urlscan.io logo urlscan.io
SecurityTrails logo

idp.dev-saas.zeb-it.de Open in urlscan Pro
3.67.125.65  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://csm.qa-demobank.dev-saas.zeb-it.de/
Effective URL: https://idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/auth?client_id=zeb-csm-qa&redirect_uri=https%3A%2F%...
Submission: On October 11 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 18 HTTP transactions. The main IP is 3.67.125.65, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is idp.dev-saas.zeb-it.de.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 14th 2023. Valid for: a year.
This is the only time idp.dev-saas.zeb-it.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 108.156.172.73 16509 (AMAZON-02)
12 3.67.125.65 16509 (AMAZON-02)
18 2
Apex Domain
Subdomains		 Transfer
18 zeb-it.de
csm.qa-demobank.dev-saas.zeb-it.de
idp.dev-saas.zeb-it.de
656 KB
18 1
Domain Requested by
12 idp.dev-saas.zeb-it.de csm.qa-demobank.dev-saas.zeb-it.de
idp.dev-saas.zeb-it.de
6 csm.qa-demobank.dev-saas.zeb-it.de csm.qa-demobank.dev-saas.zeb-it.de
18 2

This site contains no links.

Subject Issuer Validity Valid
csm.qa-demobank.dev-saas.zeb-it.de
Amazon RSA 2048 M01		 2023-09-11 -
2024-10-09		 a year crt.sh
dev-saas.zeb-it.de
Amazon RSA 2048 M02		 2023-02-14 -
2024-01-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/auth?client_id=zeb-csm-qa&redirect_uri=https%3A%2F%2Fcsm.qa-demobank.dev-saas.zeb-it.de%2F&response_type=code&scope=profile+email+openid&state=237e4edd3fa2424289feb20edd8b6423&code_challenge=S_VUB84ESV5XTBvcefM4gyXQFNUXJOXp28xyKmCSaYI&code_challenge_method=S256&response_mode=query
Frame ID: DC13962B6CF085E465A759E7163A3448
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to demobank

Page URL History Show full URLs

  1. https://csm.qa-demobank.dev-saas.zeb-it.de/ Page URL
  2. https://idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/auth?client_id=zeb-csm-qa&redir... Page URL

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

2
Countries

656 kB
Transfer

2735 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://csm.qa-demobank.dev-saas.zeb-it.de/ Page URL
  2. https://idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/auth?client_id=zeb-csm-qa&redirect_uri=https%3A%2F%2Fcsm.qa-demobank.dev-saas.zeb-it.de%2F&response_type=code&scope=profile+email+openid&state=237e4edd3fa2424289feb20edd8b6423&code_challenge=S_VUB84ESV5XTBvcefM4gyXQFNUXJOXp28xyKmCSaYI&code_challenge_method=S256&response_mode=query Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
csm.qa-demobank.dev-saas.zeb-it.de/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://csm.qa-demobank.dev-saas.zeb-it.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.172.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-172-73.cmh68.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
db78a4cea5a6f159e987cfccd07672df97cd44425c4969227999ce38082aa811
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self';object-src 'none';connect-src 'self' https://idp.dev-saas.zeb-it.de;frame-src 'self' https://idp.dev-saas.zeb-it.de;style-src-elem 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'sha256-qoI0EwKOZuUBNSS7tXDVFHIj0/6Ay/z7piawJLKSJMw=';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
br
content-security-policy
default-src 'self';script-src 'self';object-src 'none';connect-src 'self' https://idp.dev-saas.zeb-it.de;frame-src 'self' https://idp.dev-saas.zeb-it.de;style-src-elem 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'sha256-qoI0EwKOZuUBNSS7tXDVFHIj0/6Ay/z7piawJLKSJMw=';
content-type
text/html
date
Wed, 11 Oct 2023 07:46:51 GMT
etag
W/"cee0ba2b87ec63d94f0220e1eb1ee3f3"
last-modified
Tue, 19 Sep 2023 06:51:12 GMT
referrer-policy
strict-origin-when-cross-origin
server
AmazonS3
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 6600f36fdbb63d37961eb0d99869f3fa.cloudfront.net (CloudFront)
x-amz-cf-id
VdO_YAaHhlIV-0zWZNSuEB4VTZLRRg0OfOfSPSzIQzWvE5jl7e70Ng==
x-amz-cf-pop
CMH68-P1
x-amz-server-side-encryption
AES256
x-amz-version-id
EZmvbz7lzpkqATepFNZXKwPdtGIomOzh
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
main.900b0a3e.js
csm.qa-demobank.dev-saas.zeb-it.de/static/js/ 		757 KB
204 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://csm.qa-demobank.dev-saas.zeb-it.de/static/js/main.900b0a3e.js
Requested by
Host: csm.qa-demobank.dev-saas.zeb-it.de
URL: https://csm.qa-demobank.dev-saas.zeb-it.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.172.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-172-73.cmh68.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d7e1377e7ce1ca4efe49b4f5313fba5cab647f5961b08400501767f8ee7ff0f4
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self';object-src 'none';connect-src 'self' https://idp.dev-saas.zeb-it.de;frame-src 'self' https://idp.dev-saas.zeb-it.de;style-src-elem 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'sha256-qoI0EwKOZuUBNSS7tXDVFHIj0/6Ay/z7piawJLKSJMw=';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://csm.qa-demobank.dev-saas.zeb-it.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:51 GMT
x-amz-version-id
nsdfBP2aaXCRbqz6C4O62aNuvP23CI6Z
content-encoding
br
content-security-policy
default-src 'self';script-src 'self';object-src 'none';connect-src 'self' https://idp.dev-saas.zeb-it.de;frame-src 'self' https://idp.dev-saas.zeb-it.de;style-src-elem 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'sha256-qoI0EwKOZuUBNSS7tXDVFHIj0/6Ay/z7piawJLKSJMw=';
via
1.1 6600f36fdbb63d37961eb0d99869f3fa.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
CMH68-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 19 Sep 2023 06:51:12 GMT
server
AmazonS3
etag
W/"eb3781934c7efc7223819a118e1f009b"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
x-amz-cf-id
sWgOBUVG1fQYJUjCDlDfvbNu76WKNJPtP7Qp67jXzfcg_dXQEyiwiA==
main.ec2afee5.css
csm.qa-demobank.dev-saas.zeb-it.de/static/css/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://csm.qa-demobank.dev-saas.zeb-it.de/static/css/main.ec2afee5.css
Requested by
Host: csm.qa-demobank.dev-saas.zeb-it.de
URL: https://csm.qa-demobank.dev-saas.zeb-it.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.172.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-172-73.cmh68.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bf0d5280911cc80247bd4a7c9a080ad624e6b82ca7ece9322fee4e7544a267fd
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self';object-src 'none';connect-src 'self' https://idp.dev-saas.zeb-it.de;frame-src 'self' https://idp.dev-saas.zeb-it.de;style-src-elem 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'sha256-qoI0EwKOZuUBNSS7tXDVFHIj0/6Ay/z7piawJLKSJMw=';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://csm.qa-demobank.dev-saas.zeb-it.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:51 GMT
x-amz-version-id
Y4ZsyNkcUfPgLKt3o5SRaXA6NC6mu9d5
content-encoding
br
content-security-policy
default-src 'self';script-src 'self';object-src 'none';connect-src 'self' https://idp.dev-saas.zeb-it.de;frame-src 'self' https://idp.dev-saas.zeb-it.de;style-src-elem 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'sha256-qoI0EwKOZuUBNSS7tXDVFHIj0/6Ay/z7piawJLKSJMw=';
via
1.1 6600f36fdbb63d37961eb0d99869f3fa.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
CMH68-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 19 Sep 2023 06:51:12 GMT
server
AmazonS3
etag
W/"4dd01795788c38b9628a4f5c29aebc6b"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-amz-cf-id
LduWdC3mVeTGTRxQ6RYB8R4FFKnRDFuTZIBaWYAKIFvaGHEjcVzVaA==
config
csm.qa-demobank.dev-saas.zeb-it.de/ 		172 B
566 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://csm.qa-demobank.dev-saas.zeb-it.de/config
Requested by
Host: csm.qa-demobank.dev-saas.zeb-it.de
URL: https://csm.qa-demobank.dev-saas.zeb-it.de/static/js/main.900b0a3e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.172.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-172-73.cmh68.r.cloudfront.net
Software
/
Resource Hash
09d45d65d2e2a3cc5d03c67f7d5f593ff1884a2126ccd628d49d8efe63869b70
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://csm.qa-demobank.dev-saas.zeb-it.de/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:52 GMT
via
1.1 6600f36fdbb63d37961eb0d99869f3fa.cloudfront.net (CloudFront)
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
CMH68-P1
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
application/json
x-amz-cf-id
W1MQN7HpnYGzUC1JLQWOhp9FGkOVMJih9ckEu5eQmUobxBdLVuoijQ==
x-xss-protection
1; mode=block
apigw-requestid
MoHk8iqjliAEPpQ=
content-length
172
roboto-latin-500-normal.f25d774ecfe0996f8eb5.woff2
csm.qa-demobank.dev-saas.zeb-it.de/static/media/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://csm.qa-demobank.dev-saas.zeb-it.de/static/media/roboto-latin-500-normal.f25d774ecfe0996f8eb5.woff2
Requested by
Host: csm.qa-demobank.dev-saas.zeb-it.de
URL: https://csm.qa-demobank.dev-saas.zeb-it.de/static/css/main.ec2afee5.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.172.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-172-73.cmh68.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self';object-src 'none';connect-src 'self' https://idp.dev-saas.zeb-it.de;frame-src 'self' https://idp.dev-saas.zeb-it.de;style-src-elem 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'sha256-qoI0EwKOZuUBNSS7tXDVFHIj0/6Ay/z7piawJLKSJMw=';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://csm.qa-demobank.dev-saas.zeb-it.de/static/css/main.ec2afee5.css
Origin
https://csm.qa-demobank.dev-saas.zeb-it.de
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:54 GMT
x-amz-version-id
u4fx5BPADHysHr3NTMzqzo92dht.SDWf
via
1.1 6600f36fdbb63d37961eb0d99869f3fa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self';script-src 'self';object-src 'none';connect-src 'self' https://idp.dev-saas.zeb-it.de;frame-src 'self' https://idp.dev-saas.zeb-it.de;style-src-elem 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'sha256-qoI0EwKOZuUBNSS7tXDVFHIj0/6Ay/z7piawJLKSJMw=';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
CMH68-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
15920
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 19 Sep 2023 06:51:13 GMT
server
AmazonS3
etag
"3a44e06eb954b96aa043227f3534189d"
x-frame-options
SAMEORIGIN
content-type
font/woff2
accept-ranges
bytes
x-amz-cf-id
ZZuevg2ivNpIjRvkGobUDTK9wjc7Vi2UbfDyoTUCpCcjiUFPEbOlYw==
roboto-latin-400-normal.b009a76ad6afe4ebd301.woff2
csm.qa-demobank.dev-saas.zeb-it.de/static/media/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://csm.qa-demobank.dev-saas.zeb-it.de/static/media/roboto-latin-400-normal.b009a76ad6afe4ebd301.woff2
Requested by
Host: csm.qa-demobank.dev-saas.zeb-it.de
URL: https://csm.qa-demobank.dev-saas.zeb-it.de/static/css/main.ec2afee5.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.172.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-172-73.cmh68.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self';object-src 'none';connect-src 'self' https://idp.dev-saas.zeb-it.de;frame-src 'self' https://idp.dev-saas.zeb-it.de;style-src-elem 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'sha256-qoI0EwKOZuUBNSS7tXDVFHIj0/6Ay/z7piawJLKSJMw=';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://csm.qa-demobank.dev-saas.zeb-it.de/static/css/main.ec2afee5.css
Origin
https://csm.qa-demobank.dev-saas.zeb-it.de
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:54 GMT
x-amz-version-id
sQLOC7lhaJrwqoU12cZrMo8adh6hYeqp
via
1.1 6600f36fdbb63d37961eb0d99869f3fa.cloudfront.net (CloudFront)
content-security-policy
default-src 'self';script-src 'self';object-src 'none';connect-src 'self' https://idp.dev-saas.zeb-it.de;frame-src 'self' https://idp.dev-saas.zeb-it.de;style-src-elem 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'sha256-qoI0EwKOZuUBNSS7tXDVFHIj0/6Ay/z7piawJLKSJMw=';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
CMH68-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
15744
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 19 Sep 2023 06:51:13 GMT
server
AmazonS3
etag
"15d9f621c3bd1599f0169dcf0bd5e63e"
x-frame-options
SAMEORIGIN
content-type
font/woff2
accept-ranges
bytes
x-amz-cf-id
n1L50efUvPXOLBC5ttaeeVErDW5Jfh8euImuLy0PG9kZUtv64pQVag==
openid-configuration
idp.dev-saas.zeb-it.de/auth/realms/demobank/.well-known/ 		6 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://idp.dev-saas.zeb-it.de/auth/realms/demobank/.well-known/openid-configuration
Requested by
Host: csm.qa-demobank.dev-saas.zeb-it.de
URL: https://csm.qa-demobank.dev-saas.zeb-it.de/static/js/main.900b0a3e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/jwk-set+json, application/json
Referer
https://csm.qa-demobank.dev-saas.zeb-it.de/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://csm.qa-demobank.dev-saas.zeb-it.de
cache-control
no-cache, must-revalidate, no-transform, no-store
access-control-allow-credentials
true
content-length
6159
x-xss-protection
1; mode=block
Primary Request auth
idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/ 		5 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/auth?client_id=zeb-csm-qa&redirect_uri=https%3A%2F%2Fcsm.qa-demobank.dev-saas.zeb-it.de%2F&response_type=code&scope=profile+email+openid&state=237e4edd3fa2424289feb20edd8b6423&code_challenge=S_VUB84ESV5XTBvcefM4gyXQFNUXJOXp28xyKmCSaYI&code_challenge_method=S256&response_mode=query
Requested by
Host: csm.qa-demobank.dev-saas.zeb-it.de
URL: https://csm.qa-demobank.dev-saas.zeb-it.de/static/js/main.900b0a3e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
3f4e6409e6ba362d5f4733bbccf086eb2200d164c9e0fb1d6c8ef5a280cabb01
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://csm.qa-demobank.dev-saas.zeb-it.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, must-revalidate, max-age=0
content-language
en
content-length
5473
content-security-policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
content-type
text/html;charset=utf-8
date
Wed, 11 Oct 2023 07:46:53 GMT
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
DENY
x-robots-tag
none
x-xss-protection
1; mode=block
base.css
idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/web_modules/@patternfly/react-core/dist/styles/ 		42 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/web_modules/@patternfly/react-core/dist/styles/base.css
Requested by
Host: idp.dev-saas.zeb-it.de
URL: https://idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/auth?client_id=zeb-csm-qa&redirect_uri=https%3A%2F%2Fcsm.qa-demobank.dev-saas.zeb-it.de%2F&response_type=code&scope=profile+email+openid&state=237e4edd3fa2424289feb20edd8b6423&code_challenge=S_VUB84ESV5XTBvcefM4gyXQFNUXJOXp28xyKmCSaYI&code_challenge_method=S256&response_mode=query
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
4891821ebc2db4c531ab849f7ce3231cde07f577c15656d7e0ace02e15f047ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
6133
x-xss-protection
1; mode=block
app.css
idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/web_modules/@patternfly/react-core/dist/styles/ 		1 MB
112 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/web_modules/@patternfly/react-core/dist/styles/app.css
Requested by
Host: idp.dev-saas.zeb-it.de
URL: https://idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/auth?client_id=zeb-csm-qa&redirect_uri=https%3A%2F%2Fcsm.qa-demobank.dev-saas.zeb-it.de%2F&response_type=code&scope=profile+email+openid&state=237e4edd3fa2424289feb20edd8b6423&code_challenge=S_VUB84ESV5XTBvcefM4gyXQFNUXJOXp28xyKmCSaYI&code_challenge_method=S256&response_mode=query
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
ff81481972ad27009d3338918091137ffaa5df45aee54d93bd770aab6692bb0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
x-xss-protection
1; mode=block
patternfly.min.css
idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/node_modules/patternfly/dist/css/ 		178 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/node_modules/patternfly/dist/css/patternfly.min.css
Requested by
Host: idp.dev-saas.zeb-it.de
URL: https://idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/auth?client_id=zeb-csm-qa&redirect_uri=https%3A%2F%2Fcsm.qa-demobank.dev-saas.zeb-it.de%2F&response_type=code&scope=profile+email+openid&state=237e4edd3fa2424289feb20edd8b6423&code_challenge=S_VUB84ESV5XTBvcefM4gyXQFNUXJOXp28xyKmCSaYI&code_challenge_method=S256&response_mode=query
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
acb255de3945454dfc45b4becf811efb182d3fbd67b784e0f9dd4e4c69a7264c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
x-xss-protection
1; mode=block
patternfly-additions.min.css
idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/node_modules/patternfly/dist/css/ 		220 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/node_modules/patternfly/dist/css/patternfly-additions.min.css
Requested by
Host: idp.dev-saas.zeb-it.de
URL: https://idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/auth?client_id=zeb-csm-qa&redirect_uri=https%3A%2F%2Fcsm.qa-demobank.dev-saas.zeb-it.de%2F&response_type=code&scope=profile+email+openid&state=237e4edd3fa2424289feb20edd8b6423&code_challenge=S_VUB84ESV5XTBvcefM4gyXQFNUXJOXp28xyKmCSaYI&code_challenge_method=S256&response_mode=query
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2a765f666a686821e3e144abd003dafd3d7409325222fc9fd2664164f833795b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
x-xss-protection
1; mode=block
pficon.css
idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/lib/pficon/ 		540 B
548 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/lib/pficon/pficon.css
Requested by
Host: idp.dev-saas.zeb-it.de
URL: https://idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/auth?client_id=zeb-csm-qa&redirect_uri=https%3A%2F%2Fcsm.qa-demobank.dev-saas.zeb-it.de%2F&response_type=code&scope=profile+email+openid&state=237e4edd3fa2424289feb20edd8b6423&code_challenge=S_VUB84ESV5XTBvcefM4gyXQFNUXJOXp28xyKmCSaYI&code_challenge_method=S256&response_mode=query
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
d84235c3a967dfe986e6bee6955bccbe3829feb6a823000385918aa0c312e5c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
316
x-xss-protection
1; mode=block
login.css
idp.dev-saas.zeb-it.de/auth/resources/ovlsy/login/keycloak/css/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/login/keycloak/css/login.css
Requested by
Host: idp.dev-saas.zeb-it.de
URL: https://idp.dev-saas.zeb-it.de/auth/realms/demobank/protocol/openid-connect/auth?client_id=zeb-csm-qa&redirect_uri=https%3A%2F%2Fcsm.qa-demobank.dev-saas.zeb-it.de%2F&response_type=code&scope=profile+email+openid&state=237e4edd3fa2424289feb20edd8b6423&code_challenge=S_VUB84ESV5XTBvcefM4gyXQFNUXJOXp28xyKmCSaYI&code_challenge_method=S256&response_mode=query
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
736b1722746142ded17b4fb28f2aa45b045b20ae3be90401e9939a6498e8a707
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
content-length
2745
x-xss-protection
1; mode=block
keycloak-bg.png
idp.dev-saas.zeb-it.de/auth/resources/ovlsy/login/keycloak/img/ 		80 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/login/keycloak/img/keycloak-bg.png
Requested by
Host: idp.dev-saas.zeb-it.de
URL: https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/login/keycloak/css/login.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0825175291be11f7689e8718295e422bb6fa4f8fefccc5610292b720c701ac4e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
cache-control
max-age=2592000
x-xss-protection
1; mode=block
content-type
image/png
keycloak-logo-text.png
idp.dev-saas.zeb-it.de/auth/resources/ovlsy/login/keycloak/img/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/login/keycloak/img/keycloak-logo-text.png
Requested by
Host: idp.dev-saas.zeb-it.de
URL: https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/login/keycloak/css/login.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
f23fc071f436807ccaf23fe847ccd7467c4d8c4f9f31207924128dafdf13497d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
cache-control
max-age=2592000
x-xss-protection
1; mode=block
content-type
image/png
OpenSans-Regular-webfont.woff2
idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/node_modules/patternfly/dist/fonts/ 		61 KB
59 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/node_modules/patternfly/dist/fonts/OpenSans-Regular-webfont.woff2
Requested by
Host: idp.dev-saas.zeb-it.de
URL: https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/node_modules/patternfly/dist/css/patternfly.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
3cfb28778895d6adca324710b2000c6e15ef5a7b88d461f39b29ff6fb877b778
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://idp.dev-saas.zeb-it.de
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
application/octet-stream
cache-control
max-age=2592000
x-xss-protection
1; mode=block
OpenSans-Light-webfont.woff2
idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/node_modules/patternfly/dist/fonts/ 		62 KB
60 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.woff2
Requested by
Host: idp.dev-saas.zeb-it.de
URL: https://idp.dev-saas.zeb-it.de/auth/resources/ovlsy/common/keycloak/node_modules/patternfly/dist/css/patternfly.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.125.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-125-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
19edd2b018063320559188548b225aa63914bbc90fb756bc26872db1669e89f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://idp.dev-saas.zeb-it.de
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 11 Oct 2023 07:46:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
content-type
application/octet-stream
cache-control
max-age=2592000
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Domain/Path Name / Value
idp.dev-saas.zeb-it.de/auth/realms/demobank/ Name: AUTH_SESSION_ID
Value: 59f68d49-51db-4abd-bea7-58b6f0bd4fd7.keycloak-0-56217
idp.dev-saas.zeb-it.de/auth/realms/demobank/ Name: AUTH_SESSION_ID_LEGACY
Value: 59f68d49-51db-4abd-bea7-58b6f0bd4fd7.keycloak-0-56217
idp.dev-saas.zeb-it.de/auth/realms/demobank/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhN2ZmOTQwYS05YjgxLTQ5MTMtYmVkZC02ODMwZTdhNTA4YWIifQ.eyJjaWQiOiJ6ZWItY3NtLXFhIiwicHR5Ijoib3BlbmlkLWNvbm5lY3QiLCJydXJpIjoiaHR0cHM6Ly9jc20ucWEtZGVtb2JhbmsuZGV2LXNhYXMuemViLWl0LmRlLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoicHJvZmlsZSBlbWFpbCBvcGVuaWQiLCJpc3MiOiJodHRwczovL2lkcC5kZXYtc2Fhcy56ZWItaXQuZGUvYXV0aC9yZWFsbXMvZGVtb2JhbmsiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJyZWRpcmVjdF91cmkiOiJodHRwczovL2NzbS5xYS1kZW1vYmFuay5kZXYtc2Fhcy56ZWItaXQuZGUvIiwic3RhdGUiOiIyMzdlNGVkZDNmYTI0MjQyODlmZWIyMGVkZDhiNjQyMyIsImNvZGVfY2hhbGxlbmdlIjoiU19WVUI4NEVTVjVYVEJ2Y2VmTTRneVhRRk5VWEpPWHAyOHh5S21DU2FZSSIsInJlc3BvbnNlX21vZGUiOiJxdWVyeSJ9fQ.CiTjwQsmlFDg63zweVUHl2nHQPd6SeW-CxL79KQNSF8

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';script-src 'self';object-src 'none';connect-src 'self' https://idp.dev-saas.zeb-it.de;frame-src 'self' https://idp.dev-saas.zeb-it.de;style-src-elem 'self' 'unsafe-inline';style-src-attr 'self' 'unsafe-hashes' 'sha256-qoI0EwKOZuUBNSS7tXDVFHIj0/6Ay/z7piawJLKSJMw=';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block