urlscan.io logo urlscan.io
SecurityTrails logo

auth.nprod.hsbclife.com.sg Open in urlscan Pro
13.226.58.123  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://web.uat.ease.hsbclife.com.sg/
Effective URL: https://auth.nprod.hsbclife.com.sg/srp/ap-southeast-1_q4U4eyPSW/idp-initiated?SPID=DEV_sp_sg_ease_uat_web_ext__idp_apdcaxatechcom&r...
Submission Tags: @phishunt_io
Submission: On March 20 via api from DE — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 13.226.58.123, located in and belongs to . The main domain is auth.nprod.hsbclife.com.sg.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on April 19th 2022. Valid for: a year.
This is the only time auth.nprod.hsbclife.com.sg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 9 13.226.58.18 16509 (AMAZON-02)
2 13.113.159.78 16509 (AMAZON-02)
1 13.226.58.123 ()
17 4
Domain Requested by
9 web.uat.ease.hsbclife.com.sg 2 redirects web.uat.ease.hsbclife.com.sg
2 coretk-prod-disclosures.auraservices.cloud web.uat.ease.hsbclife.com.sg
1 auth.nprod.hsbclife.com.sg web.uat.ease.hsbclife.com.sg
auth.nprod.hsbclife.com.sg
0 d3ownpzpj4jdb9.cloudfront.net Failed auth.nprod.hsbclife.com.sg
17 4

This site contains no links.

Subject Issuer Validity Valid
web.uat.ease.hsbclife.com.sg
DigiCert SHA2 Extended Validation Server CA		 2022-04-19 -
2023-04-19		 a year crt.sh
*.auraservices.cloud
Go Daddy Secure Certificate Authority - G2		 2023-01-22 -
2024-02-23		 a year crt.sh
auth.nprod.hsbclife.com.sg
DigiCert SHA2 Extended Validation Server CA		 2022-04-19 -
2023-04-19		 a year crt.sh

This page contains 1 frames:

Primary Page: https://auth.nprod.hsbclife.com.sg/srp/ap-southeast-1_q4U4eyPSW/idp-initiated?SPID=DEV_sp_sg_ease_uat_web_ext__idp_apdcaxatechcom&relay_state=xxx
Frame ID: 1DB84D5E2BC6DD76C1194DF360AA9B87
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://web.uat.ease.hsbclife.com.sg/ Page URL
  2. https://web.uat.ease.hsbclife.com.sg/samlLogin HTTP 302
    https://web.uat.ease.hsbclife.com.sg/samlRedirect HTTP 302
    https://auth.nprod.hsbclife.com.sg/srp/ap-southeast-1_q4U4eyPSW/idp-initiated?SPID=DEV_sp_sg_ease_uat_web_ext__... Page URL

Page Statistics

17
Requests

59 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

2590 kB
Transfer

14338 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://web.uat.ease.hsbclife.com.sg/ Page URL
  2. https://web.uat.ease.hsbclife.com.sg/samlLogin HTTP 302
    https://web.uat.ease.hsbclife.com.sg/samlRedirect HTTP 302
    https://auth.nprod.hsbclife.com.sg/srp/ap-southeast-1_q4U4eyPSW/idp-initiated?SPID=DEV_sp_sg_ease_uat_web_ext__idp_apdcaxatechcom&relay_state=xxx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
web.uat.ease.hsbclife.com.sg/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web.uat.ease.hsbclife.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.58.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-58-18.mnl50.r.cloudfront.net
Software
/
Resource Hash
de00831c67f5f5c9df927d5c7719a681bcb3d44a895e3bd73c9e0908e267121a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
https://web.uat.ease.hsbclife.com.sg
cache-control
no-cache, no-store, must-revalidate
content-length
1448
content-type
text/html; charset=UTF-8
date
Mon, 20 Mar 2023 18:10:44 GMT
eab-token
523b97f24ab589dA
etag
W/"5a8-186e47f2be8"
expires
0
last-modified
Wed, 15 Mar 2023 08:59:45 GMT
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 1713453d529f258d1a5617b5179f82c4.cloudfront.net (CloudFront)
x-amz-cf-id
n-Rg8Td83mGdAkXd8asoBqDTROTfS0jIZoM7SlnDMZ2pAG3Js_h0gQ==
x-amz-cf-pop
MNL50-C1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
app.js
coretk-prod-disclosures.auraservices.cloud/disclosures/deui/ 		3 MB
687 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://coretk-prod-disclosures.auraservices.cloud/disclosures/deui/app.js
Requested by
Host: web.uat.ease.hsbclife.com.sg
URL: https://web.uat.ease.hsbclife.com.sg/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.113.159.78 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-113-159-78.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
4e2450ea86ebe1f85b6b90558aa5eaca3523d05df1e037d7b303a44d2eb3500f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://web.uat.ease.hsbclife.com.sg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 18:10:44 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 28 Feb 2023 19:20:52 GMT
x-prisma-event-id
0b0119e9-743a-4c09-68ef-2d5ed7040e9a
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=1
accept-ranges
bytes
app.css
coretk-prod-disclosures.auraservices.cloud/disclosures/deui/ 		190 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://coretk-prod-disclosures.auraservices.cloud/disclosures/deui/app.css
Requested by
Host: web.uat.ease.hsbclife.com.sg
URL: https://web.uat.ease.hsbclife.com.sg/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.113.159.78 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-113-159-78.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
2f8090b6647ee6ac16876a575867441e671fc3657e4fea8660b4f97feb698c23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://web.uat.ease.hsbclife.com.sg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 18:10:44 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 28 Feb 2023 19:20:52 GMT
x-prisma-event-id
4b913afb-9cae-87c2-5eb8-248a39c4df1d
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=1
accept-ranges
bytes
style.bfc6efb6c1bebbf75223.css
web.uat.ease.hsbclife.com.sg/ 		96 KB
96 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.uat.ease.hsbclife.com.sg/style.bfc6efb6c1bebbf75223.css
Requested by
Host: web.uat.ease.hsbclife.com.sg
URL: https://web.uat.ease.hsbclife.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.58.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-58-18.mnl50.r.cloudfront.net
Software
/
Resource Hash
b4a6eea7574ba26183390a112421777a36b680dba18ada11e06bc145fbf96b4e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://web.uat.ease.hsbclife.com.sg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 20 Mar 2023 18:10:44 GMT
x-content-type-options
nosniff
via
1.1 1713453d529f258d1a5617b5179f82c4.cloudfront.net (CloudFront)
x-amz-cf-pop
MNL50-C1
x-cache
Miss from cloudfront
content-length
97850
x-xss-protection
1; mode=block
eab-token
a3bf2A7F214856Ee
last-modified
Wed, 15 Mar 2023 08:59:45 GMT
etag
W/"17e3a-186e47f2be8"
x-frame-options
SAMEORIGIN
content-type
text/css; charset=UTF-8
cache-control
max-age=2592000
accept-ranges
bytes
x-amz-cf-id
8rj4F6akaA67dvVcpoR105KbkKYmU0dP0zWiThjxTIs1V_c96eYY0g==
expires
Wed, 19 Apr 2023 18:10:44 GMT
vendor.bundle.bfc6efb6c1bebbf75223.js
web.uat.ease.hsbclife.com.sg/ 		738 KB
191 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.uat.ease.hsbclife.com.sg/vendor.bundle.bfc6efb6c1bebbf75223.js
Requested by
Host: web.uat.ease.hsbclife.com.sg
URL: https://web.uat.ease.hsbclife.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.58.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-58-18.mnl50.r.cloudfront.net
Software
/
Resource Hash
a4a31732346eeabef85b2b6f4f2940f8b4d2ac2d8e53714bab6991295279d2a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://web.uat.ease.hsbclife.com.sg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 20 Mar 2023 18:10:44 GMT
x-content-type-options
nosniff
content-encoding
gzip
via
1.1 1713453d529f258d1a5617b5179f82c4.cloudfront.net (CloudFront)
x-amz-cf-pop
MNL50-C1
x-cache
Miss from cloudfront
content-length
194463
x-xss-protection
1; mode=block
eab-token
a08c63f0264a8498
last-modified
Wed, 15 Mar 2023 08:59:45 GMT
etag
W/"2f79f-186e47f2be8"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
max-age=2592000
accept-ranges
bytes
x-amz-cf-id
XvkAX6mcsigsl5Ve9j7tDbDgllFrADXHWDMXOGvK9Y1j1bl78S9U9w==
expires
Wed, 19 Apr 2023 18:10:44 GMT
bundle.bfc6efb6c1bebbf75223.js
web.uat.ease.hsbclife.com.sg/ 		10 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.uat.ease.hsbclife.com.sg/bundle.bfc6efb6c1bebbf75223.js
Requested by
Host: web.uat.ease.hsbclife.com.sg
URL: https://web.uat.ease.hsbclife.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.58.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-58-18.mnl50.r.cloudfront.net
Software
/
Resource Hash
b76fe181565354991326654614adbd6c9600fa1a6cb0ea5351c637abe01420ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://web.uat.ease.hsbclife.com.sg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 20 Mar 2023 18:10:44 GMT
x-content-type-options
nosniff
content-encoding
gzip
via
1.1 1713453d529f258d1a5617b5179f82c4.cloudfront.net (CloudFront)
x-amz-cf-pop
MNL50-C1
x-cache
Miss from cloudfront
content-length
1378740
x-xss-protection
1; mode=block
eab-token
15c94d9b304f4a8e
last-modified
Wed, 15 Mar 2023 08:59:44 GMT
etag
W/"1509b4-186e47f2800"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
max-age=2592000
accept-ranges
bytes
x-amz-cf-id
UI1P_g4cNjLNiEj5eB9hE7QX-udmsr51qYFKExiocCwop2GHyeVDOw==
expires
Wed, 19 Apr 2023 18:10:44 GMT
init
web.uat.ease.hsbclife.com.sg/ 		551 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.uat.ease.hsbclife.com.sg/init
Requested by
Host: web.uat.ease.hsbclife.com.sg
URL: https://web.uat.ease.hsbclife.com.sg/bundle.bfc6efb6c1bebbf75223.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.58.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-58-18.mnl50.r.cloudfront.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://web.uat.ease.hsbclife.com.sg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
eab-token
27Ba163e54ec89e2
x-content-type-options
nosniff
date
Mon, 20 Mar 2023 18:10:45 GMT
via
1.1 1713453d529f258d1a5617b5179f82c4.cloudfront.net (CloudFront)
x-amz-cf-pop
MNL50-C1
surrogate-control
no-store
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
x-amz-cf-id
A-FBX19E94JSmegoi_6mC2MmnBqdcmLjtlGdhbTgad26PuZUn5O6eg==
x-xss-protection
1; mode=block
expires
0
982386e2d4b16d8a061d83647e35c39c.ttf
web.uat.ease.hsbclife.com.sg/ 		116 KB
117 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web.uat.ease.hsbclife.com.sg/982386e2d4b16d8a061d83647e35c39c.ttf
Requested by
Host: web.uat.ease.hsbclife.com.sg
URL: https://web.uat.ease.hsbclife.com.sg/style.bfc6efb6c1bebbf75223.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.58.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-58-18.mnl50.r.cloudfront.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://web.uat.ease.hsbclife.com.sg/style.bfc6efb6c1bebbf75223.css
Origin
https://web.uat.ease.hsbclife.com.sg
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 20 Mar 2023 18:10:49 GMT
x-content-type-options
nosniff
via
1.1 1713453d529f258d1a5617b5179f82c4.cloudfront.net (CloudFront)
x-amz-cf-pop
MNL50-C1
x-cache
Miss from cloudfront
content-length
119080
x-xss-protection
1; mode=block
eab-token
a7e9D867da42a946
last-modified
Wed, 15 Mar 2023 08:59:39 GMT
etag
W/"1d128-186e47f1478"
x-frame-options
SAMEORIGIN
content-type
application/x-font-ttf
cache-control
max-age=2592000
accept-ranges
bytes
x-amz-cf-id
ZyuYy3Cohtenwxz3nMo_6z0cbARHqI5QTnVs6uvn8WnpdzJqHoS99A==
expires
Wed, 19 Apr 2023 18:10:49 GMT
ce8a7a5d8c76d57e5a384baa25fe6342.ttf
web.uat.ease.hsbclife.com.sg/ 		116 KB
117 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web.uat.ease.hsbclife.com.sg/ce8a7a5d8c76d57e5a384baa25fe6342.ttf
Requested by
Host: web.uat.ease.hsbclife.com.sg
URL: https://web.uat.ease.hsbclife.com.sg/style.bfc6efb6c1bebbf75223.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.58.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-58-18.mnl50.r.cloudfront.net
Software
/
Resource Hash
4385dc332185ab9396fc2e2f36409f207cac0fbeeeb43aae4a4fc3ad46799ef5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://web.uat.ease.hsbclife.com.sg/style.bfc6efb6c1bebbf75223.css
Origin
https://web.uat.ease.hsbclife.com.sg
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 20 Mar 2023 18:10:45 GMT
x-content-type-options
nosniff
via
1.1 1713453d529f258d1a5617b5179f82c4.cloudfront.net (CloudFront)
x-amz-cf-pop
MNL50-C1
x-cache
Miss from cloudfront
content-length
118804
x-xss-protection
1; mode=block
eab-token
dD51da4e95e4e4f8
last-modified
Wed, 15 Mar 2023 08:59:45 GMT
etag
W/"1d014-186e47f2be8"
x-frame-options
SAMEORIGIN
content-type
application/x-font-ttf
cache-control
max-age=2592000
accept-ranges
bytes
x-amz-cf-id
xv9FAGvwhj7ZVwEAlNlQL99PBXiB5kE2Okizh1LO6V-wljRyW6Lo0w==
expires
Wed, 19 Apr 2023 18:10:45 GMT
Primary Request idp-initiated
auth.nprod.hsbclife.com.sg/srp/ap-southeast-1_q4U4eyPSW/
Redirect Chain
  • https://web.uat.ease.hsbclife.com.sg/samlLogin
  • https://web.uat.ease.hsbclife.com.sg/samlRedirect
  • https://auth.nprod.hsbclife.com.sg/srp/ap-southeast-1_q4U4eyPSW/idp-initiated?SPID=DEV_sp_sg_ease_uat_web_ext__idp_apdcaxatechcom&relay_state=xxx
19 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.nprod.hsbclife.com.sg/srp/ap-southeast-1_q4U4eyPSW/idp-initiated?SPID=DEV_sp_sg_ease_uat_web_ext__idp_apdcaxatechcom&relay_state=xxx
Requested by
Host: web.uat.ease.hsbclife.com.sg
URL: https://web.uat.ease.hsbclife.com.sg/bundle.bfc6efb6c1bebbf75223.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.58.123 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://web.uat.ease.hsbclife.com.sg/#/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

cache-control
private
content-length
19781
content-type
text/html
date
Mon, 20 Mar 2023 18:10:51 GMT
via
1.1 b6fb44dcade9f34fa8a3d76b9aa3569e.cloudfront.net (CloudFront)
x-amz-cf-id
bXssTyVCb9bjMiZ1Hv2inGzTLOelIfcaZ4UZArAU2VZaiMWxApKEtg==
x-amz-cf-pop
MNL50-C1
x-cache
Miss from cloudfront
x-frame-options
DENY

Redirect headers

cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-length
342
content-type
text/html; charset=utf-8
date
Mon, 20 Mar 2023 18:10:49 GMT
eab-token
7ef78eb8c72346cb
expires
0
location
https://auth.nprod.hsbclife.com.sg/srp/ap-southeast-1_q4U4eyPSW/idp-initiated?SPID=DEV_sp_sg_ease_uat_web_ext__idp_apdcaxatechcom&relay_state=xxx
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
surrogate-control
no-store
vary
Accept
via
1.1 1713453d529f258d1a5617b5179f82c4.cloudfront.net (CloudFront)
x-amz-cf-id
yJmx_kmICf8NUOH74uaXuOKM5G2Wo3TJ9yN7Qs_g5i_5OrcYrL26xA==
x-amz-cf-pop
MNL50-C1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
bootstrap.min.css
auth.nprod.hsbclife.com.sg/rsrc/ 		0
0
cognito-login.css
auth.nprod.hsbclife.com.sg/rsrc/ 		0
0
jl9obvvallvohm6i9phj545fu.css
auth.nprod.hsbclife.com.sg/srp/ap-southeast-1_q4U4eyPSW/rsrc/ 		0
0
amazon-cognito-identity.js
auth.nprod.hsbclife.com.sg/rsrc/ 		0
0
custom.js
auth.nprod.hsbclife.com.sg/rsrc/ 		0
0
jquery-3.6.0.min.js
auth.nprod.hsbclife.com.sg/rsrc/ 		0
0
image.jpg
d3ownpzpj4jdb9.cloudfront.net/ap-southeast-1_q4U4eyPSW/ALL/20230119074317/assets/images/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
auth.nprod.hsbclife.com.sg
URL
https://auth.nprod.hsbclife.com.sg/rsrc/bootstrap.min.css
Domain
auth.nprod.hsbclife.com.sg
URL
https://auth.nprod.hsbclife.com.sg/rsrc/cognito-login.css
Domain
auth.nprod.hsbclife.com.sg
URL
https://auth.nprod.hsbclife.com.sg/srp/ap-southeast-1_q4U4eyPSW/rsrc/jl9obvvallvohm6i9phj545fu.css
Domain
auth.nprod.hsbclife.com.sg
URL
https://auth.nprod.hsbclife.com.sg/rsrc/amazon-cognito-identity.js
Domain
auth.nprod.hsbclife.com.sg
URL
https://auth.nprod.hsbclife.com.sg/rsrc/custom.js
Domain
auth.nprod.hsbclife.com.sg
URL
https://auth.nprod.hsbclife.com.sg/rsrc/jquery-3.6.0.min.js
Domain
d3ownpzpj4jdb9.cloudfront.net
URL
https://d3ownpzpj4jdb9.cloudfront.net/ap-southeast-1_q4U4eyPSW/ALL/20230119074317/assets/images/image.jpg

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

3 Cookies

Domain/Path Name / Value
web.uat.ease.hsbclife.com.sg/ Name: vssid
Value: s%3A236Hmf0Eu3E9E7ren9BnQ_rYHaiEPaKx.EwlO0HF04pVp5MtcqkqCR7l%2BjVxwNkeyMf3N0mrSFaI
web.uat.ease.hsbclife.com.sg/ Name: d8459bfbc8017090106bbf9e0c5a084b
Value: 79d736840362522d9e1e0f33e83aa32d
web.uat.ease.hsbclife.com.sg/ Name: lang
Value: undefined

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block