urlscan.io logo urlscan.io
SecurityTrails logo

securetransfer.moneygram.com Open in urlscan Pro
63.91.129.200  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mftprod.moneygram.com/
Effective URL: https://securetransfer.moneygram.com/portal-seefx/login.jsp
Submission: On October 10 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 63.91.129.200, located in United States and belongs to MONEYGRAM-INTERNATIONAL-INC, US. The main domain is securetransfer.moneygram.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on February 10th 2023. Valid for: a year.
This is the only time securetransfer.moneygram.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 45.60.186.179 19551 (INCAPSULA)
2 2 107.154.76.165 19551 (INCAPSULA)
1 9 63.91.129.200 29898 (MONEYGRAM...)
8 1
Domain Requested by
9 securetransfer.moneygram.com 1 redirects securetransfer.moneygram.com
2 securefiletransfer.moneygram.com 2 redirects
2 mftprod.moneygram.com 2 redirects
8 3

This site contains no links.

Subject Issuer Validity Valid
securetransfer.moneygram.com
Entrust Certification Authority - L1K		 2023-02-10 -
2024-02-27		 a year crt.sh

This page contains 1 frames:

Primary Page: https://securetransfer.moneygram.com/portal-seefx/login.jsp
Frame ID: 6F0E6100AAA1D9B7165B084C9AEB00D0
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

MoneyGram Production

Page URL History Show full URLs

  1. https://mftprod.moneygram.com/ HTTP 301
    https://mftprod.moneygram.com:8443/ HTTP 302
    https://securefiletransfer.moneygram.com/portal-seefx/ HTTP 302
    https://securetransfer.moneygram.com/portal-seefx/ HTTP 302
    https://securefiletransfer.moneygram.com/portal-seefx/login.jsp HTTP 302
    https://securetransfer.moneygram.com/portal-seefx/login.jsp Page URL

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

1
IPs

1
Countries

58 kB
Transfer

43 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mftprod.moneygram.com/ HTTP 301
    https://mftprod.moneygram.com:8443/ HTTP 302
    https://securefiletransfer.moneygram.com/portal-seefx/ HTTP 302
    https://securetransfer.moneygram.com/portal-seefx/ HTTP 302
    https://securefiletransfer.moneygram.com/portal-seefx/login.jsp HTTP 302
    https://securetransfer.moneygram.com/portal-seefx/login.jsp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.jsp
securetransfer.moneygram.com/portal-seefx/
Redirect Chain
  • https://mftprod.moneygram.com/
  • https://mftprod.moneygram.com:8443/
  • https://securefiletransfer.moneygram.com/portal-seefx/
  • https://securetransfer.moneygram.com/portal-seefx/
  • https://securefiletransfer.moneygram.com/portal-seefx/login.jsp
  • https://securetransfer.moneygram.com/portal-seefx/login.jsp
8 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securetransfer.moneygram.com/portal-seefx/login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.91.129.200 , United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),
Reverse DNS
user200.temgdwdp.com
Software
SEEBURGER JBossAS /
Resource Hash
e89ae3d9d46d72398d2c389e0970502fea7b13020e0419427136cd4ed1e83d63
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store
Content-Length
8016
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Content-Type
text/html;charset=UTF-8
Date
Tue, 10 Oct 2023 13:21:44 GMT
Expires
Tue, 10 Oct 2023 13:21:45 GMT
Pragma
no-cache
Server
SEEBURGER JBossAS
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-XSS-Protection
1; mode=block

Redirect headers

content-length
0
location
https://securetransfer.moneygram.com/portal-seefx/login.jsp
server
BigIP
x-cdn
Imperva
x-iinfo
9-36174855-35211627 pNNy RT(1696944103309 1044) q(0 0 0 -1) r(1 1) U11
login.css
securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/ 		5 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
Requested by
Host: securetransfer.moneygram.com
URL: https://securetransfer.moneygram.com/portal-seefx/login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.91.129.200 , United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),
Reverse DNS
user200.temgdwdp.com
Software
SEEBURGER JBossAS /
Resource Hash
448a36c924035a791eddf030a09e2bd7d3e54ba4211b4d42bfc691f26bf7684c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securetransfer.moneygram.com/portal-seefx/login.jsp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Tue, 10 Oct 2023 13:21:44 GMT
Last-Modified
Sun, 23 Jul 2023 07:43:14 GMT
Server
SEEBURGER JBossAS
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public
Content-Length
5128
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-XSS-Protection
1; mode=block
Expires
Tue, 10 Oct 2023 13:21:45 GMT
login.css
securetransfer.moneygram.com/portal-seefx/custom/ 		0
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securetransfer.moneygram.com/portal-seefx/custom/login.css
Requested by
Host: securetransfer.moneygram.com
URL: https://securetransfer.moneygram.com/portal-seefx/login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.91.129.200 , United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),
Reverse DNS
user200.temgdwdp.com
Software
SEEBURGER JBossAS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securetransfer.moneygram.com/portal-seefx/login.jsp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Tue, 10 Oct 2023 13:21:44 GMT
Last-Modified
Sun, 23 Jul 2023 07:46:29 GMT
Server
SEEBURGER JBossAS
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public
Content-Length
0
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-XSS-Protection
1; mode=block
Expires
Tue, 10 Oct 2023 13:21:45 GMT
mobileLogin.css
securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/ 		2 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/mobileLogin.css
Requested by
Host: securetransfer.moneygram.com
URL: https://securetransfer.moneygram.com/portal-seefx/login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.91.129.200 , United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),
Reverse DNS
user200.temgdwdp.com
Software
SEEBURGER JBossAS /
Resource Hash
23075ccb8df8eb25c2dc197691de563e41afb80e17d07f09dee24c96e2d04b1e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securetransfer.moneygram.com/portal-seefx/login.jsp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Tue, 10 Oct 2023 13:21:44 GMT
Last-Modified
Sun, 23 Jul 2023 07:43:14 GMT
Server
SEEBURGER JBossAS
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public
Content-Length
2059
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-XSS-Protection
1; mode=block
Expires
Tue, 10 Oct 2023 13:21:45 GMT
background
securetransfer.moneygram.com/portal-seefx/custom/file/login/header/ 		182 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securetransfer.moneygram.com/portal-seefx/custom/file/login/header/background
Requested by
Host: securetransfer.moneygram.com
URL: https://securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.91.129.200 , United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),
Reverse DNS
user200.temgdwdp.com
Software
SEEBURGER JBossAS /
Resource Hash
7e2eeb8a1099221c540f679c9b4ea7d94c642aacc22fd26bf356f13bded457fd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Tue, 10 Oct 2023 13:21:44 GMT
Last-Modified
Sun, 23 Jul 2023 07:46:29 GMT
Server
SEEBURGER JBossAS
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public
Content-Length
182
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-XSS-Protection
1; mode=block
Expires
Tue, 10 Oct 2023 13:21:45 GMT
logo
securetransfer.moneygram.com/portal-seefx/custom/file/login/ 		8 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securetransfer.moneygram.com/portal-seefx/custom/file/login/logo
Requested by
Host: securetransfer.moneygram.com
URL: https://securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.91.129.200 , United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),
Reverse DNS
user200.temgdwdp.com
Software
SEEBURGER JBossAS /
Resource Hash
9dac21acba5ca002af4bb3259592107e38144aef265de5cabf9c3a5ed2c1aebd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Tue, 10 Oct 2023 13:21:44 GMT
Last-Modified
Sun, 23 Jul 2023 07:46:29 GMT
Server
SEEBURGER JBossAS
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public
Content-Length
8326
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-XSS-Protection
1; mode=block
Expires
Tue, 10 Oct 2023 13:21:45 GMT
background
securetransfer.moneygram.com/portal-seefx/custom/file/login/ 		18 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securetransfer.moneygram.com/portal-seefx/custom/file/login/background
Requested by
Host: securetransfer.moneygram.com
URL: https://securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.91.129.200 , United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),
Reverse DNS
user200.temgdwdp.com
Software
SEEBURGER JBossAS /
Resource Hash
0b31bafb40e433f3d21f6b486f206c8a29fa305064509ca129ef9543cfbfe33f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Tue, 10 Oct 2023 13:21:44 GMT
Last-Modified
Sun, 23 Jul 2023 07:46:29 GMT
Server
SEEBURGER JBossAS
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public
Content-Length
18650
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-XSS-Protection
1; mode=block
Expires
Tue, 10 Oct 2023 13:21:45 GMT
button
securetransfer.moneygram.com/portal-seefx/custom/file/login/ 		1 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securetransfer.moneygram.com/portal-seefx/custom/file/login/button
Requested by
Host: securetransfer.moneygram.com
URL: https://securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.91.129.200 , United States, ASN29898 (MONEYGRAM-INTERNATIONAL-INC, US),
Reverse DNS
user200.temgdwdp.com
Software
SEEBURGER JBossAS /
Resource Hash
57825d9ef8a18bd01a387af119adfcc1f903d71c535f0ed1ca333d2593694c21
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securetransfer.moneygram.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Tue, 10 Oct 2023 13:21:44 GMT
Last-Modified
Sun, 23 Jul 2023 07:46:29 GMT
Server
SEEBURGER JBossAS
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public
Content-Length
1179
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-XSS-Protection
1; mode=block
Expires
Tue, 10 Oct 2023 13:21:45 GMT

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| unlW number| unW number| undW number| unltW number| pltW number| tw function| getW function| setW function| getTW function| getSubmitBody function| showPLV function| hideErr function| onFormSubmit function| closeMessage function| toggleMessage function| getEl function| getP function| getQP function| isSuccessURL function| isPL function| createXR function| validateResp

4 Cookies

Domain/Path Name / Value
.moneygram.com/ Name: nlbi_2215915
Value: bFGxcu3DAF5rkoWi3J/z1gAAAACoDHCF9goq2gZDIQqoeqiP
.moneygram.com/ Name: visid_incap_2215915
Value: c4fOvD7zSge8+/Dsr3YnYedPJWUAAAAAQUIPAAAAAACvQAkyucdLq2DnDaWVzkoZ
.moneygram.com/ Name: incap_ses_471_2215915
Value: TrajckIWriDQ4KtuXlWJBudPJWUAAAAAIP/VUWZP5oqTssKeoBUkvg==
securetransfer.moneygram.com/ Name: JSESSIONID
Value: EAE52F5BB1CCFF9AE58D1D98C0E3B17A.pmnbtlx9561

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block