banknotecapital.web.xff0.stream Open in urlscan Pro
209.202.206.234 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://banknotecapital.web.xff0.stream/
Effective URL:
https://banknotecapital.web.xff0.stream/login?next=/
Submission: On July 12 via automatic, source certstream-suspicious (July 12th 2024, 11:14:43 pm UTC) — Scanned from CA

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 209.202.206.234, located in Waterloo, Canada and belongs to CARRY-TELECOM, CA. The main domain is banknotecapital.web.xff0.stream.
TLS certificate: Issued by E6 on July 12th 2024. Valid for: 3 months.

This is the only time banknotecapital.web.xff0.stream was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 11	209.202.206.234 209.202.206.234		395965 (CARRY-TEL...) (CARRY-TELECOM)
10	1

11 209.202.206.234 (Waterloo, Canada) 1 redirects

ASN395965 (CARRY-TELECOM, CA)

banknotecapital.web.xff0.stream	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	xff0.stream 1 redirects banknotecapital.web.xff0.stream	271 KB
10	1

	Domain	Requested by
11	banknotecapital.web.xff0.stream	1 redirects banknotecapital.web.xff0.stream
10	1

This site contains no links.

Subject Issuer	Validity	Valid
banknotecapital.web.xff0.stream E6	`2024-07-12` - `2024-10-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://banknotecapital.web.xff0.stream/login?next=/
Frame ID: C4A4DFB3F0957C8572F06B132705AA8D
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Banknote Capital Login

Page URL History Show full URLs

https://banknotecapital.web.xff0.stream/ HTTP 302
https://banknotecapital.web.xff0.stream/login?next=/ Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

271 kB
Transfer

269 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://banknotecapital.web.xff0.stream/ HTTP 302
https://banknotecapital.web.xff0.stream/login?next=/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
banknotecapital.web.xff0.stream/
Redirect Chain

https://banknotecapital.web.xff0.stream/
https://banknotecapital.web.xff0.stream/login?next=/

3 KB
4 KB

128ms
127ms

Document
text/html

209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Waterloo, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy gunicorn /

Resource Hash

ccf6d8d6e961beacd8b4acc1cd70c58c357f04e7721cf901c11745537485f995

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

allow: GET, POST, HEAD, OPTIONS
alt-svc: h3=":443"; ma=2592000
content-length: 3555
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Fri, 12 Jul 2024 23:14:38 GMT
referrer-policy: same-origin
server: Caddy gunicorn
strict-transport-security: max-age=15552000
vary: Accept, Cookie
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Fri, 12 Jul 2024 23:14:38 GMT
location: /login?next=/
referrer-policy: same-origin
server: Caddy gunicorn
strict-transport-security: max-age=15552000
vary: Cookie
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

GET
H2 200 index.ad3a2a2b.css
banknotecapital.web.xff0.stream/static/assets/ 107 KB
107 KB 104ms
103ms Stylesheet
text/css 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/index.ad3a2a2b.css

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Waterloo, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

8379b81707bb85852734fbb9012247e97c0e9837ea85e3f5f7ff22348fe17dfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/login?next=/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 23:14:38 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-1abae"
content-type: text/css; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
alt-svc: h3=":443"; ma=2592000
content-length: 109486

GET
H2 200 ResetPassword.6aeb2b6b.css
banknotecapital.web.xff0.stream/static/assets/ 43 B
91 B 104ms
103ms Stylesheet
text/css 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/ResetPassword.6aeb2b6b.css

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Waterloo, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

208fb78d1b0dd0616a09e74bb93f9586e6ba6d78d6b418e58f6c106bec97531f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/login?next=/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 23:14:38 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-2b"
content-type: text/css; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
alt-svc: h3=":443"; ma=2592000
content-length: 43

GET
H2 200 login.42dee4ec.css
banknotecapital.web.xff0.stream/static/assets/ 717 B
766 B 282ms
281ms Stylesheet
text/css 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/login.42dee4ec.css

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Waterloo, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

c1c676a7f7f7ea8088577cc9a2435bab9e2b0ad57bc71d908eac99f9c6c59109

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/login?next=/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 23:14:38 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-2cd"
content-type: text/css; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
alt-svc: h3=":443"; ma=2592000
content-length: 717

GET
H2 200 login.6d66d105.js Show response
banknotecapital.web.xff0.stream/static/assets/ 5 KB
5 KB 282ms
282ms Script
text/javascript 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/login.6d66d105.js

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Waterloo, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

dac8020c865cc1f56f63f4003a35b68630f422043c8ea2772b582f5826421c77

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/login?next=/
Origin: https://banknotecapital.web.xff0.stream
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 23:14:38 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-154e"
content-type: text/javascript; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
alt-svc: h3=":443"; ma=2592000
content-length: 5454

GET
H3 200 index.e3f8d951.js Show response
banknotecapital.web.xff0.stream/static/assets/ 107 KB
107 KB 73ms
73ms Script
text/javascript 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/index.e3f8d951.js

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

QUIC, , AES_128_GCM

Server

209.202.206.234 Waterloo, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

7940e3cf1e680fbbb9d5b08a18b5dced705545e3127e5839a5ed3f738a4d10f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/static/assets/login.6d66d105.js
Origin: https://banknotecapital.web.xff0.stream
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
date: Fri, 12 Jul 2024 23:14:39 GMT
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-1ad10"
content-type: text/javascript; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
content-length: 109840

GET
H3 200 ResetPassword.a9cb703c.js Show response
banknotecapital.web.xff0.stream/static/assets/ 4 KB
4 KB 76ms
76ms Script
text/javascript 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/ResetPassword.a9cb703c.js

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

QUIC, , AES_128_GCM

Server

209.202.206.234 Waterloo, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

a22ae48b0c2782333e68add57e426c671d58c4c5858c5047b4ba85074b806c63

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/static/assets/login.6d66d105.js
Origin: https://banknotecapital.web.xff0.stream
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 23:14:39 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-e5f"
content-type: text/javascript; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
content-length: 3679

GET
H3 200 banknote-slogan.png
banknotecapital.web.xff0.stream/static/ 5 KB
5 KB 71ms
71ms Image
image/png 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banknotecapital.web.xff0.stream/static/banknote-slogan.png

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

QUIC, , AES_128_GCM

Server

209.202.206.234 Waterloo, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

afe6159eca93854fb9ce1271255dbae17c334a4662cc2df80f54a0e2fd0fcd4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/login?next=/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
date: Fri, 12 Jul 2024 23:14:39 GMT
x-content-type-options: nosniff
referrer-policy: same-origin
last-modified: Mon, 11 Jul 2022 00:19:36 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "62cba4d8-14e7"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, public
content-length: 5351

GET
H3 200 bnc-logo.png
banknotecapital.web.xff0.stream/static/ 36 KB
36 KB 75ms
75ms Image
image/png 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banknotecapital.web.xff0.stream/static/bnc-logo.png

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

QUIC, , AES_128_GCM

Server

209.202.206.234 Waterloo, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

69b4723e41d29e2f30a28d63b4fbc746c4d3c5fdf68235841a367b34c9cbe640

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/login?next=/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
date: Fri, 12 Jul 2024 23:14:39 GMT
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Mon, 11 Jul 2022 00:19:36 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "62cba4d8-8f1a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, public
content-length: 36634

GET
H3 200 favicon-32x32.png
banknotecapital.web.xff0.stream/static/favicon/ 858 B
1 KB 74ms
74ms Other
image/png 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/favicon/favicon-32x32.png

Protocol

Security

QUIC, , AES_128_GCM

Server

209.202.206.234 Waterloo, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

8f442d509bb18b88e96f5fd9ab95aea1fee8309ccbf1e1f6e746f59a44c227d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/login?next=/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
date: Fri, 12 Jul 2024 23:14:39 GMT
x-content-type-options: nosniff
referrer-policy: same-origin
last-modified: Sun, 14 Aug 2022 03:09:58 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "62f89fc6-35a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, public
content-length: 858

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

banknotecapital.web.xff0.stream
209.202.206.234
208fb78d1b0dd0616a09e74bb93f9586e6ba6d78d6b418e58f6c106bec97531f
69b4723e41d29e2f30a28d63b4fbc746c4d3c5fdf68235841a367b34c9cbe640
7940e3cf1e680fbbb9d5b08a18b5dced705545e3127e5839a5ed3f738a4d10f2
8379b81707bb85852734fbb9012247e97c0e9837ea85e3f5f7ff22348fe17dfc
8f442d509bb18b88e96f5fd9ab95aea1fee8309ccbf1e1f6e746f59a44c227d8
a22ae48b0c2782333e68add57e426c671d58c4c5858c5047b4ba85074b806c63
afe6159eca93854fb9ce1271255dbae17c334a4662cc2df80f54a0e2fd0fcd4d
c1c676a7f7f7ea8088577cc9a2435bab9e2b0ad57bc71d908eac99f9c6c59109
ccf6d8d6e961beacd8b4acc1cd70c58c357f04e7721cf901c11745537485f995
dac8020c865cc1f56f63f4003a35b68630f422043c8ea2772b582f5826421c77

banknotecapital.web.xff0.stream Open in urlscan Pro 209.202.206.234 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

271 kBTransfer

269 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

banknotecapital.web.xff0.stream Open in urlscan Pro
209.202.206.234 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

271 kB
Transfer

269 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions