URL: https://mdm.sber.ru/
Submission: On March 24 via api from RU — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 84.252.150.55, located in Russian Federation and belongs to SBERBANK, RU. The main domain is mdm.sber.ru.
TLS certificate: Issued by SberCA Ext on August 22nd 2023. Valid for: a year.
This is the only time mdm.sber.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 84.252.150.55 35237 (SBERBANK)
11 1
Apex Domain
Subdomains
Transfer
11 sber.ru
mdm.sber.ru
460 KB
11 1
Domain Requested by
11 mdm.sber.ru mdm.sber.ru
11 1

This site contains no links.

Subject Issuer Validity Valid
mdm.sber.ru
SberCA Ext
2023-08-22 -
2024-08-21
a year crt.sh

This page contains 1 frames:

Primary Page: https://mdm.sber.ru/
Frame ID: 1776CA04BF854E8F5029586DE1CB69BD
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

RegPortal

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

460 kB
Transfer

455 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
mdm.sber.ru/
158 B
557 B
Document
General
Full URL
https://mdm.sber.ru/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
84.252.150.55 , Russian Federation, ASN35237 (SBERBANK, RU),
Reverse DNS
Software
SOWA /
Resource Hash
50ace46309055d975ef9524e13a2b08148e278d8fbc2fe0485714dcdc29f41c3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
158
Content-Type
text/html
Date
Sun, 24 Mar 2024 10:31:51 GMT
Server
SOWA
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always
etag
"65fff481-9e"
last-modified
Sun, 24 Mar 2024 09:38:09 GMT
x-envoy-upstream-service-time
2
bundle.js
mdm.sber.ru/dist/
306 KB
307 KB
Script
General
Full URL
https://mdm.sber.ru/dist/bundle.js
Requested by
Host: mdm.sber.ru
URL: https://mdm.sber.ru/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
84.252.150.55 , Russian Federation, ASN35237 (SBERBANK, RU),
Reverse DNS
Software
SOWA /
Resource Hash
592c35e901aa40afc182a0c850847d19b1150808f0ad7286fb73c16bd6a295e2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdm.sber.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 10:31:51 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always
last-modified
Sun, 24 Mar 2024 08:49:16 GMT
Server
SOWA
etag
"65ffe90c-4c9f2"
Content-Type
application/javascript; charset=utf-8
x-envoy-upstream-service-time
2
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
313842
status
mdm.sber.ru/spa/
22 B
869 B
XHR
General
Full URL
https://mdm.sber.ru/spa/status
Requested by
Host: mdm.sber.ru
URL: https://mdm.sber.ru/dist/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
84.252.150.55 , Russian Federation, ASN35237 (SBERBANK, RU),
Reverse DNS
Software
SOWA /
Resource Hash
a9b3ec55358152d296c9634fc641a72359ffe7f3b5d39f48d33616393e457b53
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://mdm.sber.ru/
Access-Control-Allow-Credentials
true
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 10:31:52 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always
Server
SOWA
x-frame-options
DENY
Content-Type
application/json
x-envoy-upstream-service-time
7
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22
login.html
mdm.sber.ru/static/templates/
4 KB
4 KB
XHR
General
Full URL
https://mdm.sber.ru/static/templates/login.html
Requested by
Host: mdm.sber.ru
URL: https://mdm.sber.ru/dist/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
84.252.150.55 , Russian Federation, ASN35237 (SBERBANK, RU),
Reverse DNS
Software
SOWA /
Resource Hash
6e1b6f48fa762ff7e05562a11528efc24b2fe8a5be67e92ec9627e59f6e2d332
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always

Request headers

Accept
application/json, text/plain, */*
Referer
https://mdm.sber.ru/
Access-Control-Allow-Credentials
true
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 10:31:52 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always
last-modified
Sun, 24 Mar 2024 09:55:49 GMT
Server
SOWA
etag
"65fff8a5-e61"
Content-Type
text/html; charset=utf-8
x-envoy-upstream-service-time
2
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3681
style.css
mdm.sber.ru/static/
13 KB
14 KB
Stylesheet
General
Full URL
https://mdm.sber.ru/static/style.css
Requested by
Host: mdm.sber.ru
URL: https://mdm.sber.ru/dist/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
84.252.150.55 , Russian Federation, ASN35237 (SBERBANK, RU),
Reverse DNS
Software
SOWA /
Resource Hash
7c131a46aab08d54870124f075547af93ef75eb5167e3c157e236a0704fdfb2d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdm.sber.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 10:31:52 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always
last-modified
Sun, 24 Mar 2024 08:49:16 GMT
Server
SOWA
etag
"65ffe90c-34d9"
Content-Type
text/css
x-envoy-upstream-service-time
2
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13529
config
mdm.sber.ru/spa/
46 B
268 B
XHR
General
Full URL
https://mdm.sber.ru/spa/config
Requested by
Host: mdm.sber.ru
URL: https://mdm.sber.ru/dist/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
84.252.150.55 , Russian Federation, ASN35237 (SBERBANK, RU),
Reverse DNS
Software
SOWA /
Resource Hash
b1f5eda1a0a488d9105c6b2bb1d434585430ac097154a87c96cf8179f421bede
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://mdm.sber.ru/
Access-Control-Allow-Credentials
true
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 10:31:52 GMT
x-envoy-upstream-service-time
7
Server
SOWA
Connection
keep-alive
Content-Length
46
x-frame-options
DENY
Content-Type
application/json
logo_login.svg
mdm.sber.ru/static/Images/
4 KB
5 KB
Image
General
Full URL
https://mdm.sber.ru/static/Images/logo_login.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
84.252.150.55 , Russian Federation, ASN35237 (SBERBANK, RU),
Reverse DNS
Software
SOWA /
Resource Hash
ba010b3e61b23494b7760f31f980d02668b80524beb4d54eb4a868634074f628
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdm.sber.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 10:31:52 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always
last-modified
Sun, 24 Mar 2024 09:38:09 GMT
Server
SOWA
etag
"65fff481-117d"
Content-Type
image/svg+xml
x-envoy-upstream-service-time
0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4477
ic-eye-line.svg
mdm.sber.ru/static/Images/
2 KB
2 KB
Image
General
Full URL
https://mdm.sber.ru/static/Images/ic-eye-line.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
84.252.150.55 , Russian Federation, ASN35237 (SBERBANK, RU),
Reverse DNS
Software
SOWA /
Resource Hash
aef9758f0d34a05f82c0a15eac76b960c29c3a09f36d572c6c8670bbbe0c6823
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdm.sber.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 10:31:52 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always
last-modified
Sun, 24 Mar 2024 09:55:49 GMT
Server
SOWA
etag
"65fff8a5-621"
Content-Type
image/svg+xml
x-envoy-upstream-service-time
5
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1569
qr_icon.svg
mdm.sber.ru/static/Images/
2 KB
2 KB
Image
General
Full URL
https://mdm.sber.ru/static/Images/qr_icon.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
84.252.150.55 , Russian Federation, ASN35237 (SBERBANK, RU),
Reverse DNS
Software
SOWA /
Resource Hash
8959c8381d8085b054ed15bb8d2bf9b6f767a4805b8bd5067aa994c4413779e0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdm.sber.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 10:31:52 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always
last-modified
Sun, 24 Mar 2024 08:49:16 GMT
Server
SOWA
etag
"65ffe90c-623"
Content-Type
image/svg+xml
x-envoy-upstream-service-time
1
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1571
Roboto-Regular.woff2
mdm.sber.ru/static/fonts/Regular/
62 KB
62 KB
Font
General
Full URL
https://mdm.sber.ru/static/fonts/Regular/Roboto-Regular.woff2?v=1.1.0
Requested by
Host: mdm.sber.ru
URL: https://mdm.sber.ru/static/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
84.252.150.55 , Russian Federation, ASN35237 (SBERBANK, RU),
Reverse DNS
Software
SOWA /
Resource Hash
cc7b26ac53700f78f8a452be6d14f14943e88dceb14edf64cddceba6e66f3f5e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always

Request headers

Referer
https://mdm.sber.ru/static/style.css
Origin
https://mdm.sber.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 10:31:52 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always
last-modified
Sun, 24 Mar 2024 09:37:51 GMT
Server
SOWA
etag
"65fff46f-f7b4"
Content-Type
font/woff2
x-envoy-upstream-service-time
2
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
63412
Roboto-Medium.woff2
mdm.sber.ru/static/fonts/Medium/
62 KB
63 KB
Font
General
Full URL
https://mdm.sber.ru/static/fonts/Medium/Roboto-Medium.woff2?v=1.1.0
Requested by
Host: mdm.sber.ru
URL: https://mdm.sber.ru/static/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
84.252.150.55 , Russian Federation, ASN35237 (SBERBANK, RU),
Reverse DNS
Software
SOWA /
Resource Hash
5efafd26d85f9d6c3340aa7b81aff0a4d9fe27d8f9ec9885565afb9fa2097d91
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always

Request headers

Referer
https://mdm.sber.ru/static/style.css
Origin
https://mdm.sber.ru
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Sun, 24 Mar 2024 10:31:52 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always
last-modified
Sun, 24 Mar 2024 09:37:51 GMT
Server
SOWA
etag
"65fff46f-f92c"
Content-Type
font/woff2
x-envoy-upstream-service-time
1
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
63788

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| clearImmediate function| setImmediate object| core object| regeneratorRuntime boolean| _babelPolyfill function| saveAs

3 Cookies

Domain/Path Name / Value
mdm.sber.ru/ Name: language
Value: ru
mdm.sber.ru/ Name: jwt_cookie
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjE3MTE0NDkxMTJ9.YDyZ1FcF590w0XRiaYTm27oOtPoEX73g5AjTdtgjLrWkYssqJauKgy-zA-pmIEfomEy_vo9ty8ct1I99U1KAT-nz7_tUm3kEtzM5OTiVtqM5l1s2Qxop-K_fCPu6HfxBGAItoTWvoo67-5S_-Bg9nIqjCmxYRIClwJbKJLwM9VErBJssbOBtgnTAGgTW2272G8kXfxR2BoRotAUrkw3wQitoSws71HnTZhfck_dFGUdzc83zPVnlBOi9EYQPoi236Yx8EPi-BZeVjacscTR-v9Y7_6iMTdg_jpp8xm7HFWNohqeMmZEFwtbHW_U0b6AiB6kFzhZu7Tbk7-0ycW1dsg
mdm.sber.ru/ Name: exit
Value: false

2 Console Messages

Source Level URL
Text
security error URL: https://mdm.sber.ru/
Message:
Unrecognized Content-Security-Policy directive 'always'.
network error URL: https://mdm.sber.ru/spa/config
Message:
Failed to load resource: the server responded with a status of 500 (Internal Server Error)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; always