Submitted URL: https://jira.bcc.kz/browse/BPRET-22390
Effective URL: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=7FsLSsosJkZlkscY9-tKi_jCfCiHBw0DJqO9U2b...
Submission: On May 05 via manual from KZ — Scanned from DE

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 91.198.63.150, located in Almaty Oblysy, Kazakhstan and belongs to BCC-AS, KZ. The main domain is dbp.bcc.kz.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on April 26th 2023. Valid for: a year.
This is the only time dbp.bcc.kz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 91.198.63.150 43601 (BCC-AS)
6 2a00:1450:400... 15169 (GOOGLE)
1 104.17.25.14 13335 (CLOUDFLAR...)
17 3
Apex Domain
Subdomains
Transfer
11 bcc.kz
jira.bcc.kz
dbp.bcc.kz
137 KB
6 gstatic.com
fonts.gstatic.com
54 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237
25 KB
17 3
Domain Requested by
8 dbp.bcc.kz jira.bcc.kz
dbp.bcc.kz
6 fonts.gstatic.com dbp.bcc.kz
3 jira.bcc.kz 1 redirects jira.bcc.kz
1 cdnjs.cloudflare.com dbp.bcc.kz
17 4

This site contains no links.

Subject Issuer Validity Valid
*.bcc.kz
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-04-26 -
2024-05-24
a year crt.sh
*.gstatic.com
GTS CA 1C3
2024-04-16 -
2024-07-09
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh

This page contains 1 frames:

Primary Page: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=7FsLSsosJkZlkscY9-tKi_jCfCiHBw0DJqO9U2bNMOc&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=i_tuvmLHO7Y
Frame ID: DFC23E9A3491A109356EC14E139E2523
Requests: 17 HTTP requests in this frame

Screenshot

Page Title

BCC ID

Page URL History Show full URLs

  1. https://jira.bcc.kz/browse/BPRET-22390 HTTP 302
    https://jira.bcc.kz/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FBPRET-22390&pa... Page URL
  2. https://dbp.bcc.kz/auth/realms/bank/protocol/openid-connect/auth?scope=openid+profile+email+pho... Page URL
  3. https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=7FsLSsosJkZlkscY9-t... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

17
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

216 kB
Transfer

474 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://jira.bcc.kz/browse/BPRET-22390 HTTP 302
    https://jira.bcc.kz/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FBPRET-22390&page_caps=&user_role= Page URL
  2. https://dbp.bcc.kz/auth/realms/bank/protocol/openid-connect/auth?scope=openid+profile+email+phone&response_type=code&redirect_uri=https%3A%2F%2Fjira.bcc.kz%2Fplugins%2Fservlet%2Foidc%2Fcallback&state=4K5Rq3Bx_LcvQn63-5VsfI1K7DKcqvhmeA0Zn4xwdTg&nonce=_-0j5Jc4NFDsh-1c1k3CbRtStWGeva21NLRYVqPkF7w&client_id=dbp-channels-jira Page URL
  3. https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=7FsLSsosJkZlkscY9-tKi_jCfCiHBw0DJqO9U2bNMOc&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=i_tuvmLHO7Y Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://jira.bcc.kz/browse/BPRET-22390 HTTP 302
  • https://jira.bcc.kz/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FBPRET-22390&page_caps=&user_role=

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
login.jsp
jira.bcc.kz/
Redirect Chain
  • https://jira.bcc.kz/browse/BPRET-22390
  • https://jira.bcc.kz/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FBPRET-22390&page_caps=&user_role=
1006 B
2 KB
Document
General
Full URL
https://jira.bcc.kz/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FBPRET-22390&page_caps=&user_role=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
91da8f53e04146167b523ab3a50dea1138a5cdeef04b72e5bb2318e7fcd2b6e2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000 max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store, must-revalidate
content-security-policy
frame-ancestors 'self'
content-type
text/html;charset=utf-8
date
Sun, 05 May 2024 03:08:25 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
none
strict-transport-security
max-age=31536000 max-age=31536000; includeSubDomains
x-arequestid
488x47533402x2
x-asessionid
wsndbr
x-ausername
anonymous
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
content-security-policy
frame-ancestors 'self'
content-type
text/html;charset=UTF-8
date
Sun, 05 May 2024 03:08:25 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FBPRET-22390&page_caps=&user_role=
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
none
strict-transport-security
max-age=31536000 max-age=31536000; includeSubDomains
x-arequestid
488x47533401x2
x-asessionid
wsndbr
x-ausername
anonymous
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
js.cookie.js
jira.bcc.kz/s/83on5q/920000/13t12t5/4.2.13/_/download/resources/com.atlassian.plugins.authentication.atlassian-authentication-plugin:save-fragment/
4 KB
4 KB
Script
General
Full URL
https://jira.bcc.kz/s/83on5q/920000/13t12t5/4.2.13/_/download/resources/com.atlassian.plugins.authentication.atlassian-authentication-plugin:save-fragment/js.cookie.js
Requested by
Host: jira.bcc.kz
URL: https://jira.bcc.kz/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FBPRET-22390&page_caps=&user_role=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
3fc8d8f8c09ee97d9c8cd4a6178ad0bd921a9cbe55c14513e0c06738c9dc8d15
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://jira.bcc.kz/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FBPRET-22390&page_caps=&user_role=
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:08:26 GMT
content-security-policy
frame-ancestors 'self'
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 20 Jan 1970 18:48:18 GMT
server
none
strict-transport-security
max-age=31536000, max-age=31536000; includeSubDomains
x-arequestid
488x47533403x2
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=31536000, public
x-asessionid
wsndbr
x-xss-protection
1; mode=block
expires
Mon, 05 May 2025 03:08:26 GMT
auth
dbp.bcc.kz/auth/realms/bank/protocol/openid-connect/
603 B
2 KB
Document
General
Full URL
https://dbp.bcc.kz/auth/realms/bank/protocol/openid-connect/auth?scope=openid+profile+email+phone&response_type=code&redirect_uri=https%3A%2F%2Fjira.bcc.kz%2Fplugins%2Fservlet%2Foidc%2Fcallback&state=4K5Rq3Bx_LcvQn63-5VsfI1K7DKcqvhmeA0Zn4xwdTg&nonce=_-0j5Jc4NFDsh-1c1k3CbRtStWGeva21NLRYVqPkF7w&client_id=dbp-channels-jira
Requested by
Host: jira.bcc.kz
URL: https://jira.bcc.kz/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FBPRET-22390&page_caps=&user_role=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
835ee84409a4e35775044f4247db78bf5890404d6f1a1991686ac1554e6671c9
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://jira.bcc.kz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, must-revalidate, max-age=0
content-length
603
content-security-policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
content-type
text/html;charset=UTF-8
date
Sun, 05 May 2024 03:08:26 GMT
referrer-policy
no-referrer
server
none
strict-transport-security
max-age=31536000; includeSubDomains
www-authenticate
Negotiate
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
none
x-xss-protection
1; mode=block
Primary Request authenticate
dbp.bcc.kz/auth/realms/bank/login-actions/
8 KB
8 KB
Document
General
Full URL
https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=7FsLSsosJkZlkscY9-tKi_jCfCiHBw0DJqO9U2bNMOc&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=i_tuvmLHO7Y
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
b02169d5de64e4267499b831c53e2179a2c39db91173e7a41b81c2c6e919e820
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Content-Type
application/x-www-form-urlencoded
Origin
null
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, must-revalidate, max-age=0
content-language
en
content-length
8082
content-security-policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
content-type
text/html;charset=utf-8
date
Sun, 05 May 2024 03:08:27 GMT
referrer-policy
no-referrer
server
none
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
none
x-xss-protection
1; mode=block 1; mode=block
favicon.ico
dbp.bcc.kz/
4 KB
4 KB
Other
General
Full URL
https://dbp.bcc.kz/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:08:27 GMT
last-modified
Thu, 02 May 2024 10:09:13 GMT
server
none
etag
"66336649-10be"
content-type
image/x-icon
cache-control
private
accept-ranges
bytes
content-length
4286
x-xss-protection
1; mode=block
bundle.min.css
dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/
237 KB
33 KB
Stylesheet
General
Full URL
https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=7FsLSsosJkZlkscY9-tKi_jCfCiHBw0DJqO9U2bNMOc&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=i_tuvmLHO7Y
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
be1c691296013de7a7b5630d6efed86b05a9f2b72fd657f365b47cbc05d5516e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:08:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
server
none
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
x-xss-protection
1; mode=block, 1; mode=block
bcc-logo.svg
dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/
5 KB
2 KB
Image
General
Full URL
https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/bcc-logo.svg
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=7FsLSsosJkZlkscY9-tKi_jCfCiHBw0DJqO9U2bNMOc&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=i_tuvmLHO7Y
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
58771b8294ec612a7f6e4b6303eac5edf56a47aaeb43440fd9485072cdc3f12b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:08:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
server
none
content-type
image/svg+xml
cache-control
max-age=2592000
content-length
1762
x-xss-protection
1; mode=block, 1; mode=block
login.min.js
dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/js/
60 KB
16 KB
Script
General
Full URL
https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/js/login.min.js
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?session_code=7FsLSsosJkZlkscY9-tKi_jCfCiHBw0DJqO9U2bNMOc&execution=2e2f3a0d-61f4-4b1d-afa7-68a18bcf2189&client_id=dbp-channels-jira&tab_id=i_tuvmLHO7Y
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
2345d5b1bfb1083e39a88e6ab388834e1d3bb6b4c7e5bb3e0408de8ae979de2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:08:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
server
none
content-type
text/javascript;charset=UTF-8
cache-control
max-age=2592000
x-xss-protection
1; mode=block, 1; mode=block
bg.jpg
dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/
62 KB
62 KB
Image
General
Full URL
https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/bg.jpg
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
7bd234b0b3fad83cbc77c933964309f9aef6fc10f5405f93063fce083249d04a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:08:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
server
none
content-type
image/jpeg
cache-control
max-age=2592000
x-xss-protection
1; mode=block, 1; mode=block
6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwkxdu3cOWxy40.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
7 KB
7 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwkxdu3cOWxy40.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
21d211014b47511ff2c18091a1b901e67b13eb0f97a66e38688fd456abfd24a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:07:24 GMT
x-content-type-options
nosniff
age
63
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7052
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:54:53 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 05 May 2025 03:07:24 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lujVj9_mf.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
7 KB
7 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lujVj9_mf.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0acd59e18ef9ca4f55b04271a6121d58e6f7044ea91395054dd52d5caf2a7a55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 09:11:53 GMT
x-content-type-options
nosniff
age
410194
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7448
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:08:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Apr 2025 09:11:53 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxdu3cOWxy40.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
7 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxdu3cOWxy40.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fbee536fb46bd1af26b3cea7359f5c2f018eeb5fd6167ae3f5849ec45b29db70
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 18:30:26 GMT
x-content-type-options
nosniff
age
31081
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7324
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 04 May 2025 18:30:26 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxdu3cOWxy40.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
7 KB
7 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxdu3cOWxy40.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
77bded4f6447cc93370a65d50e1b1811e81e032aefd45d0acc952ceec49260c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 03:18:33 GMT
x-content-type-options
nosniff
age
431394
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7360
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:14:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Apr 2025 03:18:33 GMT
fa-regular-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/webfonts/
24 KB
25 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/webfonts/fa-regular-400.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ba24c4138c4c3cfe694a8fc8943b8ce21b9bfbb14edcb290b8654fcaa365d6b
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:08:27 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
284465
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
24840
last-modified
Tue, 07 Feb 2023 20:06:13 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"63e2af35-6108"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FLzfBO%2B7t0FKxcn6ghZjK54O6Y2f3T5pQodwi2O5eIxHTZinegFdgktWD%2FOkIENjK5ySHHJdt4xTnVubmDHX43bU3d88L8rPZQtaJ7MXekbokt%2FOIwbj6C%2FuWlND9thpD8NyyvOJ"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
87ed86b0da2f929e-CPH
expires
Fri, 25 Apr 2025 03:08:27 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 14:33:11 GMT
x-content-type-options
nosniff
age
218116
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13036
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:01:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 02 May 2025 14:33:11 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdu3cOWxw.woff2
Requested by
Host: dbp.bcc.kz
URL: https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/css/bundle.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
080e18a8c761c3d30b7ec08aa65f87109a0228367eafd0a12fcefda58d10e8ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://dbp.bcc.kz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 19:54:52 GMT
x-content-type-options
nosniff
age
458015
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12408
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 29 Apr 2025 19:54:52 GMT
favicon.ico
dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/
15 KB
3 KB
Other
General
Full URL
https://dbp.bcc.kz/auth/resources/5n0vz/login/dbp-keycloak-bcc-theme-1.0.0/dist/img/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.198.63.150 Almaty Oblysy, Kazakhstan, ASN43601 (BCC-AS, KZ),
Reverse DNS
Software
none /
Resource Hash
932e07bcc59bab0464c7de5ca59963eff3c02cb74bb571afeea830b4947a37a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 03:08:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
no-referrer
x-content-type-options
nosniff
content-encoding
gzip
server
none
content-type
application/octet-stream
cache-control
max-age=2592000
content-length
2583
x-xss-protection
1; mode=block, 1; mode=block

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| element object| maskOptions object| mask function| showPassword function| IMask object| formOtpMainForm undefined| kcInputFormOtpMainForm undefined| kcFormOtpMainForm object| kcFormErrorMessage object| kcFormInfoMessage object| alertDangerId

8 Cookies

Domain/Path Name / Value
dbp.bcc.kz/auth/realms/bank/ Name: AUTH_SESSION_ID
Value: cf8d46fe-6750-4f08-957e-08cbcb291a11.keycloak-2-47601
dbp.bcc.kz/auth/realms/bank/ Name: AUTH_SESSION_ID_LEGACY
Value: cf8d46fe-6750-4f08-957e-08cbcb291a11.keycloak-2-47601
dbp.bcc.kz/auth/realms/bank/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmZGY2YWYwZi0zNjJlLTQ2YmYtOTdkMS0zMDYxMTdmMDI5YWMifQ.eyJjaWQiOiJkYnAtY2hhbm5lbHMtamlyYSIsInB0eSI6Im9wZW5pZC1jb25uZWN0IiwicnVyaSI6Imh0dHBzOi8vamlyYS5iY2Mua3ovcGx1Z2lucy9zZXJ2bGV0L29pZGMvY2FsbGJhY2siLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIHBob25lIiwiaXNzIjoiaHR0cHM6Ly9kYnAuYmNjLmt6L2F1dGgvcmVhbG1zL2JhbmsiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vamlyYS5iY2Mua3ovcGx1Z2lucy9zZXJ2bGV0L29pZGMvY2FsbGJhY2siLCJzdGF0ZSI6IjRLNVJxM0J4X0xjdlFuNjMtNVZzZkkxSzdES2NxdmhtZUEwWm40eHdkVGciLCJub25jZSI6Il8tMGo1SmM0TkZEc2gtMWMxazNDYlJ0U3RXR2V2YTIxTkxSWVZxUGtGN3cifX0.60qGsemAeZ7iLVlH3s9vW_XrhtPt46X4E5hiW92uwrw
jira.bcc.kz/ Name: JSESSIONID
Value: F13FE623165D92C7BF2FDBC27489B2AB
jira.bcc.kz/ Name: atlassian.xsrf.token
Value: B5MA-5E92-7VJL-2O3S_1a746f37904f73d691308ad213f29492d7da0192_lout
jira.bcc.kz/ Name: session-data-4K5Rq3Bx_LcvQn63-5VsfI1K7DKcqvhmeA0Zn4xwdTg
Value:
dbp.bcc.kz/ Name: cd570b9d8288f03169b6ff1f0f092eeb
Value: d706159dcac48601d5a8dc6df93d4fe2
dbp.bcc.kz/ Name: 44b31a88fe4f1c112f34d1d5f43e9996
Value: 24685c843be183c4db5577f8baaecab3

2 Console Messages

Source Level URL
Text
network error URL: https://dbp.bcc.kz/auth/realms/bank/protocol/openid-connect/auth?scope=openid+profile+email+phone&response_type=code&redirect_uri=https%3A%2F%2Fjira.bcc.kz%2Fplugins%2Fservlet%2Foidc%2Fcallback&state=4K5Rq3Bx_LcvQn63-5VsfI1K7DKcqvhmeA0Zn4xwdTg&nonce=_-0j5Jc4NFDsh-1c1k3CbRtStWGeva21NLRYVqPkF7w&client_id=dbp-channels-jira
Message:
Failed to load resource: the server responded with a status of 401 ()
recommendation verbose URL: https://dbp.bcc.kz/auth/realms/bank/login-actions/authenticate?execution=f81b5172-3b1a-4eed-a46e-034db8ab5684&client_id=dbp-channels-jira&tab_id=i_tuvmLHO7Y
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000 max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block