urlscan.io logo urlscan.io
SecurityTrails logo

login.brandloyalty-int.com Open in urlscan Pro
2620:1ec:29::60  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://dashboard.production.kp1.bly-int.com/
Effective URL: https://login.brandloyalty-int.com/auth/realms/storepal/protocol/openid-connect/auth?response_type=code&client_id=storepal-dashboar...
Submission: On December 02 via automatic, source rescanner — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 18 HTTP transactions. The main IP is 2620:1ec:29::60, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.brandloyalty-int.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on September 19th 2021. Valid for: a year.
This is the only time login.brandloyalty-int.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 20.50.45.46 8075 (MICROSOFT...)
6 2620:1ec:29::60 8068 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
18 4
Domain Requested by
10 dashboard.production.kp1.bly-int.com dashboard.production.kp1.bly-int.com
6 login.brandloyalty-int.com dashboard.production.kp1.bly-int.com
login.brandloyalty-int.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com login.brandloyalty-int.com
18 4

This site contains links to these domains. Also see Links.

Domain
brandloyalty-int.com
Subject Issuer Validity Valid
dashboard.production.kp1.bly-int.com
R3		 2021-12-02 -
2022-03-02		 3 months crt.sh
login.brandloyalty-int.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-19 -
2022-09-19		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://login.brandloyalty-int.com/auth/realms/storepal/protocol/openid-connect/auth?response_type=code&client_id=storepal-dashboard&state=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt&redirect_uri=https%3A%2F%2Fdashboard.production.kp1.bly-int.com%2Ftask-progress&scope=openid&code_challenge=_ny_QyMxZ_Flkwcj9ssnBUHY06OBTSuvDfqlfhEG_dE&code_challenge_method=S256&nonce=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt
Frame ID: 5208DBE9727ABABAE0BCF6FC755980FC
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in to StorePal

Page URL History Show full URLs

  1. https://dashboard.production.kp1.bly-int.com/ Page URL
  2. https://login.brandloyalty-int.com/auth/realms/storepal/protocol/openid-connect/auth?response_type=code&client_... Page URL

Page Statistics

18
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

2212 kB
Transfer

2218 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dashboard.production.kp1.bly-int.com/ Page URL
  2. https://login.brandloyalty-int.com/auth/realms/storepal/protocol/openid-connect/auth?response_type=code&client_id=storepal-dashboard&state=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt&redirect_uri=https%3A%2F%2Fdashboard.production.kp1.bly-int.com%2Ftask-progress&scope=openid&code_challenge=_ny_QyMxZ_Flkwcj9ssnBUHY06OBTSuvDfqlfhEG_dE&code_challenge_method=S256&nonce=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
dashboard.production.kp1.bly-int.com/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dashboard.production.kp1.bly-int.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.45.46 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
afbe2e454d4d6b5dae7ecde185148e9301fb16ba27f1d3c1122d23a619bc879a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9

Response headers

date
Thu, 02 Dec 2021 12:34:31 GMT
content-type
text/html
content-length
1287
request-context
appId=cid-v1:9f8eaa5c-97f1-43d1-9d7a-419df570773b
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
last-modified
Mon, 18 Oct 2021 14:42:19 GMT
accept-ranges
bytes
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
0
strict-transport-security
max-age=15724800; includeSubDomains
x-frame-options
DENY
content-language
nl-NL
styles.e64f8e8866eb30341f06.css
dashboard.production.kp1.bly-int.com/ 		326 KB
327 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dashboard.production.kp1.bly-int.com/styles.e64f8e8866eb30341f06.css
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.45.46 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3a58b676032e7274ed73632c0ae0e896a57c8675a6e62593d5e1a0980ebda637
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://dashboard.production.kp1.bly-int.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Dec 2021 12:34:31 GMT
x-content-type-options
nosniff
last-modified
Mon, 18 Oct 2021 14:42:19 GMT
x-frame-options
DENY
content-type
text/css
request-context
appId=cid-v1:9f8eaa5c-97f1-43d1-9d7a-419df570773b
cache-control
no-cache, no-store, max-age=0, must-revalidate
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
334010
x-xss-protection
1; mode=block
expires
0
runtime.0e49e2b53282f40c8925.js
dashboard.production.kp1.bly-int.com/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dashboard.production.kp1.bly-int.com/runtime.0e49e2b53282f40c8925.js
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.45.46 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6c5acbb82a46a4971660f65131241dffcc28828f4dbd76b8ec7bab0b468250f8
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://dashboard.production.kp1.bly-int.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Dec 2021 12:34:31 GMT
x-content-type-options
nosniff
last-modified
Mon, 18 Oct 2021 14:42:19 GMT
x-frame-options
DENY
content-type
application/javascript
request-context
appId=cid-v1:9f8eaa5c-97f1-43d1-9d7a-419df570773b
cache-control
no-cache, no-store, max-age=0, must-revalidate
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
1485
x-xss-protection
1; mode=block
expires
0
polyfills.2e89f9530eab053a7df4.js
dashboard.production.kp1.bly-int.com/ 		36 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dashboard.production.kp1.bly-int.com/polyfills.2e89f9530eab053a7df4.js
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.45.46 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4daa2bb1677808e27e398cdd6a6c42f04972c0dbc121b2a646a001d0e58b3687
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://dashboard.production.kp1.bly-int.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Dec 2021 12:34:31 GMT
x-content-type-options
nosniff
last-modified
Mon, 18 Oct 2021 14:42:19 GMT
x-frame-options
DENY
content-type
application/javascript
request-context
appId=cid-v1:9f8eaa5c-97f1-43d1-9d7a-419df570773b
cache-control
no-cache, no-store, max-age=0, must-revalidate
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
36864
x-xss-protection
1; mode=block
expires
0
scripts.707989f29ab77cea1bbc.js
dashboard.production.kp1.bly-int.com/ 		333 KB
334 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dashboard.production.kp1.bly-int.com/scripts.707989f29ab77cea1bbc.js
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.45.46 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
bc79704df1f779c2f367f041afd19b9aa020a67d2abd4d1973365182e5c98a9b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://dashboard.production.kp1.bly-int.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Dec 2021 12:34:31 GMT
x-content-type-options
nosniff
last-modified
Mon, 18 Oct 2021 14:42:19 GMT
x-frame-options
DENY
content-type
application/javascript
request-context
appId=cid-v1:9f8eaa5c-97f1-43d1-9d7a-419df570773b
cache-control
no-cache, no-store, max-age=0, must-revalidate
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
341497
x-xss-protection
1; mode=block
expires
0
main.7758ee66551619f7ca08.js
dashboard.production.kp1.bly-int.com/ 		1 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://dashboard.production.kp1.bly-int.com/main.7758ee66551619f7ca08.js
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.45.46 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
86a4e40f80d074946abcc60e158f35081580ba78a94cf8259e46a2726b1bdcb4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://dashboard.production.kp1.bly-int.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Dec 2021 12:34:31 GMT
x-content-type-options
nosniff
last-modified
Mon, 18 Oct 2021 14:42:19 GMT
x-frame-options
DENY
content-type
application/javascript
request-context
appId=cid-v1:9f8eaa5c-97f1-43d1-9d7a-419df570773b
cache-control
no-cache, no-store, max-age=0, must-revalidate
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
1496615
x-xss-protection
1; mode=block
expires
0
en.json
dashboard.production.kp1.bly-int.com/assets/i18n/ 		7 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dashboard.production.kp1.bly-int.com/assets/i18n/en.json
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/polyfills.2e89f9530eab053a7df4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.45.46 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0feb6dad910c69536377d833efc75b4b6af4e2e3884542a1b06cd7cca49e6e15
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://dashboard.production.kp1.bly-int.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Dec 2021 12:34:32 GMT
x-content-type-options
nosniff
last-modified
Mon, 18 Oct 2021 14:42:19 GMT
x-frame-options
DENY
content-type
application/json
request-context
appId=cid-v1:9f8eaa5c-97f1-43d1-9d7a-419df570773b
cache-control
no-cache, no-store, max-age=0, must-revalidate
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
6754
x-xss-protection
1; mode=block
expires
0
configuration
dashboard.production.kp1.bly-int.com/ 		210 B
574 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dashboard.production.kp1.bly-int.com/configuration
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/polyfills.2e89f9530eab053a7df4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.45.46 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
304269e24e2733332a59896a88c487d8699df537d8cc850f7e36a0a66312d103
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://dashboard.production.kp1.bly-int.com/task-progress
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Dec 2021 12:34:32 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
application/json
request-context
appId=cid-v1:9f8eaa5c-97f1-43d1-9d7a-419df570773b
cache-control
no-cache, no-store, max-age=0, must-revalidate
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-xss-protection
1; mode=block
expires
0
configuration
dashboard.production.kp1.bly-int.com/ 		210 B
574 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dashboard.production.kp1.bly-int.com/configuration
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/polyfills.2e89f9530eab053a7df4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.45.46 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
304269e24e2733332a59896a88c487d8699df537d8cc850f7e36a0a66312d103
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://dashboard.production.kp1.bly-int.com/task-progress
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Dec 2021 12:34:32 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
application/json
request-context
appId=cid-v1:9f8eaa5c-97f1-43d1-9d7a-419df570773b
cache-control
no-cache, no-store, max-age=0, must-revalidate
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-xss-protection
1; mode=block
expires
0
versions
dashboard.production.kp1.bly-int.com/ 		86 B
450 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dashboard.production.kp1.bly-int.com/versions
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/polyfills.2e89f9530eab053a7df4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.45.46 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0d0e09b4fa3e8537129e50534e9a44a0952f7c4257ccfe170e654cfa81358ceb
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://dashboard.production.kp1.bly-int.com/task-progress
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 Dec 2021 12:34:32 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
application/json
request-context
appId=cid-v1:9f8eaa5c-97f1-43d1-9d7a-419df570773b
cache-control
no-cache, no-store, max-age=0, must-revalidate
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-xss-protection
1; mode=block
expires
0
openid-configuration
login.brandloyalty-int.com/auth/realms/storepal/.well-known/ 		6 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.brandloyalty-int.com/auth/realms/storepal/.well-known/openid-configuration
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/polyfills.2e89f9530eab053a7df4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:29::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
afd6a9b660be121febe72c39d1e14b3ad999ae2b4ff580c3150fec101cffba6f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://dashboard.production.kp1.bly-int.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
referrer-policy
no-referrer
date
Thu, 02 Dec 2021 12:34:31 GMT
x-frame-options
SAMEORIGIN
x-cache
CONFIG_NOCACHE
content-type
application/json
access-control-allow-origin
https://dashboard.production.kp1.bly-int.com
x-xss-protection
1; mode=block
cache-control
no-cache, must-revalidate, no-transform, no-store
access-control-allow-credentials
true
x-azure-ref
0WL2oYQAAAABszqUVoezJSoXQyRuRJrNJTE9OMjFFREdFMDIwOAA5M2Y0MzM5Yy1jZDBlLTRkZDgtYjI1Ni05MTE2ZTEzZGE3MmY=
content-length
5919
x-content-type-options
nosniff
certs
login.brandloyalty-int.com/auth/realms/storepal/protocol/openid-connect/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.brandloyalty-int.com/auth/realms/storepal/protocol/openid-connect/certs
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/polyfills.2e89f9530eab053a7df4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:29::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://dashboard.production.kp1.bly-int.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
referrer-policy
no-referrer
date
Thu, 02 Dec 2021 12:34:31 GMT
x-frame-options
SAMEORIGIN
x-cache
CONFIG_NOCACHE
content-type
application/json
access-control-allow-origin
https://dashboard.production.kp1.bly-int.com
x-xss-protection
1; mode=block
cache-control
no-cache
access-control-allow-credentials
true
x-azure-ref
0WL2oYQAAAAC/A9m56IfDSI8Uz5JsJkTzTE9OMjFFREdFMDIwOAA5M2Y0MzM5Yy1jZDBlLTRkZDgtYjI1Ni05MTE2ZTEzZGE3MmY=
content-length
1478
x-content-type-options
nosniff
Primary Request auth
login.brandloyalty-int.com/auth/realms/storepal/protocol/openid-connect/ 		6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.brandloyalty-int.com/auth/realms/storepal/protocol/openid-connect/auth?response_type=code&client_id=storepal-dashboard&state=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt&redirect_uri=https%3A%2F%2Fdashboard.production.kp1.bly-int.com%2Ftask-progress&scope=openid&code_challenge=_ny_QyMxZ_Flkwcj9ssnBUHY06OBTSuvDfqlfhEG_dE&code_challenge_method=S256&nonce=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt
Requested by
Host: dashboard.production.kp1.bly-int.com
URL: https://dashboard.production.kp1.bly-int.com/main.7758ee66551619f7ca08.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:29::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8ae71cb15c7ced0c1a3ffa5f679c3deb01a6f530b3b462d1ad19d241b2be092c
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://dashboard.production.kp1.bly-int.com/

Response headers

cache-control
no-store, must-revalidate, max-age=0
content-length
5807
content-type
text/html;charset=utf-8
content-language
nl
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
referrer-policy
no-referrer
content-security-policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
x-robots-tag
none
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
x-cache
CONFIG_NOCACHE
x-azure-ref
0WL2oYQAAAAAET42RBU40Tqc8LeqwL2kbTE9OMjFFREdFMDExOQA5M2Y0MzM5Yy1jZDBlLTRkZDgtYjI1Ni05MTE2ZTEzZGE3MmY=
date
Thu, 02 Dec 2021 12:34:32 GMT
login.css
login.brandloyalty-int.com/auth/resources/18os7/login/storepal/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.brandloyalty-int.com/auth/resources/18os7/login/storepal/css/login.css
Requested by
Host: login.brandloyalty-int.com
URL: https://login.brandloyalty-int.com/auth/realms/storepal/protocol/openid-connect/auth?response_type=code&client_id=storepal-dashboard&state=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt&redirect_uri=https%3A%2F%2Fdashboard.production.kp1.bly-int.com%2Ftask-progress&scope=openid&code_challenge=_ny_QyMxZ_Flkwcj9ssnBUHY06OBTSuvDfqlfhEG_dE&code_challenge_method=S256&nonce=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:29::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
50d30b811826a75bf1719a0ff30916e120b0457f61a859424d24ed39f97d0096
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer
date
Thu, 02 Dec 2021 12:34:32 GMT
x-azure-ref
0WL2oYQAAAACah+/qFZLdSa0vmeuzBv5GTE9OMjFFREdFMDExOQA5M2Y0MzM5Yy1jZDBlLTRkZDgtYjI1Ni05MTE2ZTEzZGE3MmY=
x-cache
CONFIG_NOCACHE
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
x-content-type-options
nosniff
content-length
2380
x-xss-protection
1; mode=block
tile.css
login.brandloyalty-int.com/auth/resources/18os7/login/storepal/css/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.brandloyalty-int.com/auth/resources/18os7/login/storepal/css/tile.css
Requested by
Host: login.brandloyalty-int.com
URL: https://login.brandloyalty-int.com/auth/realms/storepal/protocol/openid-connect/auth?response_type=code&client_id=storepal-dashboard&state=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt&redirect_uri=https%3A%2F%2Fdashboard.production.kp1.bly-int.com%2Ftask-progress&scope=openid&code_challenge=_ny_QyMxZ_Flkwcj9ssnBUHY06OBTSuvDfqlfhEG_dE&code_challenge_method=S256&nonce=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:29::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
38f57a9833dde172f48a5d3294357b7cdde64c6ad734ad59261e2c4246e4dd40
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer
date
Thu, 02 Dec 2021 12:34:32 GMT
x-azure-ref
0WL2oYQAAAACL8GD1nqKYTqHCFdYwnlpeTE9OMjFFREdFMDExOQA5M2Y0MzM5Yy1jZDBlLTRkZDgtYjI1Ni05MTE2ZTEzZGE3MmY=
x-cache
CONFIG_NOCACHE
content-type
text/css;charset=UTF-8
cache-control
max-age=2592000
x-content-type-options
nosniff
content-length
1263
x-xss-protection
1; mode=block
storepal-logo.png
login.brandloyalty-int.com/auth/resources/18os7/login/storepal/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.brandloyalty-int.com/auth/resources/18os7/login/storepal/img/storepal-logo.png
Requested by
Host: login.brandloyalty-int.com
URL: https://login.brandloyalty-int.com/auth/realms/storepal/protocol/openid-connect/auth?response_type=code&client_id=storepal-dashboard&state=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt&redirect_uri=https%3A%2F%2Fdashboard.production.kp1.bly-int.com%2Ftask-progress&scope=openid&code_challenge=_ny_QyMxZ_Flkwcj9ssnBUHY06OBTSuvDfqlfhEG_dE&code_challenge_method=S256&nonce=a3ZnMkZyZEdpeXRaX3VVQU5QOXJkZEZNMTg0cDNDdGlGUUlMTVAtcWpuN1pt
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:29::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d4525e8f8c9b733829b78ce10d9a757ef03ef9d695c3d1a5ce534e8efaeac646
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
referrer-policy
no-referrer
date
Thu, 02 Dec 2021 12:34:32 GMT
x-azure-ref
0WL2oYQAAAACgzD5DTRCeRqQDccXqRZ32TE9OMjFFREdFMDExOQA5M2Y0MzM5Yy1jZDBlLTRkZDgtYjI1Ni05MTE2ZTEzZGE3MmY=
x-cache
CONFIG_NOCACHE
content-type
image/png
cache-control
max-age=2592000
x-content-type-options
nosniff
content-length
1893
x-xss-protection
1; mode=block
css2
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:wght@300&display=swa
Requested by
Host: login.brandloyalty-int.com
URL: https://login.brandloyalty-int.com/auth/resources/18os7/login/storepal/css/login.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f3e1a0fa37cb773c73e8ccfb69798b22febaded38f88db48e604a0e9a3810942
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 02 Dec 2021 12:34:32 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 02 Dec 2021 12:34:32 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 02 Dec 2021 12:34:32 GMT
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v27/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@300&display=swa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ac74d7d0323d238309ee0a321935a57cbad893de6ae27e4b568f444531466e5e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://login.brandloyalty-int.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 22:41:29 GMT
x-content-type-options
nosniff
age
568383
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16700
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:54 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 25 Nov 2022 22:41:29 GMT

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| selectLocale function| setSelectedLocale

3 Cookies

Domain/Path Name / Value
login.brandloyalty-int.com/auth/realms/storepal/ Name: AUTH_SESSION_ID
Value: 0f5b24ed-d6ed-41c8-8dae-22239f659845.keycloak-prd-0
login.brandloyalty-int.com/auth/realms/storepal/ Name: AUTH_SESSION_ID_LEGACY
Value: 0f5b24ed-d6ed-41c8-8dae-22239f659845.keycloak-prd-0
login.brandloyalty-int.com/auth/realms/storepal/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwMTA5MGFkZS03MmQ4LTQ3ZGYtYmMzNC05MTY5YWZlNjIwNmMifQ.eyJjaWQiOiJzdG9yZXBhbC1kYXNoYm9hcmQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwczovL2Rhc2hib2FyZC5wcm9kdWN0aW9uLmtwMS5ibHktaW50LmNvbS90YXNrLXByb2dyZXNzIiwiYWN0IjoiQVVUSEVOVElDQVRFIiwibm90ZXMiOnsic2NvcGUiOiJvcGVuaWQiLCJpc3MiOiJodHRwczovL2xvZ2luLmJyYW5kbG95YWx0eS1pbnQuY29tL2F1dGgvcmVhbG1zL3N0b3JlcGFsIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJjb2RlX2NoYWxsZW5nZV9tZXRob2QiOiJTMjU2IiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9kYXNoYm9hcmQucHJvZHVjdGlvbi5rcDEuYmx5LWludC5jb20vdGFzay1wcm9ncmVzcyIsInN0YXRlIjoiYTNabk1rWnlaRWRwZVhSYVgzVlZRVTVRT1hKa1pFWk5NVGcwY0RORGRHbEdVVWxNVFZBdGNXcHVOMXB0Iiwibm9uY2UiOiJhM1puTWtaeVpFZHBlWFJhWDNWVlFVNVFPWEprWkVaTk1UZzBjRE5EZEdsR1VVbE1UVkF0Y1dwdU4xcHQiLCJjb2RlX2NoYWxsZW5nZSI6Il9ueV9ReU14Wl9GbGt3Y2o5c3NuQlVIWTA2T0JUU3V2RGZxbGZoRUdfZEUifX0.jAsmafuVTL0UViAgnZ7QFTz5_MGLQpuYGwJsA32Z1mI

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block