policy default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hsbcbranch.test.ecommerce.dh.com/bundles/xozodc1mavbigpb0f0oyrzhigynwfv7xm866xatampi.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy
default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
date
Thu, 19 Oct 2023 15:25:54 GMT
content-length
5251
x-xss-protection
1; mode=block
request-context
appId=cid-v1:36d12ede-220b-49a7-86e3-6b01538f17eb
referrer-policy
same-origin
last-modified
Mon, 11 Sep 2023 14:03:44 GMT
server
Microsoft-IIS/10.0
etag
"1d9e4b8c6873483"
x-frame-options
SAMEORIGIN
report-to
{"group": "cspreport","max_age": 100,"endpoints": [{"url": "/en/cspreportto/"}, {"url": "/fr/cspreportto/"}]}
content-type
image/png
cache-control
public, no-cache, no-store
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment *; usb 'none'
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| removeError function| closeNotificationIfEmpty function| openDialogue function| displayAjaxLoadingCustom function| numbersOnly function| OpenWindow function| setLocation function| displayAjaxLoading function| displayPopupNotification function| displayJoinedPopupNotifications function| displayPopupContentFromUrl function| displayBarNotification function| htmlEncode function| htmlDecode function| addAntiForgeryToken function| keyEnterCheck function| keyTabCheck undefined| barNotificationTimeout object| AjaxCart object| target

6 Cookies

Domain/Path Name / Value
.hsbcbranch.test.ecommerce.dh.com/ Name: TiPMix
Value: 87.0520801688787
.hsbcbranch.test.ecommerce.dh.com/ Name: x-ms-routing-name
Value: self
.hsbcbranch.test.ecommerce.dh.com/ Name: ARRAffinity
Value: dd4c1673819575ddb60c8dc209f26b7e87de13cdc6ec7099e4f3b99b7261fdac
.hsbcbranch.test.ecommerce.dh.com/ Name: ARRAffinitySameSite
Value: dd4c1673819575ddb60c8dc209f26b7e87de13cdc6ec7099e4f3b99b7261fdac
hsbcbranch.test.ecommerce.dh.com/ Name: .Nop.Customer
Value: f4f90812-128d-468b-837f-c508c1289600
hsbcbranch.test.ecommerce.dh.com/ Name: .Nop.Antiforgery
Value: CfDJ8F8QkLKEZkVHtpYq3t96keIY2qp73p1nNQQ3Dh9ctSvUA_QE9CUbOqcZ1brOd6xZPu6uaicSEAoWj4P6Vs0k9ZFX0XK3rVciJlzc0jAhXV-bLjrddR-8X2QquTOwhF3XJR9-_b_FnWAVjRGPat7fpas

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'report-sample' 'none';base-uri 'report-sample' 'none';child-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ *.cookiebot.com; connect-src 'report-sample' 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.linkedin.oribi.io https://consentcdn.cookiebot.com;font-src 'report-sample' 'self' https://fonts.gstatic.com/;form-action 'report-sample' 'self';img-src 'report-sample' data: image/jpeg image/jpeg+base64 image/png text/html 'self' https://www.google.com/ https://www.google.ca/ https://googleads.g.doubleclick.net/ *.linkedin.oribi.io *.msn.com *.linkedin.com *.bing.com blob: https://www.googletagmanager.com/ https://www.google-analytics.com/;object-src 'report-sample' 'none';script-src 'report-sample' 'self' https://chase-var.hostedpaymentservice.net/ https://chase.hostedpaymentservice.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://consent.cookiebot.com/uc.js *.cookiebot.com 'unsafe-inline' 'unsafe-eval';style-src 'report-sample' 'self' https://fonts.googleapis.com/ 'unsafe-inline';report-to cspreport;report-uri /cspreporturi/;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block