URL: https://webapp.b3.build.azcs2.lenderkit.com/
Submission Tags: phishingrod
Submission: On June 01 via api from DE — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 20.123.81.44, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is webapp.b3.build.azcs2.lenderkit.com.
TLS certificate: Issued by R3 on May 31st 2024. Valid for: 3 months.
This is the only time webapp.b3.build.azcs2.lenderkit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 20.123.81.44 8075 (MICROSOFT...)
10 2
Apex Domain
Subdomains
Transfer
9 lenderkit.com
webapp.b3.build.azcs2.lenderkit.com
api.b3.build.azcs2.lenderkit.com Failed
894 KB
10 1
Domain Requested by
8 webapp.b3.build.azcs2.lenderkit.com webapp.b3.build.azcs2.lenderkit.com
1 api.b3.build.azcs2.lenderkit.com webapp.b3.build.azcs2.lenderkit.com
10 2

This site contains no links.

Subject Issuer Validity Valid
webapp.b3.build.azcs2.lenderkit.com
R3
2024-05-31 -
2024-08-29
3 months crt.sh
api.b3.build.azcs2.lenderkit.com
R3
2024-05-07 -
2024-08-05
3 months crt.sh

This page contains 1 frames:

Primary Page: https://webapp.b3.build.azcs2.lenderkit.com/
Frame ID: 724D14F2E5324033664C0F9914705BFA
Requests: 9 HTTP requests in this frame

Screenshot


Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

894 kB
Transfer

3305 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
webapp.b3.build.azcs2.lenderkit.com/
1 KB
1 KB
Document
General
Full URL
https://webapp.b3.build.azcs2.lenderkit.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.123.81.44 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
5b85782862c2f5e9524ee165b9827f7a7e6f0d3c4b095e4aa7bfa587689b533a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
max-age=300
content-encoding
gzip
content-security-policy
default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
content-type
text/html
date
Sat, 01 Jun 2024 00:13:04 GMT
etag
W/"64788046-425"
expires
Sat, 01 Jun 2024 00:18:04 GMT
last-modified
Thu, 01 Jun 2023 11:25:58 GMT
server
nginx
strict-transport-security
max-age=86400; includeSubDomains
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
environment.js
webapp.b3.build.azcs2.lenderkit.com/
325 B
1 KB
Script
General
Full URL
https://webapp.b3.build.azcs2.lenderkit.com/environment.js
Requested by
Host: webapp.b3.build.azcs2.lenderkit.com
URL: https://webapp.b3.build.azcs2.lenderkit.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.123.81.44 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
1441769f65059dc248b583e41ceb6b3302fe6e0094a5927b9ad01a1885ad1cae
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://webapp.b3.build.azcs2.lenderkit.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 00:13:04 GMT
strict-transport-security
max-age=86400; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
content-encoding
gzip
server
nginx
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=604800
x-xss-protection
1; mode=block
expires
Sat, 08 Jun 2024 00:13:04 GMT
2143.83f4ab47a3.js
webapp.b3.build.azcs2.lenderkit.com/js/
3 MB
821 KB
Script
General
Full URL
https://webapp.b3.build.azcs2.lenderkit.com/js/2143.83f4ab47a3.js
Requested by
Host: webapp.b3.build.azcs2.lenderkit.com
URL: https://webapp.b3.build.azcs2.lenderkit.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.123.81.44 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e00c0163723cdfcb44703745ded82db2cdceaee90d2df394917461939f14c649
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://webapp.b3.build.azcs2.lenderkit.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 00:13:04 GMT
strict-transport-security
max-age=86400; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
last-modified
Thu, 01 Jun 2023 11:25:58 GMT
server
nginx
content-encoding
gzip
etag
W/"64788046-2bf3e8"
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=604800
x-xss-protection
1; mode=block
expires
Sat, 08 Jun 2024 00:13:04 GMT
2611.a872439f75.css
webapp.b3.build.azcs2.lenderkit.com/css/
39 KB
9 KB
Stylesheet
General
Full URL
https://webapp.b3.build.azcs2.lenderkit.com/css/2611.a872439f75.css
Requested by
Host: webapp.b3.build.azcs2.lenderkit.com
URL: https://webapp.b3.build.azcs2.lenderkit.com/js/2143.83f4ab47a3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.123.81.44 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
4b94d9460d11cba9bd04e8fa5f00a6355475e54ad1098ba5af456526e72018af
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://webapp.b3.build.azcs2.lenderkit.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 00:13:04 GMT
strict-transport-security
max-age=86400; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
last-modified
Thu, 01 Jun 2023 11:25:58 GMT
server
nginx
content-encoding
gzip
etag
W/"64788046-9bae"
x-frame-options
DENY
content-type
text/css
cache-control
max-age=604800
x-xss-protection
1; mode=block
expires
Sat, 08 Jun 2024 00:13:04 GMT
2611a872439.js
webapp.b3.build.azcs2.lenderkit.com/js/
128 B
1 KB
Script
General
Full URL
https://webapp.b3.build.azcs2.lenderkit.com/js/2611a872439.js
Requested by
Host: webapp.b3.build.azcs2.lenderkit.com
URL: https://webapp.b3.build.azcs2.lenderkit.com/js/2143.83f4ab47a3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.123.81.44 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
dad4399cb6101c68ece8e211025f42b3c6e7ed0c03ca5af2b8a5be0e3dff8a13
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://webapp.b3.build.azcs2.lenderkit.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 00:13:04 GMT
strict-transport-security
max-age=86400; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
last-modified
Thu, 01 Jun 2023 11:25:58 GMT
server
nginx
content-encoding
gzip
etag
W/"64788046-80"
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=604800
x-xss-protection
1; mode=block
expires
Sat, 08 Jun 2024 00:13:04 GMT
7159.d492ca14b4.css
webapp.b3.build.azcs2.lenderkit.com/css/
437 KB
56 KB
Stylesheet
General
Full URL
https://webapp.b3.build.azcs2.lenderkit.com/css/7159.d492ca14b4.css
Requested by
Host: webapp.b3.build.azcs2.lenderkit.com
URL: https://webapp.b3.build.azcs2.lenderkit.com/js/2143.83f4ab47a3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.123.81.44 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
9c5a155f88bf20c2c83a69be1598bb4b50cd3fac55912405a68a056b28b32b92
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://webapp.b3.build.azcs2.lenderkit.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 00:13:04 GMT
strict-transport-security
max-age=86400; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
last-modified
Thu, 01 Jun 2023 11:25:58 GMT
server
nginx
content-encoding
gzip
etag
W/"64788046-6d25d"
x-frame-options
DENY
content-type
text/css
cache-control
max-age=604800
x-xss-protection
1; mode=block
expires
Sat, 08 Jun 2024 00:13:04 GMT
8759beadebe.js
webapp.b3.build.azcs2.lenderkit.com/js/
128 B
1 KB
Script
General
Full URL
https://webapp.b3.build.azcs2.lenderkit.com/js/8759beadebe.js
Requested by
Host: webapp.b3.build.azcs2.lenderkit.com
URL: https://webapp.b3.build.azcs2.lenderkit.com/js/2143.83f4ab47a3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.123.81.44 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
d0d4bd92caeda359b04d21a25f3937db382ced77265b05ea4f6f95f2ecd3da22
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://webapp.b3.build.azcs2.lenderkit.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 00:13:04 GMT
strict-transport-security
max-age=86400; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
last-modified
Thu, 01 Jun 2023 11:25:58 GMT
server
nginx
content-encoding
gzip
etag
W/"64788046-80"
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=604800
x-xss-protection
1; mode=block
expires
Sat, 08 Jun 2024 00:13:04 GMT
settings
api.b3.build.azcs2.lenderkit.com/v1/public/
0
0

settings
api.b3.build.azcs2.lenderkit.com/v1/public/
0
0
Preflight
General
Full URL
https://api.b3.build.azcs2.lenderkit.com/v1/public/settings
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.123.81.44 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'
Strict-Transport-Security max-age=604800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
x-client-referrer,x-request-id,x-request-timestamp,x-requested-with
Access-Control-Request-Method
GET
Origin
https://webapp.b3.build.azcs2.lenderkit.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

content-length
559
content-security-policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'
content-type
text/html
date
Sat, 01 Jun 2024 00:13:05 GMT
server
nginx
strict-transport-security
max-age=604800; includeSubDomains
x-content-type-options
nosniff
x-xss-protection
1; mode=block
favicon.ico
webapp.b3.build.azcs2.lenderkit.com/storage/assets/favicons/
15 KB
3 KB
Other
General
Full URL
https://webapp.b3.build.azcs2.lenderkit.com/storage/assets/favicons/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.123.81.44 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
6068f4d17889696108df8daf04f1276f3be9110d8ab79633cca15bbef65f7926
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://webapp.b3.build.azcs2.lenderkit.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 00:13:05 GMT
strict-transport-security
max-age=86400; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
last-modified
Tue, 27 Jun 2023 10:08:23 GMT
server
nginx
content-encoding
gzip
etag
W/"649ab517-3aee"
x-frame-options
DENY
access-control-allow-methods
GET, OPTIONS
content-type
image/x-icon
cache-control
max-age=604800
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Sat, 08 Jun 2024 00:13:05 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.b3.build.azcs2.lenderkit.com
URL
https://api.b3.build.azcs2.lenderkit.com/v1/public/settings

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkwebapp_app

0 Cookies

2 Console Messages

Source Level URL
Text
javascript error URL: https://webapp.b3.build.azcs2.lenderkit.com/
Message:
Access to XMLHttpRequest at 'https://api.b3.build.azcs2.lenderkit.com/v1/public/settings' from origin 'https://webapp.b3.build.azcs2.lenderkit.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.b3.build.azcs2.lenderkit.com/v1/public/settings
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none';connect-src 'self' sentry.justcoded.com *.sentry.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com randomuser.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.mx.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.amazonaws.com *.b3.build.azcs2.lenderkit.com *.b3.build.azcs2.lenderkit.com;font-src 'self' data: fonts.gstatic.com;img-src * data:;media-src 'self';frame-src 'self' *.google.com *.gstatic.com youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com *.jumio.ai *.docusign.com *.docusign.net *.mx.com *.moneydesktop.com;frame-ancestors *.b3.build.azcs2.lenderkit.com
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block