urlscan.io logo urlscan.io
SecurityTrails logo

portal.rogersbank.pelpay.ca Open in urlscan Pro
20.116.131.138  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://portal.rogersbank.pelpay.ca/
Effective URL: https://portal.rogersbank.pelpay.ca/Account/Login
Submission: On August 10 via automatic, source certstream-suspicious — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 20.116.131.138, located in Toronto, Canada and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is portal.rogersbank.pelpay.ca.
TLS certificate: Issued by R11 on August 7th 2024. Valid for: 3 months.
This is the only time portal.rogersbank.pelpay.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 17 20.116.131.138 8075 (MICROSOFT...)
1 142.251.40.202 15169 (GOOGLE)
2 172.217.13.163 15169 (GOOGLE)
19 3
Apex Domain
Subdomains		 Transfer
17 pelpay.ca
portal.rogersbank.pelpay.ca
1 MB
2 gstatic.com
fonts.gstatic.com
97 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
2 KB
19 3
Domain Requested by
17 portal.rogersbank.pelpay.ca 1 redirects portal.rogersbank.pelpay.ca
2 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com portal.rogersbank.pelpay.ca
19 3

This site contains links to these domains. Also see Links.

Domain
demoportal.peloton-technologies.com
peloton-technologies.com
Subject Issuer Validity Valid
portal.fiserv.pelpay.ca
R11		 2024-08-07 -
2024-11-05		 3 months crt.sh
upload.video.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.gstatic.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://portal.rogersbank.pelpay.ca/Account/Login
Frame ID: FEC2A4E9C414E7EFD46BD1BC8955D8AD
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log In

Page URL History Show full URLs

  1. https://portal.rogersbank.pelpay.ca/ HTTP 302
    https://portal.rogersbank.pelpay.ca/Account/Login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]+foundation[^>"]+css
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1201 kB
Transfer

2561 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://portal.rogersbank.pelpay.ca/ HTTP 302
    https://portal.rogersbank.pelpay.ca/Account/Login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login
portal.rogersbank.pelpay.ca/Account/
Redirect Chain
  • https://portal.rogersbank.pelpay.ca/
  • https://portal.rogersbank.pelpay.ca/Account/Login
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
80d2dc87f1883d5eba55dc62d715bdf08b6fd7a0b147968a4c43224cfd7f1c96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control
private
content-encoding
gzip
content-length
4281
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
content-type
text/html; charset=utf-8
date
Sat, 10 Aug 2024 00:46:08 GMT
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
private
content-length
131
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
content-type
text/html; charset=utf-8
date
Sat, 10 Aug 2024 00:46:07 GMT
location
/Account/Login
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
foundation-icons.woff
portal.rogersbank.pelpay.ca/Content/bundles/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Content/bundles/foundation-icons.woff
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
8c44c3feedae5331a281278ea3ba91d2255928a2f3010d316d6fbb9052e0c2ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
Origin
https://portal.rogersbank.pelpay.ca
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 00:46:08 GMT
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 08 Aug 2022 17:22:26 GMT
server
Microsoft-IIS/10.0
etag
"0b5c56d4babd81:0"
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
font/x-woff
x-frame-options
SAMEORIGIN
accept-ranges
bytes
content-length
32020
x-xss-protection
1; mode=block
foundation.css
portal.rogersbank.pelpay.ca/Content/bundles/ 		152 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Content/bundles/foundation.css
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3c81b9b8b1acca7fc24160584642caab56c565b430628988853ffab2d6adcf5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 10 Aug 2024 00:46:08 GMT
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
content-length
30846
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 22:51:47 GMT
server
Microsoft-IIS/10.0
etag
"683e388663da1:0"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
text/css
x-frame-options
SAMEORIGIN
accept-ranges
bytes
kendo.css
portal.rogersbank.pelpay.ca/Content/bundles/ 		571 KB
180 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Content/bundles/kendo.css
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
31d8e601bb30bfa3d0d1b6f771a4ed5784e8be56f8c1ed83a4ba0ccd1703112c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 23:14:23 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 00:46:08 GMT
etag
"cb7a67608963da1:0"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
text/css
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
x-frame-options
SAMEORIGIN
accept-ranges
bytes
x-xss-protection
1; mode=block
Site.css
portal.rogersbank.pelpay.ca/Content/bundles/ 		58 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Content/bundles/Site.css
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4da16a9f968cfc63bb8a97c014579e16fb26a4e55a4449dca1099644eb574ae1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 10 Aug 2024 00:46:08 GMT
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
content-length
23376
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 22:45:22 GMT
server
Microsoft-IIS/10.0
etag
"c6fa3a528563da1:0"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
text/css
x-frame-options
SAMEORIGIN
accept-ranges
bytes
css
fonts.googleapis.com/ 		38 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic,700,700italic,800
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.202 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f10.1e100.net
Software
ESF /
Resource Hash
9ee04327cf1ed7835c8414219ac8d194bcad31f2bca293c84d5d8dc492d8b477
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://portal.rogersbank.pelpay.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 00:46:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 10 Aug 2024 00:46:08 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 10 Aug 2024 00:46:08 GMT
import.js
portal.rogersbank.pelpay.ca/Content/bundles/ 		264 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Content/bundles/import.js
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c815bba10747ba4878350c0c096f4dcc4ff7065af0d1d0bb7decda45c5239440
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 08 Aug 2022 17:22:26 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 00:46:08 GMT
etag
"0b5c56d4babd81:0"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
application/javascript
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
x-frame-options
SAMEORIGIN
accept-ranges
bytes
x-xss-protection
1; mode=block
Peloton_Colour_on_White.png
portal.rogersbank.pelpay.ca/Content/Images/ 		58 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.rogersbank.pelpay.ca/Content/Images/Peloton_Colour_on_White.png
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
88ef018b27f8864e830f578416b5837a1b3bf588686d00c5f2288e8a1d1e133b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 00:46:08 GMT
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 23:05:56 GMT
server
Microsoft-IIS/10.0
etag
"d460d3318863da1:0"
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
image/png
x-frame-options
SAMEORIGIN
accept-ranges
bytes
content-length
59483
x-xss-protection
1; mode=block
Peloton_Colour_on_White_Tagline.png
portal.rogersbank.pelpay.ca/Content/Images/ 		257 KB
257 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.rogersbank.pelpay.ca/Content/Images/Peloton_Colour_on_White_Tagline.png
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
49adc3679fc0ac066a863e51c59e2c873be448961ca7cd2e8dc62b2eec7e6737
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 00:46:08 GMT
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 23:07:49 GMT
server
Microsoft-IIS/10.0
etag
"53a71b758863da1:0"
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
image/png
x-frame-options
SAMEORIGIN
accept-ranges
bytes
content-length
262682
x-xss-protection
1; mode=block
foundation.js
portal.rogersbank.pelpay.ca/Content/bundles/ 		0
35 B 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Content/bundles/foundation.js
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 00:46:08 GMT
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 08 Aug 2022 17:22:26 GMT
server
Microsoft-IIS/10.0
etag
"0b5c56d4babd81:0"
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
application/javascript
x-frame-options
SAMEORIGIN
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
kendo
portal.rogersbank.pelpay.ca/bundles/ 		995 KB
398 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/bundles/kendo?v=U9T3uYarezdFs-Q0Vn873MQvylkVY2X5oCu0JxSSsa41
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
1e273e97eea64f8f02ae1043dca9e0ed5a98f4d00ec76ccb109a17c92ff884e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 10 Aug 2024 00:46:08 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 00:46:08 GMT
vary
User-Agent,Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
text/javascript; charset=utf-8
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
cache-control
public
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
expires
Sun, 10 Aug 2025 00:46:08 GMT
LocalStorage.js
portal.rogersbank.pelpay.ca/Scripts/tsjs/Scripts/ 		6 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Scripts/tsjs/Scripts/LocalStorage.js
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
70939afa7c82443eb277fdb29ad4ee33eec4368699b21e51d361090ad7c02188
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 10 Aug 2024 00:46:08 GMT
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
content-length
1423
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 08 Aug 2022 17:22:28 GMT
server
Microsoft-IIS/10.0
etag
"0e2f66e4babd81:0"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
application/javascript
x-frame-options
SAMEORIGIN
accept-ranges
bytes
InAppNotification.js
portal.rogersbank.pelpay.ca/Scripts/tsjs/Scripts/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Scripts/tsjs/Scripts/InAppNotification.js
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bf5d51177706f5cbf9724637ae04445e4b6a260da0dc627b482da6fbc5def4c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 10 Aug 2024 00:46:08 GMT
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
content-length
1589
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 08 Aug 2022 17:22:28 GMT
server
Microsoft-IIS/10.0
etag
"0e2f66e4babd81:0"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
application/javascript
x-frame-options
SAMEORIGIN
accept-ranges
bytes
Password
portal.rogersbank.pelpay.ca/Views/Shared/EditorTemplates/ 		707 B
481 B 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Views/Shared/EditorTemplates/Password?v=nmIzTmPNLHMCI1RQdPB4zTIFI9YKYdXxmkhD-QZW7hw1
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ec74ca0f9d4e3734c471f7c85a412bd5f6cc895aacbcfde5734e12b8ed6e89ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 10 Aug 2024 00:46:08 GMT
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
content-length
433
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 10 Aug 2024 00:46:08 GMT
server
Microsoft-IIS/10.0
vary
User-Agent,Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
text/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
cache-control
public
expires
Sun, 10 Aug 2025 00:46:08 GMT
_Notifications
portal.rogersbank.pelpay.ca/Views/Shared/ 		2 KB
680 B 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Views/Shared/_Notifications?v=nvDE_X4U-Qlf-WluVG_sOJCZuhcpMeJHzOyhhy2CTak1
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
00d92632d0f32a0ec17db60d9a41f507ebe972f169f2fa2414f689bb0785d286
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 10 Aug 2024 00:46:08 GMT
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
content-length
632
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 10 Aug 2024 00:46:08 GMT
server
Microsoft-IIS/10.0
vary
User-Agent,Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
text/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
cache-control
public
expires
Sun, 10 Aug 2025 00:46:08 GMT
SubMenu.js
portal.rogersbank.pelpay.ca/Scripts/tsjs/Scripts/ 		780 B
587 B 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Scripts/tsjs/Scripts/SubMenu.js
Requested by
Host: portal.rogersbank.pelpay.ca
URL: https://portal.rogersbank.pelpay.ca/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d8be2baf83c333ddc97b7a0dc4c9ed683cc328e0b19c8d8a4fec6e9d8961b14e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 10 Aug 2024 00:46:08 GMT
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
content-length
502
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 08 Aug 2022 17:22:28 GMT
server
Microsoft-IIS/10.0
etag
"0e2f66e4babd81:0"
vary
Accept-Encoding
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
application/javascript
x-frame-options
SAMEORIGIN
accept-ranges
bytes
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic,700,700italic,800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.13.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul03s04-in-f3.1e100.net
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://portal.rogersbank.pelpay.ca
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 21:31:48 GMT
x-content-type-options
nosniff
age
98060
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 08 Aug 2025 21:31:48 GMT
memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v40/ 		49 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic,700,700italic,800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.13.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul03s04-in-f3.1e100.net
Software
sffe /
Resource Hash
0d8601a776b7dc777cd23bc42392d05a43df0d6402328e8913b58811083b513d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://portal.rogersbank.pelpay.ca
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 09 Aug 2024 00:14:52 GMT
x-content-type-options
nosniff
age
88276
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50296
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:10:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 09 Aug 2025 00:14:52 GMT
favicon.ico
portal.rogersbank.pelpay.ca/Content/Icons/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://portal.rogersbank.pelpay.ca/Content/Icons/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.116.131.138 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ca3081f2d82965b30ee013e84eb58d051674ae6a2c3f9fbc210281391ca96e93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.rogersbank.pelpay.ca/Account/Login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 00:46:08 GMT
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 08 Aug 2022 17:22:26 GMT
server
Microsoft-IIS/10.0
etag
"0b5c56d4babd81:0"
content-security-policy-report-only
default-src 'none'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://peloton-technologies.com https://www.peloton-technologies.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; report-uri https://pelotontechnologies.report-uri.com/r/d/csp/reportOnly; report-to default
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://pelotontechnologies.report-uri.com/a/d/g"}]}
content-type
image/x-icon
x-frame-options
SAMEORIGIN
accept-ranges
bytes
content-length
15086
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| Foundation object| kendo function| JSZip object| EPP function| storeGridData function| loadGridData function| __awaiter object| LocalStorage function| togglePasswordVisibility object| notification object| SubMenu

2 Cookies

Domain/Path Name / Value
portal.rogersbank.pelpay.ca/ Name: ASP.NET_SessionId
Value: fd1sa0yjj5tq4oiq2b5jx3e4
portal.rogersbank.pelpay.ca/ Name: __RequestVerificationToken
Value: -de28jq0YB5jOlx54u48Akh5gZBCx6re24JSnHId97MUwIHI-CKhqk2Q7fUQ2S9DXOuM2QO-o79NgFkBPrIrm81Luedz4oLut9RJgWmew5E1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
portal.rogersbank.pelpay.ca
142.251.40.202
172.217.13.163
20.116.131.138
00d92632d0f32a0ec17db60d9a41f507ebe972f169f2fa2414f689bb0785d286
0d8601a776b7dc777cd23bc42392d05a43df0d6402328e8913b58811083b513d
1e273e97eea64f8f02ae1043dca9e0ed5a98f4d00ec76ccb109a17c92ff884e7
31d8e601bb30bfa3d0d1b6f771a4ed5784e8be56f8c1ed83a4ba0ccd1703112c
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3c81b9b8b1acca7fc24160584642caab56c565b430628988853ffab2d6adcf5f
49adc3679fc0ac066a863e51c59e2c873be448961ca7cd2e8dc62b2eec7e6737
4da16a9f968cfc63bb8a97c014579e16fb26a4e55a4449dca1099644eb574ae1
70939afa7c82443eb277fdb29ad4ee33eec4368699b21e51d361090ad7c02188
80d2dc87f1883d5eba55dc62d715bdf08b6fd7a0b147968a4c43224cfd7f1c96
88ef018b27f8864e830f578416b5837a1b3bf588686d00c5f2288e8a1d1e133b
8c44c3feedae5331a281278ea3ba91d2255928a2f3010d316d6fbb9052e0c2ec
9ee04327cf1ed7835c8414219ac8d194bcad31f2bca293c84d5d8dc492d8b477
bf5d51177706f5cbf9724637ae04445e4b6a260da0dc627b482da6fbc5def4c8
c815bba10747ba4878350c0c096f4dcc4ff7065af0d1d0bb7decda45c5239440
ca3081f2d82965b30ee013e84eb58d051674ae6a2c3f9fbc210281391ca96e93
d8be2baf83c333ddc97b7a0dc4c9ed683cc328e0b19c8d8a4fec6e9d8961b14e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec74ca0f9d4e3734c471f7c85a412bd5f6cc895aacbcfde5734e12b8ed6e89ba