urlscan.io logo urlscan.io
SecurityTrails logo

bunq.me Open in urlscan Pro
35.158.144.6  Public Scan

Go To Rescan Add Verdict Report
URL: https://bunq.me/o/dZhk0nk031WDYcntof4gA
Submission: On November 29 via api from NL — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 2 countries across 7 domains to perform 33 HTTP transactions. The main IP is 35.158.144.6, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is bunq.me.
TLS certificate: Issued by Amazon RSA 2048 M02 on October 18th 2023. Valid for: a year.
This is the only time bunq.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 35.158.144.6 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700:440... 13335 (CLOUDFLAR...)
4 18.195.237.130 16509 (AMAZON-02)
1 18.192.130.188 16509 (AMAZON-02)
1 52.222.236.88 16509 (AMAZON-02)
4 142.250.186.131 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
33 10
8    35.158.144.6 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-144-6.eu-central-1.compute.amazonaws.com
bunq.me
1    2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
ka-p.fontawesome.com
4    18.195.237.130 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-237-130.eu-central-1.compute.amazonaws.com
api.bunq.me
1    18.192.130.188 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-130-188.eu-central-1.compute.amazonaws.com
sentry.bunq.com
1    52.222.236.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-88.fra56.r.cloudfront.net
cdn.checkout.com
4    142.250.186.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f3.1e100.net
fonts.gstatic.com
4    2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
6    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
12 bunq.me
bunq.me
api.bunq.me
1 MB
10 gstatic.com
fonts.gstatic.com
www.gstatic.com
522 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 2
37 KB
3 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1492
ka-p.fontawesome.com — Cisco Umbrella Rank: 3445
20 KB
1 checkout.com
cdn.checkout.com — Cisco Umbrella Rank: 68669
31 KB
1 bunq.com
sentry.bunq.com — Cisco Umbrella Rank: 296410
262 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
1 KB
33 7
Domain Requested by
8 bunq.me bunq.me
6 www.gstatic.com www.google.com
www.gstatic.com
4 www.google.com bunq.me
www.gstatic.com
www.google.com
4 fonts.gstatic.com fonts.googleapis.com
www.google.com
4 api.bunq.me bunq.me
2 ka-p.fontawesome.com kit.fontawesome.com
bunq.me
1 cdn.checkout.com bunq.me
1 sentry.bunq.com bunq.me
1 kit.fontawesome.com bunq.me
1 fonts.googleapis.com bunq.me
33 10

This site contains links to these domains. Also see Links.

Domain
bunq.com
www.bunq.com
Subject Issuer Validity Valid
bunq.me
Amazon RSA 2048 M02		 2023-10-18 -
2024-11-15		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-11-22 -
2023-12-23		 a year crt.sh
api.bunq.me
Amazon RSA 2048 M01		 2023-09-28 -
2024-10-26		 a year crt.sh
sentry.bunq.com
Amazon RSA 2048 M01		 2023-02-27 -
2024-03-28		 a year crt.sh
*.checkout.com
Amazon RSA 2048 M01		 2023-07-17 -
2024-08-14		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://bunq.me/o/dZhk0nk031WDYcntof4gA
Frame ID: EE2D7303955B493352F68614F399B732
Requests: 21 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-&co=aHR0cHM6Ly9idW5xLm1lOjQ0Mw..&hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=kcxfz0mo4lm3
Frame ID: 85E1A67BA10F6681B765416A6CF4CACE
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-
Frame ID: D1BD23B3742F215753999D765DB7C54C
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Send me money with bunq.me

Detected technologies

Overall confidence: 100%
Detected patterns
  • react(?:-with-addons)?[.-]([\d.]*\d)[^/]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

33
Requests

97 %
HTTPS

44 %
IPv6

7
Domains

10
Subdomains

10
IPs

2
Countries

1821 kB
Transfer

8382 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request dZhk0nk031WDYcntof4gA
bunq.me/o/ 		39 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bunq.me/o/dZhk0nk031WDYcntof4gA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.144.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-144-6.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
9a262623a15d157d4f76323692b5dbf09e8fb28d10f97e090a67e3fd89b56b44
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.bunq.com *.bunq.net
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
27369
content-security-policy
frame-ancestors 'self' *.bunq.com *.bunq.net
content-type
text/html
date
Wed, 29 Nov 2023 11:20:50 GMT
etag
"9a9c-60ae6e64fa8c0-gzip"
last-modified
Fri, 24 Nov 2023 14:38:03 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-content-type-options
nosniff
css2
fonts.googleapis.com/ 		32 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
Requested by
Host: bunq.me
URL: https://bunq.me/o/dZhk0nk031WDYcntof4gA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ff9a2be960794ffc4738368eeec7262cd5bf70316287f8d2f0c3790170cf1277
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bunq.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Nov 2023 11:20:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 10:31:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Nov 2023 11:20:50 GMT
index-882452ad.js
bunq.me/assets/ 		6 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://bunq.me/assets/index-882452ad.js
Requested by
Host: bunq.me
URL: https://bunq.me/o/dZhk0nk031WDYcntof4gA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.144.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-144-6.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
4bc20e928bf67c6562217eaba64227a841b611da081800e02d500bd4d37a0255
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.bunq.com *.bunq.net
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://bunq.me/o/dZhk0nk031WDYcntof4gA
Origin
https://bunq.me
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:50 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 Nov 2023 14:38:03 GMT
server
Apache
content-security-policy
frame-ancestors 'self' *.bunq.com *.bunq.net
etag
"632edc-60ae6e64fa8c0-gzip"
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
vendor-f9568ec1.js
bunq.me/assets/ 		68 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bunq.me/assets/vendor-f9568ec1.js
Requested by
Host: bunq.me
URL: https://bunq.me/o/dZhk0nk031WDYcntof4gA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.144.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-144-6.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
bf21ac2fe603f48d1db7974e9167e1042fb1edbe0a3acb9ea75f498867ddeccc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.bunq.com *.bunq.net
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://bunq.me/o/dZhk0nk031WDYcntof4gA
Origin
https://bunq.me
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:50 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 Nov 2023 14:38:03 GMT
server
Apache
content-security-policy
frame-ancestors 'self' *.bunq.com *.bunq.net
etag
"10e4b-60ae6e64fa8c0-gzip"
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
content-length
26800
react-7e98a264.js
bunq.me/assets/ 		144 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bunq.me/assets/react-7e98a264.js
Requested by
Host: bunq.me
URL: https://bunq.me/o/dZhk0nk031WDYcntof4gA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.144.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-144-6.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
64c96aa650d214af6f4d1421a57a13a638e5f93f12d64c45d604b38b4341af2b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.bunq.com *.bunq.net
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://bunq.me/o/dZhk0nk031WDYcntof4gA
Origin
https://bunq.me
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:50 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 Nov 2023 14:38:03 GMT
server
Apache
content-security-policy
frame-ancestors 'self' *.bunq.com *.bunq.net
etag
"240c8-60ae6e64fa8c0-gzip"
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
content-length
47948
index-263a0c76.css
bunq.me/assets/ 		76 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bunq.me/assets/index-263a0c76.css
Requested by
Host: bunq.me
URL: https://bunq.me/o/dZhk0nk031WDYcntof4gA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.144.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-144-6.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
263a0c7672269fcd86af80eede3bb33d0a69cdbf857b05702c9362843683c94a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.bunq.com *.bunq.net
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bunq.me/o/dZhk0nk031WDYcntof4gA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:50 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 Nov 2023 14:38:03 GMT
server
Apache
content-security-policy
frame-ancestors 'self' *.bunq.com *.bunq.net
etag
"12e62-60ae6e64fa8c0-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
11929
f22bbf8f51.js
kit.fontawesome.com/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/f22bbf8f51.js
Requested by
Host: bunq.me
URL: https://bunq.me/o/dZhk0nk031WDYcntof4gA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec35323fa25bdff1ca3a378e0bfca7e24202a8e15f93fcf74715b8f7ff378bfa

Request headers

Referer
https://bunq.me/
Origin
https://bunq.me
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:50 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
server
cloudflare
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
*
content-type
text/javascript
cache-control
max-age=60, public, stale-while-revalidate=30
cf-ray
82da76b1b9ae5d76-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
F5wUF3g0vql_Et8ixleC
pro.min.js
ka-p.fontawesome.com/releases/v5.15.4/js/ 		40 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/js/pro.min.js?token=f22bbf8f51
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/f22bbf8f51.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc4cb7d0f26435c7fd2eb2bb088aabba3a2aefd6beb89a8a818b1a0438f5e44a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bunq.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:51 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
age
1830219
etag
"610ae215-37b8"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
82da76b89fcb5d76-FRA
content-length
14264
feature-access
api.bunq.me/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.bunq.me/v1/feature-access
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.237.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-237-130.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
x-bunq-client-request-id,x-bunq-client-version,x-bunq-language
Access-Control-Request-Method
GET
Origin
https://bunq.me
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
Content-Type, X-Bunq-Client-Request-Id, X-Bunq-Geolocation, Cache-Control, X-Bunq-Client-Authentication, X-Bunq-Client-Signature, X-Bunq-Client-Version, User-Agent, Authorization, X-Bunq-Region, X-Bunq-Language, If-None-Match
access-control-allow-methods
DELETE, POST, GET, PUT, OPTIONS
access-control-allow-origin
*
content-length
493
content-type
text/html; charset=iso-8859-1
date
Wed, 29 Nov 2023 11:20:51 GMT
server
Apache
strict-transport-security
max-age=31536000
dZhk0nk031WDYcntof4gA
api.bunq.me/v1/bunqme-tab-entry/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.bunq.me/v1/bunqme-tab-entry/dZhk0nk031WDYcntof4gA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.237.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-237-130.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
x-bunq-client-request-id,x-bunq-client-version,x-bunq-language
Access-Control-Request-Method
GET
Origin
https://bunq.me
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
Content-Type, X-Bunq-Client-Request-Id, X-Bunq-Geolocation, Cache-Control, X-Bunq-Client-Authentication, X-Bunq-Client-Signature, X-Bunq-Client-Version, User-Agent, Authorization, X-Bunq-Region, X-Bunq-Language, If-None-Match
access-control-allow-methods
DELETE, POST, GET, PUT, OPTIONS
access-control-allow-origin
*
content-length
493
content-type
text/html; charset=iso-8859-1
date
Wed, 29 Nov 2023 11:20:51 GMT
server
Apache
strict-transport-security
max-age=31536000
/
sentry.bunq.com/api/28/envelope/ 		2 B
262 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sentry.bunq.com/api/28/envelope/?sentry_key=392ed06a886944fabfa16361eda1eba7&sentry_version=7
Requested by
Host: bunq.me
URL: https://bunq.me/assets/index-882452ad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.192.130.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-130-188.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://bunq.me/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 29 Nov 2023 11:20:51 GMT
server
nginx
vary
origin, access-control-request-method, access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
content-length
2
en_US-bacd5a18.js
bunq.me/assets/ 		245 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bunq.me/assets/en_US-bacd5a18.js
Requested by
Host: bunq.me
URL: https://bunq.me/assets/index-882452ad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.144.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-144-6.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
ff86f27d474efd9d2b286d5f95268b1d3dd5ec2ecefd33722d521db1d50c2bc9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.bunq.com *.bunq.net
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://bunq.me
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:51 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 Nov 2023 14:38:03 GMT
server
Apache
content-security-policy
frame-ancestors 'self' *.bunq.com *.bunq.net
etag
"3d50c-60ae6e64fa8c0-gzip"
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
content-length
52137
framesv2.min.js
cdn.checkout.com/js/ 		83 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.checkout.com/js/framesv2.min.js
Requested by
Host: bunq.me
URL: https://bunq.me/assets/index-882452ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-88.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
f7525578689df9041de438bae4decfc7ee1c9af766a76adce6e77f02a1c6eabd

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bunq.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 08:19:00 GMT
content-encoding
gzip
via
1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-P4
age
10912
etag
W/"14af8-yAxlc6di6Zk8MA3sr2Bb34+ECZI"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache
x-amz-cf-id
_d6-BkPhCsbEJ7IUVWgM9FXKnFuqGJUBmF3qKmP33jvVHUseeQ-OQw==
feature-access
api.bunq.me/v1/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.bunq.me/v1/feature-access
Requested by
Host: bunq.me
URL: https://bunq.me/assets/index-882452ad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.237.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-237-130.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
e9d32a1e572c2d59c991cf6bbd89cff48287839c8cf85a727ea69a526264a426
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

x-bunq-language
en_US
Referer
https://bunq.me/
x-bunq-client-request-id
e2a70bb4-e879-40a8-bd8f-f99d9b689484
x-bunq-client-version
BUNQ.ME:PRODUCTION:202311241434
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:51 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
content-length
502
server
Apache
etag
e9d32a1e572c2d59c991cf6bbd89cff48287839c8cf85a727ea69a526264a426
vary
Accept-Encoding
x-bunq-client-response-id
e456cba8-0027-4db4-83d6-8d44675710a6
content-type
application/json
access-control-allow-origin
*
access-control-allow-methods
DELETE, POST, GET, PUT, OPTIONS
cache-control
max-age=31536000
x-bunq-client-request-id
e2a70bb4-e879-40a8-bd8f-f99d9b689484
x-frame-options
sameorigin
access-control-allow-headers
Content-Type, X-Bunq-Client-Request-Id, X-Bunq-Geolocation, Cache-Control, X-Bunq-Client-Authentication, X-Bunq-Client-Signature, X-Bunq-Client-Version, User-Agent, Authorization, X-Bunq-Region, X-Bunq-Language, If-None-Match
bunq-logo-black-da9fc014.svg
bunq.me/assets/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bunq.me/assets/bunq-logo-black-da9fc014.svg
Requested by
Host: bunq.me
URL: https://bunq.me/o/dZhk0nk031WDYcntof4gA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.144.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-144-6.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
da9fc014138c5e3d054fa83705046c6368974dab4481094231138ef3534942f2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.bunq.com *.bunq.net
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bunq.me/o/dZhk0nk031WDYcntof4gA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:51 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.bunq.com *.bunq.net
last-modified
Fri, 24 Nov 2023 14:38:03 GMT
server
Apache
etag
"98c-60ae6e64fa8c0"
content-type
image/svg+xml
accept-ranges
bytes
content-length
2444
bunq-logo-white-88118ca2.svg
bunq.me/assets/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bunq.me/assets/bunq-logo-white-88118ca2.svg
Requested by
Host: bunq.me
URL: https://bunq.me/o/dZhk0nk031WDYcntof4gA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.144.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-144-6.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
88118ca2604c956a31b1a7919ac0599432e3acbe6c75de7f5528e02418961878
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.bunq.com *.bunq.net
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bunq.me/o/dZhk0nk031WDYcntof4gA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:51 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.bunq.com *.bunq.net
last-modified
Fri, 24 Nov 2023 14:38:03 GMT
server
Apache
etag
"98c-60ae6e64fa8c0"
content-type
image/svg+xml
accept-ranges
bytes
content-length
2444
dZhk0nk031WDYcntof4gA
api.bunq.me/v1/bunqme-tab-entry/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.bunq.me/v1/bunqme-tab-entry/dZhk0nk031WDYcntof4gA
Requested by
Host: bunq.me
URL: https://bunq.me/assets/index-882452ad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.237.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-237-130.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
06231cc7ce22f700e0781416aa1c03d19466951e39ccb66dc2267af94c2e1b92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

x-bunq-language
en_US
Referer
https://bunq.me/
x-bunq-client-request-id
8e25dd68-4603-4c9a-b6ed-dd2907c8b83b
x-bunq-client-version
BUNQ.ME:PRODUCTION:202311241434
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:52 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
content-length
825
server
Apache
etag
06231cc7ce22f700e0781416aa1c03d19466951e39ccb66dc2267af94c2e1b92
vary
Accept-Encoding
x-bunq-client-response-id
9d2bffb5-1c50-4f34-86c5-03e0e3afe208
content-type
application/json
access-control-allow-origin
*
access-control-allow-methods
DELETE, POST, GET, PUT, OPTIONS
cache-control
max-age=31536000
x-bunq-client-request-id
8e25dd68-4603-4c9a-b6ed-dd2907c8b83b
x-frame-options
sameorigin
access-control-allow-headers
Content-Type, X-Bunq-Client-Request-Id, X-Bunq-Geolocation, Cache-Control, X-Bunq-Client-Authentication, X-Bunq-Client-Signature, X-Bunq-Client-Version, User-Agent, Authorization, X-Bunq-Region, X-Bunq-Language, If-None-Match
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 		32 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f3.1e100.net
Software
sffe /
Resource Hash
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bunq.me
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 23 Nov 2023 18:19:05 GMT
x-content-type-options
nosniff
age
493307
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33092
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:51:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 22 Nov 2024 18:19:05 GMT
e8d4a0d8-4a36-474e-9af9-b4e620534072
https://bunq.me/ 		8 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://bunq.me/e8d4a0d8-4a36-474e-9af9-b4e620534072
Requested by
Host: bunq.me
URL: https://bunq.me/o/dZhk0nk031WDYcntof4gA
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b8a4336a06377ae132451085b165507a3cb4f1008eb01c8c1929f069313e3a4c

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Length
8278
Content-Type
api.js
www.google.com/recaptcha/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=bunqMeRecaptchaLoadCallback&render=explicit
Requested by
Host: bunq.me
URL: https://bunq.me/assets/index-882452ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
e62f10c6f89459d46ed0f5b725511bcd9a450ffc1e3fb19eb5edda52f2fd7e3a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bunq.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Wed, 29 Nov 2023 11:20:52 GMT
JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
fonts.gstatic.com/s/montserrat/v26/ 		33 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f3.1e100.net
Software
sffe /
Resource Hash
92443d06835a28423649bca60e6d755e4a1bd09638443196d58e0dd1f06c827f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bunq.me
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 24 Nov 2023 01:45:17 GMT
x-content-type-options
nosniff
age
466535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
34288
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:52:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Nov 2024 01:45:17 GMT
recaptcha__nl.js
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ 		467 KB
188 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__nl.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=bunqMeRecaptchaLoadCallback&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47b778cb62a7d3b5e4a6f2e355403ede9f49a6a533110ac3039e2c5f4714aa78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bunq.me/
Origin
https://bunq.me
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 12:14:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
342407
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
191376
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 05:42:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 24 Nov 2024 12:14:06 GMT
times-circle.svg
ka-p.fontawesome.com/releases/v5.15.4/svgs/duotone/ 		895 B
498 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v5.15.4/svgs/duotone/times-circle.svg?token=f22bbf8f51
Requested by
Host: bunq.me
URL: https://bunq.me/assets/index-882452ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e209ce04b139d2386cd7ad9d467e1bde3b390146fc514bd1d427ae1c00143865

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bunq.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:53 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 04 Aug 2021 18:53:54 GMT
server
cloudflare
age
1821770
etag
W/"610ae242-37f"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
82da76c65e335d76-FRA
anchor
www.google.com/recaptcha/api2/ Frame 85E1 		60 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-&co=aHR0cHM6Ly9idW5xLm1lOjQ0Mw..&hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=kcxfz0mo4lm3
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__nl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
88047529e620bc1552225c81e63c1410c12612346f06a350e294340142f49b97
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce--BsCWda71p51WC2LWU_EmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bunq.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce--BsCWda71p51WC2LWU_EmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 11:20:53 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 85E1 		55 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-&co=aHR0cHM6Ly9idW5xLm1lOjQ0Mw..&hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=kcxfz0mo4lm3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:28:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
60729
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 05:42:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 27 Nov 2024 18:28:45 GMT
recaptcha__nl.js
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 85E1 		467 KB
187 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__nl.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-&co=aHR0cHM6Ly9idW5xLm1lOjQ0Mw..&hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=kcxfz0mo4lm3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47b778cb62a7d3b5e4a6f2e355403ede9f49a6a533110ac3039e2c5f4714aa78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 12:14:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
342408
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
191376
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 05:42:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 24 Nov 2024 12:14:06 GMT
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 85E1 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 12:32:18 GMT
x-content-type-options
nosniff
age
341317
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Sat, 02 Dec 2023 12:32:18 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 85E1 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-&co=aHR0cHM6Ly9idW5xLm1lOjQ0Mw..&hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=kcxfz0mo4lm3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f3.1e100.net
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 02:58:03 GMT
x-content-type-options
nosniff
age
375772
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 24 Nov 2024 02:58:03 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 85E1 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-&co=aHR0cHM6Ly9idW5xLm1lOjQ0Mw..&hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=kcxfz0mo4lm3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f3.1e100.net
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 24 Nov 2023 18:52:48 GMT
x-content-type-options
nosniff
age
404887
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Nov 2024 18:52:48 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame 85E1 		102 B
135 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-&co=aHR0cHM6Ly9idW5xLm1lOjQ0Mw..&hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=kcxfz0mo4lm3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
57179112de4d4b4e1d1b6c501c17a9e90fc8517e5160d82ef95083fe69b1e1be
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-&co=aHR0cHM6Ly9idW5xLm1lOjQ0Mw..&hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=kcxfz0mo4lm3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 11:20:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Wed, 29 Nov 2023 11:20:55 GMT
bframe
www.google.com/recaptcha/api2/ Frame D1BD 		7 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__nl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ca4c67a9dd932b6deaf975af32b625409c535ac9c783a685a5e5051b35376340
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-jYqPdt3hkTNVMj3F9N8a8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bunq.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-jYqPdt3hkTNVMj3F9N8a8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 11:20:55 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame D1BD 		55 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:28:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
60730
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 05:42:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 27 Nov 2024 18:28:45 GMT
recaptcha__nl.js
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame D1BD 		66 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__nl.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=nl&v=-QbJqHfGOUB8nuVRLvzFLVed&k=6LeLmLQaAAAAAIKs8b09HhE2R0HjTu4ffcFrEsR-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 12:14:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
342409
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
191376
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 05:42:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 24 Nov 2024 12:14:06 GMT

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| documentPictureInPicture object| FontAwesomeKitConfig object| _sentryDebugIds string| _sentryDebugIdIdentifier object| SENTRY_RELEASE object| __SENTRY__ boolean| __vite_is_modern_browser object| Frames function| bunqMeRecaptchaLoadCallback object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| FontAwesomeConfig object| ___FONT_AWESOME___ object| FontAwesome object| recaptcha object| closure_lm_340776

2 Cookies

Domain/Path Name / Value
bunq.me/ Name: _sp_ses.54a4
Value: *
bunq.me/ Name: _sp_id.54a4
Value: ba23a506-e9ce-42e1-9d34-f24fdf0a5476.1701256852.1.1701256852..9b7c2ea5-2610-4e32-88fb-1a8a70201c6e....0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.bunq.com *.bunq.net
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.bunq.me
bunq.me
cdn.checkout.com
fonts.googleapis.com
fonts.gstatic.com
ka-p.fontawesome.com
kit.fontawesome.com
sentry.bunq.com
www.google.com
www.gstatic.com
142.250.186.131
18.192.130.188
18.195.237.130
2606:4700:4400::ac40:93bc
2a00:1450:4001:809::2003
2a00:1450:4001:829::2004
2a00:1450:4001:82b::200a
35.158.144.6
52.222.236.88
06231cc7ce22f700e0781416aa1c03d19466951e39ccb66dc2267af94c2e1b92
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
263a0c7672269fcd86af80eede3bb33d0a69cdbf857b05702c9362843683c94a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47b778cb62a7d3b5e4a6f2e355403ede9f49a6a533110ac3039e2c5f4714aa78
4bc20e928bf67c6562217eaba64227a841b611da081800e02d500bd4d37a0255
57179112de4d4b4e1d1b6c501c17a9e90fc8517e5160d82ef95083fe69b1e1be
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
64c96aa650d214af6f4d1421a57a13a638e5f93f12d64c45d604b38b4341af2b
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
88047529e620bc1552225c81e63c1410c12612346f06a350e294340142f49b97
88118ca2604c956a31b1a7919ac0599432e3acbe6c75de7f5528e02418961878
92443d06835a28423649bca60e6d755e4a1bd09638443196d58e0dd1f06c827f
9a262623a15d157d4f76323692b5dbf09e8fb28d10f97e090a67e3fd89b56b44
b8a4336a06377ae132451085b165507a3cb4f1008eb01c8c1929f069313e3a4c
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
bf21ac2fe603f48d1db7974e9167e1042fb1edbe0a3acb9ea75f498867ddeccc
ca4c67a9dd932b6deaf975af32b625409c535ac9c783a685a5e5051b35376340
da9fc014138c5e3d054fa83705046c6368974dab4481094231138ef3534942f2
dc4cb7d0f26435c7fd2eb2bb088aabba3a2aefd6beb89a8a818b1a0438f5e44a
e209ce04b139d2386cd7ad9d467e1bde3b390146fc514bd1d427ae1c00143865
e62f10c6f89459d46ed0f5b725511bcd9a450ffc1e3fb19eb5edda52f2fd7e3a
e9d32a1e572c2d59c991cf6bbd89cff48287839c8cf85a727ea69a526264a426
ec35323fa25bdff1ca3a378e0bfca7e24202a8e15f93fcf74715b8f7ff378bfa
f7525578689df9041de438bae4decfc7ee1c9af766a76adce6e77f02a1c6eabd
ff86f27d474efd9d2b286d5f95268b1d3dd5ec2ecefd33722d521db1d50c2bc9
ff9a2be960794ffc4738368eeec7262cd5bf70316287f8d2f0c3790170cf1277