urlscan.io logo urlscan.io
SecurityTrails logo

federation-q.auth.schwarz Open in urlscan Pro
185.124.192.204  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://uim-ui.dev.sit.svc.odj.cloud/
Effective URL: https://federation-q.auth.schwarz/nidp/oauth/nam/authz?client_id=82379c1c-2c86-4e34-afb8-60cfd6105f4d&redirect_uri=https%3A%2F%2Fu...
Submission: On June 22 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 185.124.192.204, located in Heilbronn, Germany and belongs to SCHWARZ-IT-LEGACY, DE. The main domain is federation-q.auth.schwarz.
TLS certificate: Issued by SwissSign RSA TLS EV ICA 2022 - 1 on October 24th 2023. Valid for: a year.
This is the only time federation-q.auth.schwarz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 192.214.160.211 44076 (SCHWARZ-IT)
3 185.124.192.204 211768 (SCHWARZ-I...)
7 2
Apex Domain
Subdomains		 Transfer
4 odj.cloud
uim-ui.dev.sit.svc.odj.cloud
427 KB
3 auth.schwarz
federation-q.auth.schwarz
6 KB
7 2
Domain Requested by
4 uim-ui.dev.sit.svc.odj.cloud uim-ui.dev.sit.svc.odj.cloud
3 federation-q.auth.schwarz uim-ui.dev.sit.svc.odj.cloud
7 2

This site contains no links.

Subject Issuer Validity Valid
uim-ui.dev.sit.svc.odj.cloud
R11		 2024-06-19 -
2024-09-17		 3 months crt.sh
federation-q.auth.schwarz
SwissSign RSA TLS EV ICA 2022 - 1		 2023-10-24 -
2024-10-24		 a year crt.sh

This page contains 1 frames:

Primary Page: https://federation-q.auth.schwarz/nidp/oauth/nam/authz?client_id=82379c1c-2c86-4e34-afb8-60cfd6105f4d&redirect_uri=https%3A%2F%2Fuim-ui.dev.sit.svc.odj.cloud&response_type=code&scope=wawi-ium+ium-with-country&state=f6dc6031c74e4ecca7b4663e689edf73&code_challenge=jqjhta3kWmVAc8mrDD7vilGEYHPkRql8hjRRWkScRX4&code_challenge_method=S256&response_mode=query
Frame ID: 69D597D06A87C9B46CAB643001D741B4
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://uim-ui.dev.sit.svc.odj.cloud/ Page URL
  2. https://federation-q.auth.schwarz/nidp/oauth/nam/authz?client_id=82379c1c-2c86-4e34-afb8-60cfd6105f4d&redirect... Page URL

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

433 kB
Transfer

1765 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://uim-ui.dev.sit.svc.odj.cloud/ Page URL
  2. https://federation-q.auth.schwarz/nidp/oauth/nam/authz?client_id=82379c1c-2c86-4e34-afb8-60cfd6105f4d&redirect_uri=https%3A%2F%2Fuim-ui.dev.sit.svc.odj.cloud&response_type=code&scope=wawi-ium+ium-with-country&state=f6dc6031c74e4ecca7b4663e689edf73&code_challenge=jqjhta3kWmVAc8mrDD7vilGEYHPkRql8hjRRWkScRX4&code_challenge_method=S256&response_mode=query Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
uim-ui.dev.sit.svc.odj.cloud/ 		902 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uim-ui.dev.sit.svc.odj.cloud/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.214.160.211 -, , ASN44076 (SCHWARZ-IT, DE),
Reverse DNS
Software
/
Resource Hash
efad01d8f4c67e784a1d996cb377bbdca5c52be06ee9ea84b4fa7f90a89fe24e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
content-length
902
content-type
text/html
date
Sat, 22 Jun 2024 03:53:42 GMT
etag
"6675478c-386"
last-modified
Fri, 21 Jun 2024 09:27:40 GMT
strict-transport-security
max-age=15724800; includeSubDomains
index-b7f6fc7f.js
uim-ui.dev.sit.svc.odj.cloud/assets/ 		2 MB
417 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uim-ui.dev.sit.svc.odj.cloud/assets/index-b7f6fc7f.js
Requested by
Host: uim-ui.dev.sit.svc.odj.cloud
URL: https://uim-ui.dev.sit.svc.odj.cloud/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.214.160.211 -, , ASN44076 (SCHWARZ-IT, DE),
Reverse DNS
Software
/
Resource Hash
1fc06d7ae04e1ea2cbca2b1b98938c7d48e881ee152a718a76b6bd6cc5be7761
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://uim-ui.dev.sit.svc.odj.cloud/
Origin
https://uim-ui.dev.sit.svc.odj.cloud
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 22 Jun 2024 03:53:42 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 21 Jun 2024 09:21:17 GMT
etag
W/"6675460d-1adfbc"
content-type
application/javascript
cache-control
max-age=31536000, public
expires
Sun, 22 Jun 2025 03:53:42 GMT
index-5b90262e.css
uim-ui.dev.sit.svc.odj.cloud/assets/ 		40 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uim-ui.dev.sit.svc.odj.cloud/assets/index-5b90262e.css
Requested by
Host: uim-ui.dev.sit.svc.odj.cloud
URL: https://uim-ui.dev.sit.svc.odj.cloud/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.214.160.211 -, , ASN44076 (SCHWARZ-IT, DE),
Reverse DNS
Software
/
Resource Hash
9c4bca8fa05e19e1f78e74aeb724cefcebc739d4151dc7888afe480f55e46c77
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://uim-ui.dev.sit.svc.odj.cloud/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 22 Jun 2024 03:53:42 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 21 Jun 2024 09:21:17 GMT
etag
W/"6675460d-a15b"
content-type
text/css
cache-control
max-age=31536000, public
expires
Sun, 22 Jun 2025 03:53:42 GMT
openid-configuration
federation-q.auth.schwarz/nidp/oauth/nam/.well-known/ 		2 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://federation-q.auth.schwarz/nidp/oauth/nam/.well-known/openid-configuration
Requested by
Host: uim-ui.dev.sit.svc.odj.cloud
URL: https://uim-ui.dev.sit.svc.odj.cloud/assets/index-b7f6fc7f.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.124.192.204 Heilbronn, Germany, ASN211768 (SCHWARZ-IT-LEGACY, DE),
Reverse DNS
Software
/
Resource Hash
0958c3914031a7f2aa103e4f367abd8d24a0a4b7a74300364a2081eca62f6c99
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://itdoc.schwarz https://de.sp.kaufland https://de.sp-qs.kaufland https://de.sp-at.kaufland https://de.sp-et.kaufland https://federation-q.auth.schwarz https://hcm12preview.sapsf.eu/ https://mamt.schwarz https://www.securepayment.intercard.de https://sp-backupapps-ui.test.sit.az.odj.cloud/ https://sp-backupapps-ui.dev.sit.az.odj.cloud/ https://a86ytdots.accounts.ondemand.com/ https://oqafckbqw8ruhemdzw8k1uf.authentication.eu11.hana.ondemand.com https://performancemanager5.successfactors.eu https://oqafckbqw8ruhemdzw8k1uf.eu11.analytics.cloud.sap/
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/jwk-set+json, application/json
Referer
https://uim-ui.dev.sit.svc.odj.cloud/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors https://itdoc.schwarz https://de.sp.kaufland https://de.sp-qs.kaufland https://de.sp-at.kaufland https://de.sp-et.kaufland https://federation-q.auth.schwarz https://hcm12preview.sapsf.eu/ https://mamt.schwarz https://www.securepayment.intercard.de https://sp-backupapps-ui.test.sit.az.odj.cloud/ https://sp-backupapps-ui.dev.sit.az.odj.cloud/ https://a86ytdots.accounts.ondemand.com/ https://oqafckbqw8ruhemdzw8k1uf.authentication.eu11.hana.ondemand.com https://performancemanager5.successfactors.eu https://oqafckbqw8ruhemdzw8k1uf.eu11.analytics.cloud.sap/
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Date
Sat, 22 Jun 2024 03:53:42 GMT
X-FRAME-OPTIONS
SAMEORIGIN
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, OPTIONS
Content-Type
application/json
Access-Control-Allow-Origin
https://uim-ui.dev.sit.svc.odj.cloud
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length
2179
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=60
favicon.svg
uim-ui.dev.sit.svc.odj.cloud/ 		2 KB
1001 B 		Other
General
Check archive.org
Download Go to
Full URL
https://uim-ui.dev.sit.svc.odj.cloud/favicon.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.214.160.211 -, , ASN44076 (SCHWARZ-IT, DE),
Reverse DNS
Software
/
Resource Hash
5399fd8e47011df150c4b5d817db49a890ceedacd149689c5ee47860d0342f8d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://uim-ui.dev.sit.svc.odj.cloud/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 22 Jun 2024 03:53:42 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Fri, 21 Jun 2024 09:21:17 GMT
etag
W/"6675460d-67f"
content-type
image/svg+xml
Primary Request authz
federation-q.auth.schwarz/nidp/oauth/nam/ 		86 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://federation-q.auth.schwarz/nidp/oauth/nam/authz?client_id=82379c1c-2c86-4e34-afb8-60cfd6105f4d&redirect_uri=https%3A%2F%2Fuim-ui.dev.sit.svc.odj.cloud&response_type=code&scope=wawi-ium+ium-with-country&state=f6dc6031c74e4ecca7b4663e689edf73&code_challenge=jqjhta3kWmVAc8mrDD7vilGEYHPkRql8hjRRWkScRX4&code_challenge_method=S256&response_mode=query
Requested by
Host: uim-ui.dev.sit.svc.odj.cloud
URL: https://uim-ui.dev.sit.svc.odj.cloud/assets/index-b7f6fc7f.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.124.192.204 Heilbronn, Germany, ASN211768 (SCHWARZ-IT-LEGACY, DE),
Reverse DNS
Software
/
Resource Hash
522b2a665d69b506569a9d4eb12fd715e266fd95abaac15448e047296d71d7c5
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://itdoc.schwarz https://de.sp.kaufland https://de.sp-qs.kaufland https://de.sp-at.kaufland https://de.sp-et.kaufland https://federation-q.auth.schwarz https://hcm12preview.sapsf.eu/ https://mamt.schwarz https://www.securepayment.intercard.de https://sp-backupapps-ui.test.sit.az.odj.cloud/ https://sp-backupapps-ui.dev.sit.az.odj.cloud/ https://a86ytdots.accounts.ondemand.com/ https://oqafckbqw8ruhemdzw8k1uf.authentication.eu11.hana.ondemand.com https://performancemanager5.successfactors.eu https://oqafckbqw8ruhemdzw8k1uf.eu11.analytics.cloud.sap/
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://uim-ui.dev.sit.svc.odj.cloud/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, OPTIONS
Connection
close
Content-Length
86
Content-Security-Policy
frame-ancestors https://itdoc.schwarz https://de.sp.kaufland https://de.sp-qs.kaufland https://de.sp-at.kaufland https://de.sp-et.kaufland https://federation-q.auth.schwarz https://hcm12preview.sapsf.eu/ https://mamt.schwarz https://www.securepayment.intercard.de https://sp-backupapps-ui.test.sit.az.odj.cloud/ https://sp-backupapps-ui.dev.sit.az.odj.cloud/ https://a86ytdots.accounts.ondemand.com/ https://oqafckbqw8ruhemdzw8k1uf.authentication.eu11.hana.ondemand.com https://performancemanager5.successfactors.eu https://oqafckbqw8ruhemdzw8k1uf.eu11.analytics.cloud.sap/
Content-Type
text/plain
Date
Sat, 22 Jun 2024 03:53:43 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-FRAME-OPTIONS
SAMEORIGIN
X-XSS-Protection
1; mode=block
favicon.ico
federation-q.auth.schwarz/ 		120 B
408 B 		Other
General
Check archive.org
Download Go to
Full URL
https://federation-q.auth.schwarz/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.124.192.204 Heilbronn, Germany, ASN211768 (SCHWARZ-IT-LEGACY, DE),
Reverse DNS
Software
/
Resource Hash
67037b80c615b13fefdbd77e334aa36111cfa60d80fb4e387358fd589b686eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://federation-q.auth.schwarz/nidp/oauth/nam/authz?client_id=82379c1c-2c86-4e34-afb8-60cfd6105f4d&redirect_uri=https%3A%2F%2Fuim-ui.dev.sit.svc.odj.cloud&response_type=code&scope=wawi-ium+ium-with-country&state=f6dc6031c74e4ecca7b4663e689edf73&code_challenge=jqjhta3kWmVAc8mrDD7vilGEYHPkRql8hjRRWkScRX4&code_challenge_method=S256&response_mode=query
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000
Date
Sat, 22 Jun 2024 03:53:43 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/html
Connection
keep-alive
Keep-Alive
timeout=60
Content-Length
120
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

4 Cookies

Domain/Path Name / Value
federation-q.auth.schwarz/nidp Name: JSESSIONID
Value: D04ACFF089DEFB7793990C1B222CB813
federation-q.auth.schwarz/nidp Name: TS011f11c2
Value: 0180177b4eb5a8686be1c97b1b9eaf3b4df744b96fc4f04d8a9dd6c62afb24f9b651ed8a28e24558812937bdafbe65443c354683d1
federation-q.auth.schwarz/ Name: lbcookie
Value: !XtDA/mQAhES+rzLDYkfS06Ut7VrlqDvv3AUvocrZLuZv1APcLDqswcWrKIzskqU+RgVU5ZO/jU0MjfA=
federation-q.auth.schwarz/ Name: TS01af31b7
Value: 0180177b4eb5a8686be1c97b1b9eaf3b4df744b96fc4f04d8a9dd6c62afb24f9b651ed8a28e24558812937bdafbe65443c354683d1

2 Console Messages

Source Level URL
Text
network error URL: https://federation-q.auth.schwarz/nidp/oauth/nam/authz?client_id=82379c1c-2c86-4e34-afb8-60cfd6105f4d&redirect_uri=https%3A%2F%2Fuim-ui.dev.sit.svc.odj.cloud&response_type=code&scope=wawi-ium+ium-with-country&state=f6dc6031c74e4ecca7b4663e689edf73&code_challenge=jqjhta3kWmVAc8mrDD7vilGEYHPkRql8hjRRWkScRX4&code_challenge_method=S256&response_mode=query
Message:
Failed to load resource: the server responded with a status of 400 ()
network error URL: https://federation-q.auth.schwarz/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains