urlscan.io logo urlscan.io
SecurityTrails logo

payment-api.test.lumo.fi Open in urlscan Pro
52.178.145.61  Public Scan

Go To Rescan Add Verdict Report
URL: https://payment-api.test.lumo.fi/
Submission: On February 10 via automatic, source certstream-suspicious — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 8 HTTP transactions. The main IP is 52.178.145.61, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is payment-api.test.lumo.fi.
TLS certificate: Issued by R3 on February 10th 2023. Valid for: 3 months.
This is the only time payment-api.test.lumo.fi was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 52.178.145.61 8075 (MICROSOFT...)
1 2620:1ec:4f:1... 8075 (MICROSOFT...)
1 2620:1ec:29:1... 8075 (MICROSOFT...)
2 13.69.106.211 8075 (MICROSOFT...)
8 5
Apex Domain
Subdomains		 Transfer
4 lumo.fi
payment-api.test.lumo.fi
8 KB
2 visualstudio.com
dc.services.visualstudio.com — Cisco Umbrella Rank: 786
280 B
1 azureedge.net
kojamo-assets.azureedge.net
28 KB
1 azure.com
js.monitor.azure.com — Cisco Umbrella Rank: 1598
45 KB
8 4
Domain Requested by
4 payment-api.test.lumo.fi payment-api.test.lumo.fi
2 dc.services.visualstudio.com js.monitor.azure.com
1 kojamo-assets.azureedge.net payment-api.test.lumo.fi
1 js.monitor.azure.com payment-api.test.lumo.fi
8 4

This site contains no links.

Subject Issuer Validity Valid
payment-api.test.lumo.fi
R3		 2023-02-10 -
2023-05-11		 3 months crt.sh
js.monitor.azure.com
Microsoft Azure TLS Issuing CA 05		 2022-12-23 -
2023-12-18		 a year crt.sh
*.azureedge.net
Microsoft Azure TLS Issuing CA 05		 2023-01-23 -
2024-01-18		 a year crt.sh
in.applicationinsights.azure.com
Microsoft Azure TLS Issuing CA 05		 2022-11-21 -
2023-11-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://payment-api.test.lumo.fi/
Frame ID: 836CAF75B31B4F2F30787BFAF7200393
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Home page

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

80 kB
Transfer

164 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
payment-api.test.lumo.fi/ 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://payment-api.test.lumo.fi/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.178.145.61 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
22dc221fa90d4323ffd351fd9e6ff1042102e3662f0bb6671bfc8ec1f70177c2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 10 Feb 2023 07:01:37 GMT
request-context
appId=cid-v1:e2a29bec-8748-4931-8a1b-7df95dea1469
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
styles.css
payment-api.test.lumo.fi/css/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment-api.test.lumo.fi/css/styles.css
Requested by
Host: payment-api.test.lumo.fi
URL: https://payment-api.test.lumo.fi/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.178.145.61 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
252d75f435b790914a2f07cd72935ffc5c5771308401a2d03d55d671a728999f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://payment-api.test.lumo.fi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 07:01:37 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
br
last-modified
Tue, 30 Aug 2022 08:18:10 GMT
etag
W/"1d8bc490a5e2526"
vary
Accept-Encoding
content-type
text/css
request-context
appId=cid-v1:e2a29bec-8748-4931-8a1b-7df95dea1469
lumo-logo.svg
payment-api.test.lumo.fi/images/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment-api.test.lumo.fi/images/lumo-logo.svg
Requested by
Host: payment-api.test.lumo.fi
URL: https://payment-api.test.lumo.fi/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.178.145.61 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2094c2af7cbec2f01d5380afb540c0676b13dc15fc5adc0e7dd5e826415a5058
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://payment-api.test.lumo.fi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 07:01:37 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
br
last-modified
Tue, 30 Aug 2022 08:16:04 GMT
etag
W/"1d8bc48bf43f199"
vary
Accept-Encoding
content-type
image/svg+xml
request-context
appId=cid-v1:e2a29bec-8748-4931-8a1b-7df95dea1469
site.js
payment-api.test.lumo.fi/js/ 		226 B
420 B 		Script
General
Check archive.org
Download Go to
Full URL
https://payment-api.test.lumo.fi/js/site.js?v=BxFAw9RUJ1E4NycpKEjCNDeoSvr4RPHixdBq5wDnkeY
Requested by
Host: payment-api.test.lumo.fi
URL: https://payment-api.test.lumo.fi/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.178.145.61 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e03b397a81c986a9c9b1c0f14e69eef69ee6f45efee41b9c31a7912eaad1be76
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://payment-api.test.lumo.fi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 07:01:37 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
br
last-modified
Tue, 30 Aug 2022 08:16:04 GMT
etag
W/"1d8bc48bf43fae2"
vary
Accept-Encoding
content-type
application/javascript
request-context
appId=cid-v1:e2a29bec-8748-4931-8a1b-7df95dea1469
ai.2.min.js
js.monitor.azure.com/scripts/b/ 		118 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.monitor.azure.com/scripts/b/ai.2.min.js
Requested by
Host: payment-api.test.lumo.fi
URL: https://payment-api.test.lumo.fi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ac4f3a99557d9c17b6ded0c6d4f0b267f4879cde9baec07a83910ab8c7059f77

Request headers

Referer
https://payment-api.test.lumo.fi/
Origin
https://payment-api.test.lumo.fi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 07:01:37 GMT
content-encoding
br
x-azure-ref-originshield
0f+XlYwAAAADOOGNL0T5bQ7zEE8TWrwT2QU1TMDRFREdFMTkwNwBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
content-md5
9j1it/ejcfI34cTV1VuCzA==
x-cache
TCP_HIT
x-ms-meta-aijssdksrc
[cdn]/scripts/b/ai.2.8.9.min.js
last-modified
Mon, 31 Oct 2022 18:35:27 GMT
x-ms-meta-aijssdkver
2.8.9
etag
0x8DABB6EAE654DEC
x-azure-ref
00evlYwAAAADl7a1sZB9DQbKubrAaChKxU1RPRURHRTE4MDcAZjFjYTczZDQtODg4My00Y2FmLWFiZGMtZmUyZDU2N2FmYjk2
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
1388e921-101e-0103-2d16-3dba51000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,x-ms-meta-aijssdksrc,x-ms-meta-aijssdkver,x-ms-meta-lastmodified,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable, no-transform
x-ms-version
2009-09-19
truncated
/ 		329 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
faf51791bd25f0b713bb380e18bd4a93651f95d264e2e49225fac0df0674fc15

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Type
image/svg+xml
Austin-Semibold-Web-subset.woff2
kojamo-assets.azureedge.net/fonts/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://kojamo-assets.azureedge.net/fonts/Austin-Semibold-Web-subset.woff2
Requested by
Host: payment-api.test.lumo.fi
URL: https://payment-api.test.lumo.fi/css/styles.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
7a0e0d330793d6ae9c371a874658b7428977fee739ea389b515269f26e62b2a8

Request headers

Referer
https://payment-api.test.lumo.fi/
Origin
https://payment-api.test.lumo.fi
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 10 Feb 2023 07:01:36 GMT
x-azure-ref-originshield
0UL7iYwAAAACxEgv3DaToSoRAJINTjFrbQU1TMDRFREdFMTkyMQAzZmRiNDYxYi1lZjY4LTQwYWUtYTljNi1hMTVlNjAzODMzMjM=
content-md5
yEJnnoMfSxksNmt67bZ5SQ==
x-cache
TCP_HIT
content-length
27836
x-ms-lease-status
unlocked
last-modified
Wed, 14 Oct 2020 11:27:38 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D870342838CE5C
x-azure-ref
00evlYwAAAAAObqqbchrvQLAMLKlVVmmkT1NMMjMxMDUwMjA0MDQ3ADNmZGI0NjFiLWVmNjgtNDBhZS1hOWM2LWExNWU2MDM4MzMyMw==
content-type
application/octet-stream
access-control-allow-origin
*
x-ms-request-id
2b8aca2f-601e-0034-23a0-39f4ef000000
cache-control
public, max-age=31556926
x-ms-version
2009-09-19
track
dc.services.visualstudio.com/v2/ 		96 B
280 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.69.106.211 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d35885c6207509c48965dae5d2ddfab511b5516b477a390ceb1b675eb1de3cdd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://payment-api.test.lumo.fi/
accept-language
fi-FI,fi;q=0.9
Sdk-Context
appId
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-type
application/json

Response headers

x-ms-session-id
68A92296-541B-45DD-A1CB-C64058814075
strict-transport-security
max-age=31536000
date
Fri, 10 Feb 2023 07:01:37 GMT
x-content-type-options
nosniff
access-control-max-age
3600
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context
content-length
96
track
dc.services.visualstudio.com/v2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.69.106.211 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://payment-api.test.lumo.fi
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
content-length
0
date
Fri, 10 Feb 2023 07:01:37 GMT
x-content-type-options
nosniff

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange object| appInsights object| e function| n object| Microsoft object| __dynProto$Gbl

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains