Submitted URL: https://smail.mbank.pl/b/b.e?r=SATPOL%40INTERIA.PL&n=75YQOO53RpxAuzhcwPyeaw%3D%3D
Effective URL: https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Submission: On May 23 via manual from PL — Scanned from PL

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 195.42.249.48, located in Poland and belongs to MBANK-SA, PL. The main domain is smail.mbank.pl.
TLS certificate: Issued by DigiCert EV RSA CA G2 on May 7th 2024. Valid for: 5 months.
This is the only time smail.mbank.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 18 195.42.249.48 13274 (MBANK-SA)
11 1
Apex Domain
Subdomains
Transfer
18 mbank.pl
smail.mbank.pl
290 KB
11 1
Domain Requested by
18 smail.mbank.pl 7 redirects smail.mbank.pl
11 1

This site contains no links.

Subject Issuer Validity Valid
smail.mbank.pl
DigiCert EV RSA CA G2
2024-05-07 -
2024-09-23
5 months crt.sh

This page contains 1 frames:

Primary Page: https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Frame ID: D4B2B796056B689C0B1A2D2DD368D592
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Symantec Encryption Server: Web Email Protection - Reset hasła

Page URL History Show full URLs

  1. https://smail.mbank.pl/b/b.e?r=SATPOL%40INTERIA.PL&n=75YQOO53RpxAuzhcwPyeaw%3D%3D HTTP 302
    https://smail.mbank.pl/b/l.e?r=SATPOL%40INTERIA.PL&n=75YQOO53RpxAuzhcwPyeaw%3D%3D HTTP 302
    https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT Page URL

Page Statistics

11
Requests

55 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

286 kB
Transfer

281 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://smail.mbank.pl/b/b.e?r=SATPOL%40INTERIA.PL&n=75YQOO53RpxAuzhcwPyeaw%3D%3D HTTP 302
    https://smail.mbank.pl/b/l.e?r=SATPOL%40INTERIA.PL&n=75YQOO53RpxAuzhcwPyeaw%3D%3D HTTP 302
    https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://smail.mbank.pl/b/images/mbank.png HTTP 302
  • https://smail.mbank.pl/wm/images/mbank.png
Request Chain 6
  • https://smail.mbank.pl/b/images/bg_content.png HTTP 302
  • https://smail.mbank.pl/wm/images/bg_content.png
Request Chain 7
  • https://smail.mbank.pl/b/images/error_row_icon.gif HTTP 302
  • https://smail.mbank.pl/wm/images/error_row_icon.gif
Request Chain 8
  • https://smail.mbank.pl/b/images/open-sans-v14-latin_latin-ext-regular.woff HTTP 302
  • https://smail.mbank.pl/wm/images/open-sans-v14-latin_latin-ext-regular.woff
Request Chain 9
  • https://smail.mbank.pl/b/images/favicon.ico?OWASP_CSRFTOKEN=7VYD-0SOM-N2UD-1RHK-5PIA-4NU8-03HT-2F11 HTTP 302
  • https://smail.mbank.pl/wm/images/favicon.ico?OWASP_CSRFTOKEN=7VYD-0SOM-N2UD-1RHK-5PIA-4NU8-03HT-2F11

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request ir.e
smail.mbank.pl/b/
Redirect Chain
  • https://smail.mbank.pl/b/b.e?r=SATPOL%40INTERIA.PL&n=75YQOO53RpxAuzhcwPyeaw%3D%3D
  • https://smail.mbank.pl/b/l.e?r=SATPOL%40INTERIA.PL&n=75YQOO53RpxAuzhcwPyeaw%3D%3D
  • https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
5 KB
5 KB
Document
General
Full URL
https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.42.249.48 , Poland, ASN13274 (MBANK-SA, PL),
Reverse DNS
Software
/
Resource Hash
0d38d614626f5f642453452ffaaeabc86071121d863195a72a27e7a134b730ac
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; object-src blob:; style-src 'unsafe-inline' 'self';
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-store, no-cache, max-age=0 no-cache
Connection
Keep-Alive
Content-Length
4968
Content-Security-Policy
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; object-src blob:; style-src 'unsafe-inline' 'self';
Content-Type
text/html;charset=UTF-8
Date
Thu, 23 May 2024 08:28:06 GMT
Keep-Alive
timeout=120, max=98
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-store, no-cache, max-age=0 no-store, no-cache, max-age=0
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; object-src blob:; style-src 'unsafe-inline' 'self';
Date
Thu, 23 May 2024 08:28:06 GMT
Keep-Alive
timeout=120, max=99
Location
/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block
WMStylesheet.css
smail.mbank.pl/b/
34 KB
35 KB
Stylesheet
General
Full URL
https://smail.mbank.pl/b/WMStylesheet.css
Requested by
Host: smail.mbank.pl
URL: https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.42.249.48 , Poland, ASN13274 (MBANK-SA, PL),
Reverse DNS
Software
/
Resource Hash
3372a3a2a7da9c5be942c94c891e840cb9af89106bef172f961746fb8681bcd1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 17 May 2024 19:07:06 GMT
ETag
W/"35295-1715972826000"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=120, max=97
Content-Length
35295
X-XSS-Protection
1; mode=block
styles.css
smail.mbank.pl/b/
17 KB
18 KB
Stylesheet
General
Full URL
https://smail.mbank.pl/b/styles.css
Requested by
Host: smail.mbank.pl
URL: https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.42.249.48 , Poland, ASN13274 (MBANK-SA, PL),
Reverse DNS
Software
/
Resource Hash
2d3bb9ee6a0aeb32e143e5c12f30015ea56b4f5403128507bdbf377b4c4ee9de
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 17 May 2024 19:07:06 GMT
ETag
W/"17695-1715972826000"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=120, max=100
Content-Length
17695
X-XSS-Protection
1; mode=block
GlobalJS.js
smail.mbank.pl/b/
171 KB
171 KB
Script
General
Full URL
https://smail.mbank.pl/b/GlobalJS.js
Requested by
Host: smail.mbank.pl
URL: https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.42.249.48 , Poland, ASN13274 (MBANK-SA, PL),
Reverse DNS
Software
/
Resource Hash
c6a47382d3f19d3ef05bd3887384e9ad941a9983409ed1abd6b5ed4d7def00a9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
Last-Modified
Wed, 02 Mar 2022 02:20:54 GMT
ETag
W/"174893-1646187654000"
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=120, max=100
Content-Length
174893
X-XSS-Protection
1; mode=block
WMJavascript.js
smail.mbank.pl/b/
13 KB
14 KB
Script
General
Full URL
https://smail.mbank.pl/b/WMJavascript.js
Requested by
Host: smail.mbank.pl
URL: https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.42.249.48 , Poland, ASN13274 (MBANK-SA, PL),
Reverse DNS
Software
/
Resource Hash
ab620597e176612af2e641ac0da889430f798edbb6f7081e84dc5ba6a3af80ed
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 17 May 2024 19:07:06 GMT
ETag
W/"13709-1715972826000"
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=120, max=96
Content-Length
13709
X-XSS-Protection
1; mode=block
JavaScriptServlet
smail.mbank.pl/b/
12 KB
13 KB
Script
General
Full URL
https://smail.mbank.pl/b/JavaScriptServlet
Requested by
Host: smail.mbank.pl
URL: https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.42.249.48 , Poland, ASN13274 (MBANK-SA, PL),
Reverse DNS
Software
/
Resource Hash
001993774aee51c439b87dab1548e8d9c3a083e5137f3b49bc8ab3a24c7ffddd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Accept-Language
pl-PL,pl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/javascript
Cache-Control
no-store, no-cache, max-age=0, private, maxage=28800
Connection
Keep-Alive
Keep-Alive
timeout=120, max=100
X-XSS-Protection
1; mode=block
mbank.png
smail.mbank.pl/wm/images/
Redirect Chain
  • https://smail.mbank.pl/b/images/mbank.png
  • https://smail.mbank.pl/wm/images/mbank.png
2 KB
3 KB
Image
General
Full URL
https://smail.mbank.pl/wm/images/mbank.png
Requested by
Host: smail.mbank.pl
URL: https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
Protocol
HTTP/1.1
Server
195.42.249.48 , Poland, ASN13274 (MBANK-SA, PL),
Reverse DNS
Software
/
Resource Hash
6953db8427cec9ec316e5fff7cbf4df99b8bc3b40559677cedb77bbb08491b6e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 17 May 2024 19:06:58 GMT
ETag
"994-618ab0e47ffa6"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=120, max=98
Content-Length
2452
X-XSS-Protection
1; mode=block

Redirect headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
Location
https://smail.mbank.pl:443/wm/images/mbank.png
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=120, max=99
Content-Length
230
X-XSS-Protection
1; mode=block
bg_content.png
smail.mbank.pl/wm/images/
Redirect Chain
  • https://smail.mbank.pl/b/images/bg_content.png
  • https://smail.mbank.pl/wm/images/bg_content.png
975 B
1 KB
Image
General
Full URL
https://smail.mbank.pl/wm/images/bg_content.png
Requested by
Host: smail.mbank.pl
URL: https://smail.mbank.pl/b/WMStylesheet.css
Protocol
HTTP/1.1
Server
195.42.249.48 , Poland, ASN13274 (MBANK-SA, PL),
Reverse DNS
Software
/
Resource Hash
2bb52ea9d47078e87e44025280e98b753cd8c7a2968d810904b7af5f93c8dee6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://smail.mbank.pl/b/WMStylesheet.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 17 May 2024 19:06:58 GMT
ETag
"3cf-618ab0e47ec1e"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=120, max=98
Content-Length
975
X-XSS-Protection
1; mode=block

Redirect headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
Location
https://smail.mbank.pl:443/wm/images/bg_content.png
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=120, max=99
Content-Length
235
X-XSS-Protection
1; mode=block
error_row_icon.gif
smail.mbank.pl/wm/images/
Redirect Chain
  • https://smail.mbank.pl/b/images/error_row_icon.gif
  • https://smail.mbank.pl/wm/images/error_row_icon.gif
639 B
1 KB
Image
General
Full URL
https://smail.mbank.pl/wm/images/error_row_icon.gif
Requested by
Host: smail.mbank.pl
URL: https://smail.mbank.pl/b/WMStylesheet.css
Protocol
HTTP/1.1
Server
195.42.249.48 , Poland, ASN13274 (MBANK-SA, PL),
Reverse DNS
Software
/
Resource Hash
e26ba003f476a63c7c35f02af1f1110822697c96e4efaa4d4e3a226dee6bc950
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://smail.mbank.pl/b/WMStylesheet.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 17 May 2024 19:06:58 GMT
ETag
"27f-618ab0e47f3ee"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=120, max=96
Content-Length
639
X-XSS-Protection
1; mode=block

Redirect headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
Location
https://smail.mbank.pl:443/wm/images/error_row_icon.gif
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=120, max=97
Content-Length
239
X-XSS-Protection
1; mode=block
open-sans-v14-latin_latin-ext-regular.woff
smail.mbank.pl/wm/images/
Redirect Chain
  • https://smail.mbank.pl/b/images/open-sans-v14-latin_latin-ext-regular.woff
  • https://smail.mbank.pl/wm/images/open-sans-v14-latin_latin-ext-regular.woff
23 KB
24 KB
Font
General
Full URL
https://smail.mbank.pl/wm/images/open-sans-v14-latin_latin-ext-regular.woff
Requested by
Host: smail.mbank.pl
URL: https://smail.mbank.pl/b/styles.css
Protocol
HTTP/1.1
Server
195.42.249.48 , Poland, ASN13274 (MBANK-SA, PL),
Reverse DNS
Software
/
Resource Hash
2745698fcd5dd6e7b06ff00de0479ccd41f29a27129bb76801f074f7734b655e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://smail.mbank.pl/b/styles.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 17 May 2024 19:06:58 GMT
ETag
"5c5c-618ab0e48038e"
X-Frame-Options
SAMEORIGIN
Content-Type
application/font-woff
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=120, max=98
Content-Length
23644
X-XSS-Protection
1; mode=block

Redirect headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
Location
https://smail.mbank.pl:443/wm/images/open-sans-v14-latin_latin-ext-regular.woff
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=120, max=99
Content-Length
263
X-XSS-Protection
1; mode=block
favicon.ico
smail.mbank.pl/wm/images/
Redirect Chain
  • https://smail.mbank.pl/b/images/favicon.ico?OWASP_CSRFTOKEN=7VYD-0SOM-N2UD-1RHK-5PIA-4NU8-03HT-2F11
  • https://smail.mbank.pl/wm/images/favicon.ico?OWASP_CSRFTOKEN=7VYD-0SOM-N2UD-1RHK-5PIA-4NU8-03HT-2F11
894 B
1 KB
Other
General
Full URL
https://smail.mbank.pl/wm/images/favicon.ico?OWASP_CSRFTOKEN=7VYD-0SOM-N2UD-1RHK-5PIA-4NU8-03HT-2F11
Protocol
HTTP/1.1
Server
195.42.249.48 , Poland, ASN13274 (MBANK-SA, PL),
Reverse DNS
Software
/
Resource Hash
e9ec934ad383443fd61c8aa743bd37fee6148a46f254e9af15ce6b475a2711e1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
pl-PL,pl;q=0.9;q=0.9
Referer
https://smail.mbank.pl/b/ir.e?OWASP_CSRFTOKEN=9K0N-P3BA-NG29-0R4T-6MG9-ZA5N-0BM9-JXJT
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 17 May 2024 19:06:58 GMT
ETag
"37e-618ab0e47f3ee"
X-Frame-Options
SAMEORIGIN
Content-Type
image/vnd.microsoft.icon
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=120, max=96
Content-Length
894
X-XSS-Protection
1; mode=block

Redirect headers

Date
Thu, 23 May 2024 08:28:06 GMT
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
Location
https://smail.mbank.pl:443/wm/images/favicon.ico?OWASP_CSRFTOKEN=7VYD-0SOM-N2UD-1RHK-5PIA-4NU8-03HT-2F11
Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=120, max=97
Content-Length
288
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

219 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Cookie string| detect string| OS string| browser string| version string| thestring function| checkIt string| EXTRA_PARAM_PREFIX string| EXTRA_PARAM_NON_REPLICATED_PREFIX function| getExtraAttribute function| openOvidDialog function| addParamToUrl function| addExtraParamsToURL function| truncateParamInURL function| expireCookie function| resizeDialog function| deleteDialogCookie function| resizeAndOpen function| resizeAll function| resizeHeight function| findAddItem function| findDeleteItem function| toggleState function| enableAnchor function| disableAnchor function| enableImage function| disableImage function| cancelClick function| toggleDivState function| toggleStateByName function| destructiveAction function| destructiveRestoreAction function| destructiveActionWithNoToken function| destructiveDialog function| destructiveFormSubmit function| destructiveFormSubmitForRestore function| destructiveFormSubmitConditional function| openhelp function| openpopup function| openwindow function| AddDomain function| AddManagedDomain function| flushKeyCache function| submitOnEnter function| setIFramePulse function| pulseIFrame string| ROW_ORDINAL_NAME function| removeRepeatedRow function| addNewRepeatedRow function| reorderRows function| reorderRow function| incrementRowOrdinal function| setRowOrdinal function| setAllOrdinalRowSpanTexts function| setAllExtraParamRowOrdinalValues function| decrementRowOrdinals function| getExtraAttributeValue function| setExtraAttributeValue function| replaceIdInJavaScriptHref function| clearAnyErrorValues function| removeAllNonReplicatedInputs string| CHILD_WEB_FORM_ID number| BIG_NUM string| HIDDEN_ELEMENT_PREFIX string| HIDDEN_CHILD_WEB_FORM_ID_PREFIX function| createNewChildWebFormIds function| setNewChildWebFormIdIntoHiddenElement function| getAllChildIds function| clearAllFormValues function| rememberDeletedFormItems function| rememberDeletedFormItemsHelper function| substituteAttributeSuffixDeep function| findTagWithId function| findTagWithIdPrefix function| findFollowingSiblingsWithIdPrefix function| findAllTagsWithIdPrefix function| findAllChildrenWithIdPrefix function| findTagsWithName function| findFirstTagWithName function| setSelectToMatchingValue function| insertSelectOption function| findTagsWithNamePrefix function| findTagsWithAttributeValue function| getNamedNodesMap function| findParentNodeWithName function| findOptionWithValue function| findParentNodeWithTagName function| findFirstChildWithTagName function| getChildrenWithTagName function| getChildrenWithTagNameImpl function| getProperty function| capitalize function| insertAfter function| enumerateChildren function| getEnumerateChildrenString function| enumerateAttributes function| enumerateAttributeValues function| stripIDAttributes function| hoverLink function| unhoverLink function| hoverLinkByName function| unhoverLinkByName function| initRollovers function| initWaitButtons function| changeToWaitButton object| WAIT_BUTTON_URL function| waitButton function| unwaitButton function| buttonStatus number| BASE_DIALOG_ERROR_RESIZE_HEIGHT number| NUM_ERROR_MESSAGES_BEFORE_RESIZE number| ERROR_MESSAGE_ROW_SIZE_HEIGHT function| resizeDialogByErrorMessageCount function| initiateDownload function| sendPostEventForBlob function| exportKeyData function| noOp function| focusOnFirstText function| makeTabSelected function| makeTabDeselected function| handleSingleTabSection function| handleTabbedSections function| initSingleTabSection function| getInitialTabIndex function| initTabbedSelections function| limitString function| DebugString function| PGPUtils function| DOMHelper function| DHTMLHelper function| IEHacks function| EventType function| PGPToolTip function| handleActionMenuState function| handleOnfocus function| isCheckboxChecked function| handleActionMenuStateImpl function| renderOrderingSelect function| getUrlParameter function| addOrReplaceParam function| gotoUrl object| faderLayer function| initFaderLayer function| showFaderLayer function| hideFaderLayer function| scrollFaderLayer function| updateDropdown function| countDown function| sendHttpRequest function| showHideActionMenu function| hideMenu number| attributeCounter function| addNewAttribute function| deleteAttribute function| deleteInterface number| interfaceCounter function| addInterface function| getCheckedValue function| removeAndUpdateAttributeRows number| counterId function| cloneRow function| cloneRowWithObject function| deleteCurrentRow function| isCurrentSectionDisabled function| deleteCurrentRowWithObject number| initCloneCounter function| syncUpLDAPDropDowns function| contains function| isValueTaken function| convertLdapAttributeNames number| customLdapAttributeCounter number| customLdapSectionCounter function| fillCustomLdapAttributes function| renderDictionaryDropDown function| cloneAttributeRowForCustomLdap object| sampleRecordCallback function| renderAttributes function| refreshLdapSampleRecords function| viewSampleResizeWindow function| updateArgument function| makeParamterVisible function| enableDisableConsumerIsSection function| enableDisableRegExpSection function| initNewGroup function| toggleLdapMatchingState function| syncUpPassPhraseSecurID function| ada function| makeAllLDAPADA function| makeCustomLDAPADA function| sanitizeHTML number| place object| favicon function| handleValues function| submitAndCloseDialog function| refreshParentAndCloseDialog function| doUploadAtachment function| doRemoveAttachment function| framePrint function| checkAll function| highLightRow function| highlightAllRow function| highlightRow function| toggleNamedKeyTileElements function| placeFocus function| togglePasswordReveal function| showEye function| submitDelete function| submitRefresh function| textCounter function| enableSubmitButton function| disableSubmitButton function| validateFields function| validateField function| extractEmail function| searchEmail function| domainWhitelist function| Print function| checkRadioButtonValue function| checkRadioButtonValueForKeyOrCert

2 Cookies

Domain/Path Name / Value
smail.mbank.pl/b Name: JSESSIONID
Value: 480F950AC6541D496BBE749D2011179A
smail.mbank.pl/b Name: timezoneOffset
Value: -120

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; object-src blob:; style-src 'unsafe-inline' 'self';
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block