app.bounce.finance Open in urlscan Pro
172.67.74.216 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://app.bounce.finance/real-auction/monet
Submission Tags: 0xscam
Submission: On November 28 via api (November 28th 2024, 3:53:33 pm UTC) from US — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 172.67.74.216, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.bounce.finance.
TLS certificate: Issued by WE1 on October 5th 2024. Valid for: 3 months.

This is the only time app.bounce.finance was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	172.67.74.216 172.67.74.216	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
2	216.198.53.3 216.198.53.3	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare London)
1	216.198.54.3 216.198.54.3	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare London)
10	5

3 172.67.74.216 (United States)

ASN13335 (CLOUDFLARENET, US)

app.bounce.finance	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.198.53.3 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US)

static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.198.54.3 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US)

ekr.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	zdassets.com static.zdassets.com — Cisco Umbrella Rank: 2270 ekr.zdassets.com — Cisco Umbrella Rank: 2553	265 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	2 KB
3	bounce.finance app.bounce.finance	13 KB
10	3

	Domain	Requested by
3	fonts.googleapis.com	app.bounce.finance
3	app.bounce.finance	app.bounce.finance
2	static.zdassets.com	app.bounce.finance static.zdassets.com
1	ekr.zdassets.com	static.zdassets.com
10	4

This site contains no links.

Subject Issuer	Validity	Valid
bounce.finance WE1	`2024-10-05` - `2025-01-03`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
zdassets.com WE1	`2024-11-03` - `2025-02-01`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://app.bounce.finance/real-auction/monet
Frame ID: F4085CAC88326F7A599EEC415F3FED04
Requests: 9 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-f8ea3a2.js
Frame ID: A4F8666E33F9181C1B08D1BE1A77E124
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bounce

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

10
Requests

90 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

280 kB
Transfer

895 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request monet Show response
app.bounce.finance/real-auction/ 2 KB
2 KB 755ms
363ms Document
text/html 172.67.74.216
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.bounce.finance/real-auction/monet

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.74.216 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df4b4d967d7c31a200df11180d88f8183bd58b4601845c71f4dfffce16e82235

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.vercel.com/ https://.youtube.com https://api.smooch.io/ https://static.zdassets.com/ https://.crypto.com/ https://ipinfo.io http://.bounce.finance/ http://bounce.finance/ https://www.googletagmanager.com https://www.google-analytics.com; frame-src 'self' https://.sumsub.com/ https://.youtube.com; child-src 'self' https://.sumsub.com/ https://.youtube.com; frame-ancestors 'self' https://.sumsub.com/ https://.youtube.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	ALLOW-FROM https://.youtube.com https://.sumsub.com/ http://*.bounce.finance/
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 273795
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=0
cf-cache-status: DYNAMIC
cf-ray: 8e9b874b3de7dbdb-FRA
content-disposition: inline; filename="index.html"
content-encoding: br
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vercel.com/ https://*.youtube.com https://api.smooch.io/ https://static.zdassets.com/ https://*.crypto.com/ https://ipinfo.io http://*.bounce.finance/ http://bounce.finance/ https://www.googletagmanager.com https://www.google-analytics.com; frame-src 'self' https://*.sumsub.com/ https://*.youtube.com; child-src 'self' https://*.sumsub.com/ https://*.youtube.com; frame-ancestors 'self' https://*.sumsub.com/ https://*.youtube.com;
content-type: text/html; charset=utf-8
date: Thu, 28 Nov 2024 15:53:02 GMT
last-modified: Mon, 25 Nov 2024 02:58:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1w9Se7MADKVqzQReQgVFIhKa6ofRBpHn3WWKiNwg%2F1OD9t1ySbVG21KJtSZuVs7OdCJgV1kYfqxF%2FozMmZ2nIJlIFqGkEhVDfnMOj%2FemCwTQoDSdlmONhBQuM1NWmzAg1gbWqA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=23738&min_rtt=22640&rtt_var=5422&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4230&recv_bytes=4501&delivery_rate=526&cwnd=12000&unsent_bytes=0&cid=533ca9910cb95b1d&ts=364&x=1" cfHdrFlush;dur=0
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: accept-encoding
x-frame-options: ALLOW-FROM https://*.youtube.com https://*.sumsub.com/ http://*.bounce.finance/
x-vercel-cache: HIT
x-vercel-id: fra1::6579p-1732809182281-0effe63606e6
x-xss-protection: 1; mode=block

GET
H3 200 font.css
app.bounce.finance/css/ 850 B
1 KB 484ms
484ms Stylesheet
text/css 172.67.74.216
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.bounce.finance/css/font.css

Requested by

Host: app.bounce.finance
URL: https://app.bounce.finance/real-auction/monet

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.74.216 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afab92a13fbeca36539f26df115ff3b7acebdbfdf60a783313a4a704d354ed8e

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.vercel.com/ https://.youtube.com https://api.smooch.io/ https://static.zdassets.com/ https://.crypto.com/ https://ipinfo.io http://.bounce.finance/ http://bounce.finance/ https://www.googletagmanager.com https://www.google-analytics.com; frame-src 'self' https://.sumsub.com/ https://.youtube.com; child-src 'self' https://.sumsub.com/ https://.youtube.com; frame-ancestors 'self' https://.sumsub.com/ https://.youtube.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	ALLOW-FROM https://.youtube.com https://.sumsub.com/ http://*.bounce.finance/
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://app.bounce.finance/real-auction/monet

Response headers

content-encoding: br
cf-cache-status: REVALIDATED
etag: W/"80539eefcefac53c068a252ef9dd83cf"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jGiBW5Sg%2Fzk2BzStPBjp%2FyoHv4MffNIW5LggO469UiiPOwyRtWMIvycJiV4Fzk%2ByXACH77M3HvZC7%2FRyO7wYe0qK2i9mTvbWguNmbwO8EIviAMnXSwLTpAgdhz5BlFoxAXmjGA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=32383&min_rtt=22640&rtt_var=9748&sent=29&recv=20&lost=0&retrans=0&sent_bytes=16171&recv_bytes=5744&delivery_rate=250358&cwnd=12000&unsent_bytes=0&cid=533ca9910cb95b1d&ts=855&x=1", cfHdrFlush;dur=0
date: Thu, 28 Nov 2024 15:53:02 GMT
content-type: text/css; charset=utf-8
content-disposition: inline; filename="font.css"
vary: Accept-Encoding
last-modified: Mon, 18 Nov 2024 05:06:23 GMT
x-frame-options: ALLOW-FROM https://*.youtube.com https://*.sumsub.com/ http://*.bounce.finance/
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vercel.com/ https://*.youtube.com https://api.smooch.io/ https://static.zdassets.com/ https://*.crypto.com/ https://ipinfo.io http://*.bounce.finance/ http://bounce.finance/ https://www.googletagmanager.com https://www.google-analytics.com; frame-src 'self' https://*.sumsub.com/ https://*.youtube.com; child-src 'self' https://*.sumsub.com/ https://*.youtube.com; frame-ancestors 'self' https://*.sumsub.com/ https://*.youtube.com;
cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
cf-ray: 8e9b874d9cafdbdb-FRA
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare
x-vercel-id: fra1::4qmnz-1731910238817-7f8727d47d17

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
823 B 448ms
379ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter&family=Public+Sans:wght@200&display=swap

Requested by

Host: app.bounce.finance
URL: https://app.bounce.finance/real-auction/monet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

159243a5219fcda7ca40eb093d1d62bdb0db8d5fe4e2b0bd753d258815a6b5a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://app.bounce.finance/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 28 Nov 2024 15:53:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 15:53:02 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 28 Nov 2024 15:53:02 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css2
fonts.googleapis.com/ 894 B
874 B 441ms
372ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Instrument+Serif&display=swap

Requested by

Host: app.bounce.finance
URL: https://app.bounce.finance/real-auction/monet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

655d4dbf4ef3090a2a03238ab6f8bd143de7ef2e0fb39d89a3d2c77b3f646f37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://app.bounce.finance/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 28 Nov 2024 15:53:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 15:53:02 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 28 Nov 2024 15:51:49 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
659 B 447ms
379ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Cormorant+SC&display=swap

Requested by

Host: app.bounce.finance
URL: https://app.bounce.finance/real-auction/monet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

286052594900aa4cdf689beeedb5ddeedda1e6d0b58197638dc7ad655fa67614

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://app.bounce.finance/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 28 Nov 2024 15:53:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 15:53:02 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 28 Nov 2024 15:50:04 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ 10 KB
5 KB 112ms
47ms Script
application/javascript 216.198.53.3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=f0707b31-0c92-4230-8947-b71f925d0f23

Requested by

Host: app.bounce.finance
URL: https://app.bounce.finance/real-auction/monet

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.198.53.3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7631939bbc2c74fc9a5fb1ee9565250a15bf95cc0e364da7fc5f15e3db41427

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://app.bounce.finance/

Response headers

access-control-max-age: 0
content-encoding: br
cf-cache-status: HIT
etag: W/"c88d625098ddb649cf216dba2e52435c"
x-amz-version-id: C4qpYKgeT8.DeRlre_wbz3El4DCj0uok
age: 23
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xfIZOjUVLwhpkvCxorcylX7Lb8QHYrzqaMxf3moKiPPC0EUKURRCCiqhXiW8awr1d7OiHi51EpNtVo%2FKoM7LoQiOT4r4XgW8qDZITyCYA%2FKvY2aVw%2BpL26Tb%2FGw3RY6PtJnxWqc%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, HEAD
date: Thu, 28 Nov 2024 15:53:02 GMT
content-type: application/javascript
last-modified: Mon, 04 Nov 2024 09:45:04 GMT
vary: Accept-Encoding
x-amz-id-2: A0izfOgoJraDj0d+LpbejhD886w1ixucTx94SrPJm2EZb94haWLlT4UQTFbxgwt08RaNjEix9LA=
access-control-allow-headers: *
strict-transport-security: max-age=0
x-amz-replication-status: COMPLETED
cache-control: public, max-age=3600, s-maxage=60
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: Z782ZAH0R0HQS8VP
cf-ray: 8e9b874dfabcbc01-FRA
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET main.67107cb8.js
app.bounce.finance/static/js/ 0
0

GET
H3 200 main.ea1c1785.css
app.bounce.finance/static/css/ 47 KB
9 KB 39ms
39ms Stylesheet
text/css 172.67.74.216
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.bounce.finance/static/css/main.ea1c1785.css

Requested by

Host: app.bounce.finance
URL: https://app.bounce.finance/real-auction/monet

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.74.216 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4098007ac295bcb712933b50cb01b988df48c728d4f2350816d6aa8757ce0bab

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.vercel.com/ https://.youtube.com https://api.smooch.io/ https://static.zdassets.com/ https://.crypto.com/ https://ipinfo.io http://.bounce.finance/ http://bounce.finance/ https://www.googletagmanager.com https://www.google-analytics.com; frame-src 'self' https://.sumsub.com/ https://.youtube.com; child-src 'self' https://.sumsub.com/ https://.youtube.com; frame-ancestors 'self' https://.sumsub.com/ https://.youtube.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	ALLOW-FROM https://.youtube.com https://.sumsub.com/ http://*.bounce.finance/
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://app.bounce.finance/real-auction/monet

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"4a04bb98f88f60e00060ff020cc58725"
age: 3883695
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qPz8i7rR3GWJ7qKWOW%2BymXA87GMH7NZrWAPXkysXxn3jyn90E4t%2FEl2Eai9Fbbv2vST%2FHGz1hBSHknq05kGKwMVvrk75ev60FdPRXdLsn34Cyh7VR5wBTiG6ZiJA0GheoUsVxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24946&min_rtt=22640&rtt_var=5159&sent=18&recv=14&lost=0&retrans=0&sent_bytes=6361&recv_bytes=5239&delivery_rate=72645&cwnd=12000&unsent_bytes=0&cid=533ca9910cb95b1d&ts=409&x=1", cfHdrFlush;dur=0
date: Thu, 28 Nov 2024 15:53:02 GMT
content-type: text/css; charset=utf-8
content-disposition: inline; filename="main.ea1c1785.css"
vary: Accept-Encoding
x-frame-options: ALLOW-FROM https://*.youtube.com https://*.sumsub.com/ http://*.bounce.finance/
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vercel.com/ https://*.youtube.com https://api.smooch.io/ https://static.zdassets.com/ https://*.crypto.com/ https://ipinfo.io http://*.bounce.finance/ http://bounce.finance/ https://www.googletagmanager.com https://www.google-analytics.com; frame-src 'self' https://*.sumsub.com/ https://*.youtube.com; child-src 'self' https://*.sumsub.com/ https://*.youtube.com; frame-ancestors 'self' https://*.sumsub.com/ https://*.youtube.com;
cache-control: s-maxage=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
cf-ray: 8e9b874d9cb2dbdb-FRA
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare
x-vercel-id: fra1::dg9bk-1728925487316-17c354439e39

GET
H2 200 f0707b31-0c92-4230-8947-b71f925d0f23 Show response
ekr.zdassets.com/compose/ 404 B
1 KB 269ms
214ms Fetch
application/json 216.198.54.3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/f0707b31-0c92-4230-8947-b71f925d0f23

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=f0707b31-0c92-4230-8947-b71f925d0f23

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.198.54.3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bceb02552b70a523767c853d8d354016efc33617d52ec9081305d3e83c83f999

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://app.bounce.finance/

Response headers

access-control-max-age: 7200
x-request-id: 8e896d14ea68926b-SEA, 8e896d14ea68926b-SEA, 8e896d14ea68926b-SEA
access-control-expose-headers
content-encoding: br
cf-cache-status: HIT
etag: W/"bceb02552b70a523767c853d8d354016"
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Utaa%2F634uagJsBrkGQnhGWB%2F2lnBcKXQVglFTdWOplygTjHWjgb8%2F7PP6V%2FurNjJpTF1ej06HkpSP6LYwSgr3RTdyWQZfF8WNdAftnW4RgCHlZEgN3cCp92jSuEA3WaMsLY%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, OPTIONS
x-content-type-options: nosniff
date: Thu, 28 Nov 2024 15:53:03 GMT
content-type: application/json; charset=utf-8
vary: Accept, Origin, Accept-Encoding
x-runtime: 0.002776
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
cdn-cache-control: max-age=60
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8e9b8750fdf21c9d-FRA
access-control-allow-origin: *
x-zendesk-zorg: yes, yes
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 web-widget-main-f8ea3a2.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame A4F8 829 KB
259 KB 43ms
42ms Script
application/javascript 216.198.53.3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-main-f8ea3a2.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=f0707b31-0c92-4230-8947-b71f925d0f23

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.198.53.3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4023a33e55c975d4dc3bb5097bfbb0b3292ee6f7cfc606dd8d26cadfeb192569

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age: 0
content-encoding: br
cf-cache-status: HIT
etag: W/"9036dc5e0838fdf3f24f3b4865511179"
x-amz-version-id: Kx.ZdT9ddwx0cxOUKUZ9kWt5KVOjAgPp
age: 69
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WnGzDXedVSVtP7cI8OLPqywTC7zKdfawyJ3xCgUuEoFPDcqUA0JoiMTwpaa6pgKhXcEbp%2BuCRd%2BzGvXQKeSQd3FC%2Fr4Sz%2BwpGPI7VSsyBC3R8tFt48RcVhPj%2FW%2FUVj6BbZtwkOQ%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, HEAD
expires: Tue, 25 Nov 2025 16:16:32 GMT
date: Thu, 28 Nov 2024 15:53:03 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 25 Nov 2024 16:16:33 GMT
vary: Accept-Encoding
x-amz-id-2: MLnkpFpEOiAcnvHXljaogs0P2N51XrmK3508+UgQzNgo2Zvm3fM6WsWXhiVZFJs7T9s8oklawyI3TpJGgbBw109SFhi2uKKz
access-control-allow-headers: *
strict-transport-security: max-age=0
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 7PKS30VJ5Z7547EY
cf-ray: 8e9b87525fcabc01-FRA
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: app.bounce.finance
URL: https://app.bounce.finance/static/js/main.67107cb8.js

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.vercel.com/ https://.youtube.com https://api.smooch.io/ https://static.zdassets.com/ https://.crypto.com/ https://ipinfo.io http://.bounce.finance/ http://bounce.finance/ https://www.googletagmanager.com https://www.google-analytics.com; frame-src 'self' https://.sumsub.com/ https://.youtube.com; child-src 'self' https://.sumsub.com/ https://.youtube.com; frame-ancestors 'self' https://.sumsub.com/ https://.youtube.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	ALLOW-FROM https://.youtube.com https://.sumsub.com/ http://*.bounce.finance/
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.bounce.finance
ekr.zdassets.com
fonts.googleapis.com
static.zdassets.com
app.bounce.finance
172.67.74.216
216.198.53.3
216.198.54.3
2a00:1450:4001:809::200a
159243a5219fcda7ca40eb093d1d62bdb0db8d5fe4e2b0bd753d258815a6b5a0
286052594900aa4cdf689beeedb5ddeedda1e6d0b58197638dc7ad655fa67614
4023a33e55c975d4dc3bb5097bfbb0b3292ee6f7cfc606dd8d26cadfeb192569
4098007ac295bcb712933b50cb01b988df48c728d4f2350816d6aa8757ce0bab
655d4dbf4ef3090a2a03238ab6f8bd143de7ef2e0fb39d89a3d2c77b3f646f37
afab92a13fbeca36539f26df115ff3b7acebdbfdf60a783313a4a704d354ed8e
bceb02552b70a523767c853d8d354016efc33617d52ec9081305d3e83c83f999
c7631939bbc2c74fc9a5fb1ee9565250a15bf95cc0e364da7fc5f15e3db41427
df4b4d967d7c31a200df11180d88f8183bd58b4601845c71f4dfffce16e82235

app.bounce.finance Open in urlscan Pro 172.67.74.216 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

90 %HTTPS

25 %IPv6

3 Domains

4 Subdomains

5 IPs

2 Countries

280 kBTransfer

895 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

app.bounce.finance Open in urlscan Pro
172.67.74.216 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

280 kB
Transfer

895 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions