Submitted URL: https://jira.bcc.kz/browse/BPRET
Effective URL: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=M3ZnvDWJ0zNW0cVnorJdS6Pe2CgNj4gd_i_VRXA...
Submission: On May 05 via manual from KZ — Scanned from DE

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 91.198.63.150, located in Almaty Oblysy, Kazakhstan and belongs to BCC-AS, KZ. The main domain is dbp.bcc.kz.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on April 26th 2023. Valid for: a year.
This is the only time dbp.bcc.kz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 91.198.63.150 43601 (BCC-AS)
6 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
17 3
Apex Domain
Subdomains
Transfer
11 bcc.kz
jira.bcc.kz
dbp.bcc.kz
137 KB
6 gstatic.com
fonts.gstatic.com
54 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237
25 KB
17 3
Domain Requested by
8 dbp.bcc.kz jira.bcc.kz
dbp.bcc.kz
6 fonts.gstatic.com dbp.bcc.kz
3 jira.bcc.kz 1 redirects jira.bcc.kz
1 cdnjs.cloudflare.com dbp.bcc.kz
17 4

This site contains no links.

Subject Issuer Validity Valid
*.bcc.kz
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-04-26 -
2024-05-24
a year crt.sh
*.gstatic.com
GTS CA 1C3
2024-04-16 -
2024-07-09
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh

This page contains 1 frames:

Primary Page: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=M3ZnvDWJ0zNW0cVnorJdS6Pe2CgNj4gd_i_VRXAxDso&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=zH3P11ZEVNI
Frame ID: 9937BD4808318F40BCC92B51A03D6846
Requests: 17 HTTP requests in this frame

Screenshot

Page Title

BCC ID

Page URL History Show full URLs

  1. https://jira.bcc.kz/browse/BPRET HTTP 302
    https://jira.bcc.kz/login.jsp?os_destination=%2Fbrowse%2FBPRET&permissionViolation=true Page URL
  2. https://dbp.bcc.kz/auth/realms/bank/protocol/openid-connect/auth?scope=openid+profile+email+pho... Page URL
  3. https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=M3ZnvDWJ0zNW0cVnorJ... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

17
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

216 kB
Transfer

474 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://jira.bcc.kz/browse/BPRET HTTP 302
    https://jira.bcc.kz/login.jsp?os_destination=%2Fbrowse%2FBPRET&permissionViolation=true Page URL
  2. https://dbp.bcc.kz/auth/realms/bank/protocol/openid-connect/auth?scope=openid+profile+email+phone&response_type=code&redirect_uri=https%3A%2F%2Fjira.bcc.kz%2Fplugins%2Fservlet%2Foidc%2Fcallback&state=3E5GV10B9K4S8u2G_T4IkxJugSocFdWF9MorKP42vkU&nonce=gLzpytxRotBDa2gcpMGDTkihzDz4B3QmLN-fH8Twz1U&client_id=dbp-channels-jira Page URL
  3. https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=M3ZnvDWJ0zNW0cVnorJdS6Pe2CgNj4gd_i_VRXAxDso&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=zH3P11ZEVNI Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://jira.bcc.kz/browse/BPRET HTTP 302
  • https://jira.bcc.kz/login.jsp?os_destination=%2Fbrowse%2FBPRET&permissionViolation=true

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
login.jsp
jira.bcc.kz/
Redirect Chain
  • https://jira.bcc.kz/browse/BPRET
  • https://jira.bcc.kz/login.jsp?os_destination=%2Fbrowse%2FBPRET&permissionViolation=true
1006 B
2 KB
Document
General
Full URL
https://jira.bcc.kz/login.jsp?os_destination=%2Fbrowse%2FBPRET&permissionViolation=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
02de9d0bb55615506d0b30b00bf4cc57c8b8e5089ad16b6632f8407995af7b77
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000 max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store, must-revalidate
content-security-policy
frame-ancestors 'self'
content-type
text/html;charset=utf-8
date
Sun, 05 May 2024 03:07:23 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
none
strict-transport-security
max-age=31536000 max-age=31536000; includeSubDomains
x-arequestid
487x47533368x1
x-asessionid
1mvk26y
x-ausername
anonymous
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
content-security-policy
frame-ancestors 'self'
content-type
text/html;charset=UTF-8
date
Sun, 05 May 2024 03:07:22 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
/login.jsp?os_destination=%2Fbrowse%2FBPRET&permissionViolation=true
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
none
strict-transport-security
max-age=31536000 max-age=31536000; includeSubDomains
x-arequestid
487x47533367x1
x-asessionid
1mvk26y
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
js.cookie.js
jira.bcc.kz/s/83on5q/920000/13t12t5/4.2.13/_/download/resources/com.atlassian.plugins.authentication.atlassian-authentication-plugin:save-fragment/
4 KB
4 KB
Script
General
Full URL
https://jira.bcc.kz/s/83on5q/920000/13t12t5/4.2.13/_/download/resources/com.atlassian.plugins.authentication.atlassian-authentication-plugin:save-fragment/js.cookie.js
Requested by
Host: jira.bcc.kz
URL: https://jira.bcc.kz/login.jsp?os_destination=%2Fbrowse%2FBPRET&permissionViolation=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
3fc8d8f8c09ee97d9c8cd4a6178ad0bd921a9cbe55c14513e0c06738c9dc8d15
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://jira.bcc.kz/login.jsp?os_destination=%2Fbrowse%2FBPRET&permissionViolation=true
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:07:23 GMT
content-security-policy
frame-ancestors 'self'
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 20 Jan 1970 18:48:18 GMT
server
none
strict-transport-security
max-age=31536000, max-age=31536000; includeSubDomains
x-arequestid
487x47533369x1
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=31536000, public
x-asessionid
1mvk26y
x-xss-protection
1; mode=block
expires
Mon, 05 May 2025 03:07:23 GMT
auth
dbp.bcc.kz/auth/realms/bank/protocol/openid-connect/
603 B
2 KB
Document
General
Full URL
https://dbp.bcc.kz/auth/realms/bank/protocol/openid-connect/auth?scope=openid+profile+email+phone&response_type=code&redirect_uri=https%3A%2F%2Fjira.bcc.kz%2Fplugins%2Fservlet%2Foidc%2Fcallback&state=3E5GV10B9K4S8u2G_T4IkxJugSocFdWF9MorKP42vkU&nonce=gLzpytxRotBDa2gcpMGDTkihzDz4B3QmLN-fH8Twz1U&client_id=dbp-channels-jira
Requested by
Host: jira.bcc.kz
URL: https://jira.bcc.kz/login.jsp?os_destination=%2Fbrowse%2FBPRET&permissionViolation=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
fe3145e905ff3f2a41fe936854485d10e0b1ff575e2d739086ebbd24e0bdd69f
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://jira.bcc.kz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, must-revalidate, max-age=0
content-length
603
content-security-policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
content-type
text/html;charset=UTF-8
date
Sun, 05 May 2024 03:07:23 GMT
referrer-policy
no-referrer
server
none
strict-transport-security
max-age=31536000; includeSubDomains
www-authenticate
Negotiate
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
none
x-xss-protection
1; mode=block
Primary Request authenticate
dbp.bcc.kz/auth/realms/bank/login-actions/
8 KB
8 KB
Document
General
Full URL
https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=M3ZnvDWJ0zNW0cVnorJdS6Pe2CgNj4gd_i_VRXAxDso&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=zH3P11ZEVNI
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
6374fb4fa8ec6c25423604303de40c60d5c641cf383c71bea23ddcbe6d4b4c8a
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Content-Type
application/x-www-form-urlencoded
Origin
null
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, must-revalidate, max-age=0
content-language
en
content-length
8082
content-security-policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
content-type
text/html;charset=utf-8
date
Sun, 05 May 2024 03:07:24 GMT
referrer-policy
no-referrer
server
none
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
none
x-xss-protection
1; mode=block 1; mode=block
favicon.ico
dbp.bcc.kz/
4 KB
4 KB
Other
General
Full URL
https://dbp.bcc.kz/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:07:24 GMT
last-modified
Thu, 02 May 2024 10:09:13 GMT
server
none
etag
"66336649-10be"
content-type
image/x-icon
cache-control
private
accept-ranges
bytes
content-length
4286
x-xss-protection
1; mode=block
bundle.min.css
dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/
237 KB
33 KB
Stylesheet
General
Full URL
https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=M3ZnvDWJ0zNW0cVnorJdS6Pe2CgNj4gd_i_VRXAxDso&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=zH3P11ZEVNI
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
be1c691296013de7a7b5630d6efed86b05a9f2b72fd657f365b47cbc05d5516e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:07:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
server
none
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
x-xss-protection
1; mode=block, 1; mode=block
bcc-logo.svg
dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/
5 KB
2 KB
Image
General
Full URL
https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/bcc-logo.svg
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=M3ZnvDWJ0zNW0cVnorJdS6Pe2CgNj4gd_i_VRXAxDso&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=zH3P11ZEVNI
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
58771b8294ec612a7f6e4b6303eac5edf56a47aaeb43440fd9485072cdc3f12b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:07:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
server
none
content-type
image/svg+xml
cache-control
max-age=2592000
content-length
1762
x-xss-protection
1; mode=block, 1; mode=block
login.min.js
dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/js/
60 KB
16 KB
Script
General
Full URL
https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/js/login.min.js
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=M3ZnvDWJ0zNW0cVnorJdS6Pe2CgNj4gd_i_VRXAxDso&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=zH3P11ZEVNI
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
2345d5b1bfb1083e39a88e6ab388834e1d3bb6b4c7e5bb3e0408de8ae979de2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:07:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
server
none
content-type
text/javascript;charset=UTF-8
cache-control
max-age=2592000
x-xss-protection
1; mode=block, 1; mode=block
bg.jpg
dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/
62 KB
62 KB
Image
General
Full URL
https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/bg.jpg
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
7bd234b0b3fad83cbc77c933964309f9aef6fc10f5405f93063fce083249d04a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:07:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
server
none
content-type
image/jpeg
cache-control
max-age=2592000
x-xss-protection
1; mode=block, 1; mode=block
6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwkxdu3cOWxy40.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
7 KB
7 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwkxdu3cOWxy40.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
21d211014b47511ff2c18091a1b901e67b13eb0f97a66e38688fd456abfd24a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:07:24 GMT
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7052
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:54:53 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 05 May 2025 03:07:24 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lujVj9_mf.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
7 KB
7 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lujVj9_mf.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0acd59e18ef9ca4f55b04271a6121d58e6f7044ea91395054dd52d5caf2a7a55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 09:11:53 GMT
x-content-type-options
nosniff
age
410131
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7448
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:08:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Apr 2025 09:11:53 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxdu3cOWxy40.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
7 KB
7 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxdu3cOWxy40.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fbee536fb46bd1af26b3cea7359f5c2f018eeb5fd6167ae3f5849ec45b29db70
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 18:30:26 GMT
x-content-type-options
nosniff
age
31018
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7324
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 04 May 2025 18:30:26 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxdu3cOWxy40.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
7 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxdu3cOWxy40.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
77bded4f6447cc93370a65d50e1b1811e81e032aefd45d0acc952ceec49260c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 03:18:33 GMT
x-content-type-options
nosniff
age
431331
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7360
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:14:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Apr 2025 03:18:33 GMT
fa-regular-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/webfonts/
24 KB
25 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/webfonts/fa-regular-400.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ba24c4138c4c3cfe694a8fc8943b8ce21b9bfbb14edcb290b8654fcaa365d6b
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:07:24 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4520757
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
24840
last-modified
Tue, 07 Feb 2023 20:06:13 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"63e2af35-6108"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o37%2F79sg2aRD0KORd6kArnAwyOJNrts6rFRdJ%2FgD6MLm1ZggJH%2FOrcPGaq6qvCzD1tcCwP7%2B2Hhl5TZwKSOUKC3PdobPqLFx5FU%2Bh6XMGzgmltMHbpBQRxExvvGiz1o7MDMZAox8PRLOvO7hS26mnhBq"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
87ed85261aa51915-FRA
expires
Fri, 25 Apr 2025 03:07:24 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 14:33:11 GMT
x-content-type-options
nosniff
age
218053
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13036
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:01:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 02 May 2025 14:33:11 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdu3cOWxw.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
080e18a8c761c3d30b7ec08aa65f87109a0228367eafd0a12fcefda58d10e8ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 19:54:52 GMT
x-content-type-options
nosniff
age
457952
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12408
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 29 Apr 2025 19:54:52 GMT
favicon.ico
dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/
15 KB
3 KB
Other
General
Full URL
https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
932e07bcc59bab0464c7de5ca59963eff3c02cb74bb571afeea830b4947a37a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:07:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
server
none
content-type
application/octet-stream
cache-control
max-age=2592000
content-length
2583
x-xss-protection
1; mode=block, 1; mode=block

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| element object| maskOptions object| mask function| showPassword function| IMask object| formOtpMainForm undefined| kcInputFormOtpMainForm undefined| kcFormOtpMainForm object| kcFormErrorMessage object| kcFormInfoMessage object| alertDangerId

8 Cookies

Domain/Path Name / Value
dbp.bcc.kz/auth/realms/bank/ Name: AUTH_SESSION_ID
Value: 5b2deaf1-ddc6-4f07-938f-84deee7322eb.keycloak-0-27780
dbp.bcc.kz/auth/realms/bank/ Name: AUTH_SESSION_ID_LEGACY
Value: 5b2deaf1-ddc6-4f07-938f-84deee7322eb.keycloak-0-27780
dbp.bcc.kz/auth/realms/bank/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmZGY2YWYwZi0zNjJlLTQ2YmYtOTdkMS0zMDYxMTdmMDI5YWMifQ.eyJjaWQiOiJkYnAtY2hhbm5lbHMtamlyYSIsInB0eSI6Im9wZW5pZC1jb25uZWN0IiwicnVyaSI6Imh0dHBzOi8vamlyYS5iY2Mua3ovcGx1Z2lucy9zZXJ2bGV0L29pZGMvY2FsbGJhY2siLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIHBob25lIiwiaXNzIjoiaHR0cHM6Ly9kYnAuYmNjLmt6L2F1dGgvcmVhbG1zL2JhbmsiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vamlyYS5iY2Mua3ovcGx1Z2lucy9zZXJ2bGV0L29pZGMvY2FsbGJhY2siLCJzdGF0ZSI6IjNFNUdWMTBCOUs0Uzh1MkdfVDRJa3hKdWdTb2NGZFdGOU1vcktQNDJ2a1UiLCJub25jZSI6ImdMenB5dHhSb3RCRGEyZ2NwTUdEVGtpaHpEejRCM1FtTE4tZkg4VHd6MVUifX0.Hd2X1dZKctN7BT0LDr5mUROmrA_rSDVfU3bz6j45DgA
jira.bcc.kz/ Name: JSESSIONID
Value: 5C22EB9A6AEB97B767D7FD271E610E28
jira.bcc.kz/ Name: atlassian.xsrf.token
Value: B5MA-5E92-7VJL-2O3S_9dd4c305b70c48db04e3a7e1a83723e891733aeb_lout
jira.bcc.kz/ Name: session-data-3E5GV10B9K4S8u2G_T4IkxJugSocFdWF9MorKP42vkU
Value:
dbp.bcc.kz/ Name: cd570b9d8288f03169b6ff1f0f092eeb
Value: 0c026ff57416d461fd98462d6a2f3abe
dbp.bcc.kz/ Name: 44b31a88fe4f1c112f34d1d5f43e9996
Value: 24685c843be183c4db5577f8baaecab3

2 Console Messages

Source Level URL
Text
network error URL: https://dbp.bcc.kz/auth/realms/bank/protocol/openid-connect/auth?scope=openid+profile+email+phone&response_type=code&redirect_uri=https%3A%2F%2Fjira.bcc.kz%2Fplugins%2Fservlet%2Foidc%2Fcallback&state=3E5GV10B9K4S8u2G_T4IkxJugSocFdWF9MorKP42vkU&nonce=gLzpytxRotBDa2gcpMGDTkihzDz4B3QmLN-fH8Twz1U&client_id=dbp-channels-jira
Message:
Failed to load resource: the server responded with a status of 401 ()
recommendation verbose URL: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?execution=f81b5172-3b1a-4eed-a46e-034db8ab5684&client_id=dbp-channels-jira&tab_id=zH3P11ZEVNI
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000 max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block