urlscan.io logo urlscan.io
SecurityTrails logo

wniosek.santanderconsumer.pl Open in urlscan Pro
195.138.208.196  Public Scan

Go To Rescan Add Verdict Report
URL: https://wniosek.santanderconsumer.pl/eUmowa/LogoutByWAF?support_id=2965264903477768789
Submission Tags: @phishunt_io
Submission: On January 26 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 5 countries across 7 domains to perform 19 HTTP transactions. The main IP is 195.138.208.196, located in Poland and belongs to SANTANDER-AS, PL. The main domain is wniosek.santanderconsumer.pl.
TLS certificate: Issued by Entrust Certification Authority - L1K on January 17th 2022. Valid for: a year.
This is the only time wniosek.santanderconsumer.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

7    195.138.208.196 (Poland)

ASN41567 (SANTANDER-AS, PL)
wniosek.santanderconsumer.pl
1    2a00:1450:400d:806::2008 (Ireland)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    13.32.27.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-7.fra56.r.cloudfront.net
static.hotjar.com
2    2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    13.32.110.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-7.vie50.r.cloudfront.net
script.hotjar.com
1    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:400d:802::2003 (Ireland)

ASN15169 (GOOGLE, US)
www.google.de
Apex Domain
Subdomains		 Transfer
7 santanderconsumer.pl
wniosek.santanderconsumer.pl
226 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 21
20 KB
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
520 B
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 620
script.hotjar.com — Cisco Umbrella Rank: 815
72 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 5986
408 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
501 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
58 KB
19 7
Domain Requested by
7 wniosek.santanderconsumer.pl wniosek.santanderconsumer.pl
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 stats.g.doubleclick.net www.google-analytics.com
1 www.google.de wniosek.santanderconsumer.pl
1 www.google.com wniosek.santanderconsumer.pl
1 script.hotjar.com static.hotjar.com
1 static.hotjar.com www.googletagmanager.com
1 www.googletagmanager.com wniosek.santanderconsumer.pl
19 8

This site contains links to these domains. Also see Links.

Domain
www.santanderconsumer.pl
Subject Issuer Validity Valid
wniosek.santanderconsumer.pl
Entrust Certification Authority - L1K		 2022-01-17 -
2023-02-14		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-01-02 -
2023-03-27		 3 months crt.sh
*.hotjar.com
Amazon		 2022-10-25 -
2023-11-23		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-01-02 -
2023-03-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://wniosek.santanderconsumer.pl/eUmowa/LogoutByWAF?support_id=2965264903477768789
Frame ID: F32F2DB2D6C3458F28AA6C0F572AC6BF
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Santander Consumer Bank S.A.

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Page Statistics

19
Requests

89 %
HTTPS

63 %
IPv6

7
Domains

8
Subdomains

9
IPs

5
Countries

379 kB
Transfer

838 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request LogoutByWAF
wniosek.santanderconsumer.pl/eUmowa/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wniosek.santanderconsumer.pl/eUmowa/LogoutByWAF?support_id=2965264903477768789
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.138.208.196 , Poland, ASN41567 (SANTANDER-AS, PL),
Reverse DNS
Software
/
Resource Hash
782234f49089b7bcda6d7aafe494dc548844c3d1a6e3e6a4590e4c6044a2f67f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1589
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Content-Type
text/html; charset=utf-8
Date
Thu, 26 Jan 2023 21:31:17 GMT
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=31622400; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
css
wniosek.santanderconsumer.pl/eUmowa/Content/ 		182 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wniosek.santanderconsumer.pl/eUmowa/Content/css?v=kbcZKP6PQnxLS3UtEMan1E8ZwOlz1D-Mb8q3xwPcnuc1
Requested by
Host: wniosek.santanderconsumer.pl
URL: https://wniosek.santanderconsumer.pl/eUmowa/LogoutByWAF?support_id=2965264903477768789
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.138.208.196 , Poland, ASN41567 (SANTANDER-AS, PL),
Reverse DNS
Software
/
Resource Hash
11ae9e6e177ea4427ed05bd1f85adabb0d0b42edcfa86cd89f61de26c9b588ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security
max-age=31622400; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Last-Modified
Thu, 26 Jan 2023 21:31:18 GMT
Date
Thu, 26 Jan 2023 21:31:18 GMT
Content-Encoding
gzip
Vary
User-Agent, Accept-Encoding
Content-Type
text/css; charset=utf-8
Cache-Control
public
Connection
Keep-Alive
Content-Length
46906
X-XSS-Protection
1; mode=block
Expires
Fri, 26 Jan 2024 21:31:18 GMT
logoSCB.svg
wniosek.santanderconsumer.pl/eUmowa/img/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wniosek.santanderconsumer.pl/eUmowa/img/logoSCB.svg
Requested by
Host: wniosek.santanderconsumer.pl
URL: https://wniosek.santanderconsumer.pl/eUmowa/LogoutByWAF?support_id=2965264903477768789
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.138.208.196 , Poland, ASN41567 (SANTANDER-AS, PL),
Reverse DNS
Software
/
Resource Hash
23c15463ee73476ebbaa30126fb510fa8f1b1a9eb90c8a01bc798923596b0a99
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security
max-age=31622400; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Last-Modified
Tue, 22 Nov 2022 10:19:12 GMT
Date
Thu, 26 Jan 2023 21:31:18 GMT
ETag
"0508edd5bfed81:0"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
5894
X-XSS-Protection
1; mode=block
logoSec.svg
wniosek.santanderconsumer.pl/eUmowa/img/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wniosek.santanderconsumer.pl/eUmowa/img/logoSec.svg
Requested by
Host: wniosek.santanderconsumer.pl
URL: https://wniosek.santanderconsumer.pl/eUmowa/LogoutByWAF?support_id=2965264903477768789
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.138.208.196 , Poland, ASN41567 (SANTANDER-AS, PL),
Reverse DNS
Software
/
Resource Hash
5316b6ff8385df7afe1a767f2aeb10cceb0d79db2029894c96be89d136761ee3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security
max-age=31622400; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Last-Modified
Tue, 22 Nov 2022 10:19:12 GMT
Date
Thu, 26 Jan 2023 21:31:18 GMT
ETag
"0508edd5bfed81:0"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
6273
X-XSS-Protection
1; mode=block
gtm.js
www.googletagmanager.com/ 		158 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T24Z7R4
Requested by
Host: wniosek.santanderconsumer.pl
URL: https://wniosek.santanderconsumer.pl/eUmowa/LogoutByWAF?support_id=2965264903477768789
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::2008 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3482613b605f4d75537bca731fcd213024978e15a99c2d4c8afeee8943a8672
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 26 Jan 2023 21:31:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
59406
x-xss-protection
0
last-modified
Thu, 26 Jan 2023 21:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 26 Jan 2023 21:31:18 GMT
LatoLatin-Heavy.woff
wniosek.santanderconsumer.pl/eUmowa/fonts/Lato2/ 		71 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://wniosek.santanderconsumer.pl/eUmowa/fonts/Lato2/LatoLatin-Heavy.woff
Requested by
Host: wniosek.santanderconsumer.pl
URL: https://wniosek.santanderconsumer.pl/eUmowa/Content/css?v=kbcZKP6PQnxLS3UtEMan1E8ZwOlz1D-Mb8q3xwPcnuc1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.138.208.196 , Poland, ASN41567 (SANTANDER-AS, PL),
Reverse DNS
Software
/
Resource Hash
c0d62cb3379c3b094e47d63d5fdf8a6643f62de53052303717fbae55627ef664
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://wniosek.santanderconsumer.pl
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security
max-age=31622400; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Last-Modified
Tue, 22 Nov 2022 10:19:12 GMT
Date
Thu, 26 Jan 2023 21:31:18 GMT
ETag
"0508edd5bfed81:0"
Content-Type
font/x-woff
Accept-Ranges
bytes
Content-Length
72296
X-XSS-Protection
1; mode=block
LatoLatin-Regular.woff
wniosek.santanderconsumer.pl/eUmowa/fonts/Lato2/ 		71 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://wniosek.santanderconsumer.pl/eUmowa/fonts/Lato2/LatoLatin-Regular.woff
Requested by
Host: wniosek.santanderconsumer.pl
URL: https://wniosek.santanderconsumer.pl/eUmowa/Content/css?v=kbcZKP6PQnxLS3UtEMan1E8ZwOlz1D-Mb8q3xwPcnuc1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.138.208.196 , Poland, ASN41567 (SANTANDER-AS, PL),
Reverse DNS
Software
/
Resource Hash
9c46f7929b08c87518aa7efbbf1601e485eeed829f149e3f01beb50120cdb3be
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://wniosek.santanderconsumer.pl
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security
max-age=31622400; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Last-Modified
Tue, 22 Nov 2022 10:19:12 GMT
Date
Thu, 26 Jan 2023 21:31:18 GMT
ETag
"0508edd5bfed81:0"
Content-Type
font/x-woff
Accept-Ranges
bytes
Content-Length
72456
X-XSS-Protection
1; mode=block
icomoon.ttf
wniosek.santanderconsumer.pl/eUmowa/fonts/icomoon/fonts/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://wniosek.santanderconsumer.pl/eUmowa/fonts/icomoon/fonts/icomoon.ttf?n52vat
Requested by
Host: wniosek.santanderconsumer.pl
URL: https://wniosek.santanderconsumer.pl/eUmowa/Content/css?v=kbcZKP6PQnxLS3UtEMan1E8ZwOlz1D-Mb8q3xwPcnuc1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.138.208.196 , Poland, ASN41567 (SANTANDER-AS, PL),
Reverse DNS
Software
/
Resource Hash
78fc9ebb893355fae3ceb42689eae04dbcdcabb1aaf317a701f87ab40a63151f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://wniosek.santanderconsumer.pl
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security
max-age=31622400; includeSubDomains
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Last-Modified
Tue, 22 Nov 2022 10:19:12 GMT
Date
Thu, 26 Jan 2023 21:31:18 GMT
ETag
"0508edd5bfed81:0"
Content-Type
application/octet-stream
Accept-Ranges
bytes
Content-Length
18792
X-XSS-Protection
1; mode=block
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T24Z7R4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 26 Jan 2023 20:26:08 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
3910
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20085
expires
Thu, 26 Jan 2023 22:26:08 GMT
hotjar-2684459.js
static.hotjar.com/c/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2684459.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T24Z7R4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-7.fra56.r.cloudfront.net
Software
/
Resource Hash
497251b2ba6ad829d0e7cabb7534b967016b5ec7e3e8ae7aafa402d3e8a649ef
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Thu, 26 Jan 2023 21:31:18 GMT
via
1.1 84f381696dd33e92960b92250106e464.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
32
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/fe11c81a86d7846d713e390892182acd
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
x-amz-cf-id
rzp0XWlRHZwJeRAeTUoK_DmhIM73ETDUbAq3JH9ys-L0A4DV1_cggA==
collect
www.google-analytics.com/j/ 		4 B
218 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1623554655&t=pageview&_s=1&dl=https%3A%2F%2Fwniosek.santanderconsumer.pl%2FeUmowa%2FLogoutByWAF%3Fsupport_id%3D2965264903477768789&ul=en-us&de=UTF-8&dt=Santander%20Consumer%20Bank%20S.A.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1333672861&gjid=50516825&cid=552157377.1674768678&tid=UA-25815584-1&_gid=1871004522.1674768678&_r=1&_slc=1&gtm=2wg1p0T24Z7R4&z=1667394122
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 26 Jan 2023 21:31:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wniosek.santanderconsumer.pl
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		4 B
69 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1623554655&t=pageview&_s=1&dl=https%3A%2F%2Fwniosek.santanderconsumer.pl%2FeUmowa%2FLogoutByWAF%3Fsupport_id%3D2965264903477768789&ul=en-us&de=UTF-8&dt=Santander%20Consumer%20Bank%20S.A.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAACAAI~&jid=676407&gjid=1853313910&cid=552157377.1674768678&tid=UA-4807524-2&_gid=1871004522.1674768678&_r=1&_slc=1&gtm=2wg1p0T24Z7R4&z=603016280
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 26 Jan 2023 21:31:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wniosek.santanderconsumer.pl
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-25815584-1&cid=552157377.1674768678&jid=1333672861&gjid=50516825&_gid=1871004522.1674768678&_u=YEBAAEAAAAAAACAAI~&z=1311002628
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 26 Jan 2023 21:31:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wniosek.santanderconsumer.pl
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
72 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-4807524-2&cid=552157377.1674768678&jid=676407&gjid=1853313910&_gid=1871004522.1674768678&_u=YEDAAEABAAAAACAAI~&z=1738154259
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 26 Jan 2023 21:31:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wniosek.santanderconsumer.pl
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
modules.ea0a6d6a741d5de8308e.js
script.hotjar.com/ 		263 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.ea0a6d6a741d5de8308e.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2684459.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-7.vie50.r.cloudfront.net
Software
/
Resource Hash
6619ef277249ca9230cbc0315da9b41caa9f15996d143f7d1a77d52d901ce269
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Fri, 20 Jan 2023 11:10:05 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 19cd9c9f4eb51e9e5c75add1d4b6f304.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C2
age
555673
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
68675
last-modified
Fri, 20 Jan 2023 11:09:55 GMT
etag
"e45ceb77c1a47254136f1ef733de65df"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
uhVpKr4XTxdRDhqOGFz2N6F1YGWNkcrigZkfvBjjgk-nAnMIPqhkMw==
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-4807524-2&cid=552157377.1674768678&jid=676407&_u=YEDAAEABAAAAACAAI~&z=1359900593
Requested by
Host: wniosek.santanderconsumer.pl
URL: https://wniosek.santanderconsumer.pl/eUmowa/LogoutByWAF?support_id=2965264903477768789
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Jan 2023 21:31:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-4807524-2&cid=552157377.1674768678&jid=676407&_u=YEDAAEABAAAAACAAI~&z=1359900593
Requested by
Host: wniosek.santanderconsumer.pl
URL: https://wniosek.santanderconsumer.pl/eUmowa/LogoutByWAF?support_id=2965264903477768789
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 26 Jan 2023 21:31:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| oncontentvisibilityautostatechange object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| hj object| _hjSettings object| gaplugins object| gaGlobal object| gaData object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules

6 Cookies

Domain/Path Name / Value
wniosek.santanderconsumer.pl/ Name: LB_eUmowa
Value: !VlriBy8SsZuq0qD9HZllF89x24MGpjzQY7mvDi9km/SCOIj1pHEJfnfH/DmSzsTGP5RtHcdTXpJM0o0w4B7enMzpWUZv22XDUzf4Llp9EB4+
wniosek.santanderconsumer.pl/ Name: TS01af2158
Value: 01496e178c97b107f5b448b34fa8758c593e4ee893620d74cdc1dbb81cef13fdf8ce30bcb66dbf0cd9496c3b3e81ddad99d18d62efd9b894a6b31b8da6ce4b0df4d9c28b0e
.santanderconsumer.pl/ Name: _ga
Value: GA1.2.552157377.1674768678
.santanderconsumer.pl/ Name: _gid
Value: GA1.2.1871004522.1674768678
.santanderconsumer.pl/ Name: _gat_UA-25815584-1
Value: 1
.santanderconsumer.pl/ Name: _gat_UA-4807524-2
Value: 1

2 Console Messages

Source Level URL
Text
security error URL: https://static.hotjar.com/
Message:
Refused to frame 'https://vars.hotjar.com/' because it violates the following Content Security Policy directive: "frame-src 'self' hotjar.com hotjar.io".
security error URL: https://script.hotjar.com/modules.ea0a6d6a741d5de8308e.js(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://vars.hotjar.com') does not match the recipient window's origin ('null').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com *.hotjar.io 'unsafe-eval'; style-src 'self' 'unsafe-inline';worker-src 'self' blob:; img-src 'self' platnosci.bm.pl static.przelewy24.pl google.com google.pl www.googletagmanager.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io blob: data: https:; connect-src 'self' www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net hotjar.com hotjar.io wss://*.hotjar.com; frame-src 'self' hotjar.com hotjar.io; font-src 'self' *.hotjar.com *.hotjar.io
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
wniosek.santanderconsumer.pl
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
13.32.110.7
13.32.27.7
195.138.208.196
2a00:1450:4001:828::2004
2a00:1450:4001:82b::200e
2a00:1450:400c:c06::9d
2a00:1450:400d:802::2003
2a00:1450:400d:806::2008
11ae9e6e177ea4427ed05bd1f85adabb0d0b42edcfa86cd89f61de26c9b588ab
23c15463ee73476ebbaa30126fb510fa8f1b1a9eb90c8a01bc798923596b0a99
497251b2ba6ad829d0e7cabb7534b967016b5ec7e3e8ae7aafa402d3e8a649ef
5316b6ff8385df7afe1a767f2aeb10cceb0d79db2029894c96be89d136761ee3
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
6619ef277249ca9230cbc0315da9b41caa9f15996d143f7d1a77d52d901ce269
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
782234f49089b7bcda6d7aafe494dc548844c3d1a6e3e6a4590e4c6044a2f67f
78fc9ebb893355fae3ceb42689eae04dbcdcabb1aaf317a701f87ab40a63151f
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
9c46f7929b08c87518aa7efbbf1601e485eeed829f149e3f01beb50120cdb3be
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
c0d62cb3379c3b094e47d63d5fdf8a6643f62de53052303717fbae55627ef664
e3482613b605f4d75537bca731fcd213024978e15a99c2d4c8afeee8943a8672
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629