URL: https://stg-safe.bako.global/
Submission: On August 26 via automatic, source certstream-suspicious — Scanned from US

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 17 HTTP transactions. The main IP is 76.76.21.93, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is stg-safe.bako.global.
TLS certificate: Issued by R11 on August 26th 2024. Valid for: 3 months.
This is the only time stg-safe.bako.global was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 76.76.21.93 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
17 5
Domain Requested by
6 stg-safe.bako.global stg-safe.bako.global
2 beta-5.fuel.network stg-safe.bako.global
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com stg-safe.bako.global
0 api.bako.global Failed stg-safe.bako.global
0 www.googletagmanager.com Failed stg-safe.bako.global
17 6

This site contains links to these domains. Also see Links.

Domain
www.fuel.network
Subject Issuer Validity Valid
stg-safe.bako.global
R11
2024-08-26 -
2024-11-24
3 months crt.sh
upload.video.google.com
WR2
2024-07-30 -
2024-10-22
3 months crt.sh
fuel.network
WE1
2024-08-08 -
2024-11-06
3 months crt.sh
*.gstatic.com
WR2
2024-07-30 -
2024-10-22
3 months crt.sh

This page contains 1 frames:

Primary Page: https://stg-safe.bako.global/
Frame ID: 47EA7D8481687CFB53B3A56F94AE474A
Requests: 16 HTTP requests in this frame

Screenshot

Page Title

Bako Safe

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>

Page Statistics

17
Requests

59 %
HTTPS

75 %
IPv6

5
Domains

6
Subdomains

5
IPs

1
Countries

1473 kB
Transfer

3603 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
stg-safe.bako.global/
1 KB
970 B
Document
General
Full URL
https://stg-safe.bako.global/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
47224baaac147aa276236353bf70dbf858d2df06a36e17aeeefa4b300fbabf79
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
225112
cache-control
public, max-age=0, must-revalidate
content-disposition
inline
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 26 Aug 2024 11:18:59 GMT
etag
W/"9996819802b9eba4d55e3ee89d1ef486"
server
Vercel
strict-transport-security
max-age=63072000
x-vercel-cache
HIT
x-vercel-id
iad1::hnsbr-1724671139692-a2f594f47c77
css2
fonts.googleapis.com/
23 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700&family=Roboto:wght@300;400;500&display=swap
Requested by
Host: stg-safe.bako.global
URL: https://stg-safe.bako.global/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3462bca53cdef6c9c29ef7f704b3b69d7946024ef6bb06f8f275c26bf7783504
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://stg-safe.bako.global/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 26 Aug 2024 11:18:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 26 Aug 2024 11:18:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 26 Aug 2024 11:18:59 GMT
index-17de2e25.js
stg-safe.bako.global/assets/
3 MB
803 KB
Script
General
Full URL
https://stg-safe.bako.global/assets/index-17de2e25.js
Requested by
Host: stg-safe.bako.global
URL: https://stg-safe.bako.global/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
4cbf13b2be4f9df106fe4a4bdad05cfdfd179185b687f87a2383697f5fc05497
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://stg-safe.bako.global/
Origin
https://stg-safe.bako.global
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 26 Aug 2024 11:18:59 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
iad1::hnsbr-1724671139735-16b4ca82931b
age
440899
etag
W/"6e1f1c8c4bc0810b8ac717ff3d014cf0"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="index-17de2e25.js"
gtm.js
www.googletagmanager.com/
0
0

graphql
beta-5.fuel.network/
0
0
Preflight
General
Full URL
https://beta-5.fuel.network/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:30dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://stg-safe.bako.global
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
*
access-control-allow-origin
*
cf-cache-status
DYNAMIC
cf-ray
8b936ca43d6742aa-EWR
content-length
0
date
Mon, 26 Aug 2024 11:19:00 GMT
server
cloudflare
strict-transport-security
max-age=15724800; includeSubDomains
gtm.js
www.googletagmanager.com/
0
0

graphql
beta-5.fuel.network/
2 KB
586 B
Fetch
General
Full URL
https://beta-5.fuel.network/graphql
Requested by
Host: stg-safe.bako.global
URL: https://stg-safe.bako.global/assets/index-17de2e25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:30dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
268ce0bc69dbd08f9e6c04daf0cae6d177d22202e5a7a268eada971dba2b433b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://stg-safe.bako.global/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 26 Aug 2024 11:19:00 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-methods
*
content-type
application/json
access-control-allow-origin
*
cf-ray
8b936ca48da642aa-EWR
access-control-allow-headers
*
4dd0c162-c957-44d3-a36c-f69c3b365ff2
api.bako.global/user/by-hardware/
0
0

bakoLogoDark-abf777cf.svg
stg-safe.bako.global/assets/
10 KB
4 KB
Image
General
Full URL
https://stg-safe.bako.global/assets/bakoLogoDark-abf777cf.svg
Requested by
Host: stg-safe.bako.global
URL: https://stg-safe.bako.global/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
abf777cfd3ac88aec1702c04dfe4c128f81bc6f18f023141278da38617571e6a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://stg-safe.bako.global/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 26 Aug 2024 11:19:00 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
iad1::5n7rt-1724671140718-88863ec06af5
age
426614
etag
W/"aec470e5d7772bace33edd68804d8306"
x-vercel-cache
HIT
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="bakoLogoDark-abf777cf.svg"
bakoSymbol-023f7b19.svg
stg-safe.bako.global/assets/
2 KB
887 B
Image
General
Full URL
https://stg-safe.bako.global/assets/bakoSymbol-023f7b19.svg
Requested by
Host: stg-safe.bako.global
URL: https://stg-safe.bako.global/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
023f7b19d113f99b6291f96878e3b473d29d704966eca2e08960d6a4505e31be
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://stg-safe.bako.global/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 26 Aug 2024 11:19:00 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
iad1::hnq9t-1724671140718-2438f4abb832
age
426614
etag
W/"e71e9de431f50e5389706c747fafc20e"
x-vercel-cache
HIT
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="bakoSymbol-023f7b19.svg"
new-home-bg-769df5c4.png
stg-safe.bako.global/assets/
612 KB
612 KB
Image
General
Full URL
https://stg-safe.bako.global/assets/new-home-bg-769df5c4.png
Requested by
Host: stg-safe.bako.global
URL: https://stg-safe.bako.global/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
769df5c4a26f52a2d2b93b6abcd1b7e47fca72b8df0224d351077516800009d6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://stg-safe.bako.global/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 26 Aug 2024 11:19:00 GMT
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
iad1::6wwvk-1724671140723-c138a60c230d
age
161218
etag
"cefaeac8658cbc8d176ea7384d1d2731"
x-vercel-cache
HIT
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="new-home-bg-769df5c4.png"
accept-ranges
bytes
content-length
626594
UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
fonts.gstatic.com/s/inter/v18/
47 KB
48 KB
Font
General
Full URL
https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700&family=Roboto:wght@300;400;500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://stg-safe.bako.global
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 22 Aug 2024 05:05:04 GMT
x-content-type-options
nosniff
age
368036
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48444
x-xss-protection
0
last-modified
Mon, 29 Jul 2024 22:51:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 22 Aug 2025 05:05:04 GMT
favicon.ico
stg-safe.bako.global/
15 KB
2 KB
Other
General
Full URL
https://stg-safe.bako.global/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
2529f2e4bf6948ef17a6284feac33af052a970869d6455672e3f4208ecddd503
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://stg-safe.bako.global/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 26 Aug 2024 11:19:00 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
iad1::ks2wm-1724671140827-77bcc150220f
age
426614
etag
W/"dd2a4cd8bd2413239cb2a28616202780"
x-vercel-cache
HIT
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="favicon.ico"
4dd0c162-c957-44d3-a36c-f69c3b365ff2
api.bako.global/user/by-hardware/
0
0

4dd0c162-c957-44d3-a36c-f69c3b365ff2
api.bako.global/user/by-hardware/
0
0

4dd0c162-c957-44d3-a36c-f69c3b365ff2
api.bako.global/user/by-hardware/
0
0

4dd0c162-c957-44d3-a36c-f69c3b365ff2
api.bako.global/user/by-hardware/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtm.js?id=GTM_ID
Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtm.js?id=undefined&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Domain
api.bako.global
URL
https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2
Domain
api.bako.global
URL
https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2
Domain
api.bako.global
URL
https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2
Domain
api.bako.global
URL
https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2
Domain
api.bako.global
URL
https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer string| __reactRouterVersion

0 Cookies

10 Console Messages

Source Level URL
Text
javascript error URL: https://stg-safe.bako.global/
Message:
Access to XMLHttpRequest at 'https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2' from origin 'https://stg-safe.bako.global' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://stg-safe.bako.global/
Message:
Access to XMLHttpRequest at 'https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2' from origin 'https://stg-safe.bako.global' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://stg-safe.bako.global/
Message:
Access to XMLHttpRequest at 'https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2' from origin 'https://stg-safe.bako.global' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://stg-safe.bako.global/
Message:
Access to XMLHttpRequest at 'https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2' from origin 'https://stg-safe.bako.global' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://stg-safe.bako.global/
Message:
Access to XMLHttpRequest at 'https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2' from origin 'https://stg-safe.bako.global' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.bako.global/user/by-hardware/4dd0c162-c957-44d3-a36c-f69c3b365ff2
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000