api.staging.bankonloop.com Open in urlscan Pro
54.221.251.148 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://api.staging.bankonloop.com/
Submission: On August 24 via automatic, source certstream-suspicious (August 24th 2024, 12:33:54 am UTC) — Scanned from US

Summary HTTP 9 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 54.221.251.148, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is api.staging.bankonloop.com.
TLS certificate: Issued by R10 on August 23rd 2024. Valid for: 3 months.

This is the only time api.staging.bankonloop.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	54.221.251.148 54.221.251.148	14618 (AMAZON-AES) (AMAZON-AES)
1	2607:f8b0:400... 2607:f8b0:4006:81d::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:817::2003	15169 (GOOGLE) (GOOGLE)
9	3

7 54.221.251.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-251-148.compute-1.amazonaws.com

api.staging.bankonloop.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	bankonloop.com api.staging.bankonloop.com	187 KB
1	gstatic.com fonts.gstatic.com	8 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	1 KB
9	3

	Domain	Requested by
7	api.staging.bankonloop.com	api.staging.bankonloop.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	api.staging.bankonloop.com
9	3

This site contains links to these domains. Also see Links.

Domain
www.getloop.ca

Subject Issuer	Validity	Valid
api.staging.bankonloop.com R10	`2024-08-23` - `2024-11-21`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://api.staging.bankonloop.com/
Frame ID: 81F3A70F27AD79DCEB3C10942FCDD8D3
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Loop Admin

Page Statistics

9
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

196 kB
Transfer

868 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.getloop.ca/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.getloop.ca/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
api.staging.bankonloop.com/ 6 KB
8 KB 387ms
81ms Document
text/html 54.221.251.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.staging.bankonloop.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-221-251-148.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

11bfcc58d75deaef56e0a3a982727560794058d7748daba261ca914b0293880b

Security Headers

Name	Value
Content-Security-Policy	font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Cache-Control: no-store
Connection: keep-alive
Content-Length: 5909
Content-Security-Policy: font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'
Content-Type: text/html; charset=utf-8
Date: Sat, 24 Aug 2024 00:33:48 GMT
Etag: W/"11bfcc58d75deaef56e0a3a982727560"
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Feature-Policy: camera 'none'; gyroscope 'none'; microphone 'none'; usb 'none'; fullscreen 'self'
Link: </packs/js/application/forms-96a34414527ddc03afed.js>; rel=preload; as=script; nopush,</packs/js/application-4b4aa0e77747ecf9cc64.js>; rel=preload; as=script; nopush,</packs/css/application-0d6cc8c4.css>; rel=preload; as=style; nopush,</packs/js/vendors-370c283ab414781b9e7f.chunk.js>; rel=preload; as=script; nopush
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D"}]}
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D
Server: Cowboy
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Origin
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 017424ec-3a36-4e4f-a6ee-58ff9d792bd9
X-Runtime: 0.019355
X-Xss-Protection: 1

GET
H/1.1 200
OK forms-96a34414527ddc03afed.js Show response
api.staging.bankonloop.com/packs/js/application/ 2 KB
2 KB 62ms
60ms Script
application/javascript 54.221.251.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.staging.bankonloop.com/packs/js/application/forms-96a34414527ddc03afed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-221-251-148.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

175a7b79fba2a2fb6bf505614ca80c9c4501f9edc7390051f4f48364d87c9465

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://api.staging.bankonloop.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 24 Aug 2024 00:33:48 GMT
Content-Encoding: br
Via: 1.1 vegur
Strict-Transport-Security: max-age=63072000; includeSubDomains
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server: Cowboy
Last-Modified: Fri, 23 Aug 2024 21:54:26 GMT
Vary: Accept-Encoding, Origin
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D"}]}
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 768
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D

GET
H/1.1 200
OK application-4b4aa0e77747ecf9cc64.js Show response
api.staging.bankonloop.com/packs/js/ 6 KB
3 KB 175ms
60ms Script
application/javascript 54.221.251.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.staging.bankonloop.com/packs/js/application-4b4aa0e77747ecf9cc64.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-221-251-148.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

9a7ff4f9fcac77e8707092331a9695cbe3935b0ee60750a747d2223710c47cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://api.staging.bankonloop.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 24 Aug 2024 00:33:49 GMT
Content-Encoding: br
Via: 1.1 vegur
Strict-Transport-Security: max-age=63072000; includeSubDomains
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server: Cowboy
Last-Modified: Fri, 23 Aug 2024 21:54:26 GMT
Vary: Accept-Encoding, Origin
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D"}]}
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 1902
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D

GET
H/1.1 200
OK application-0d6cc8c4.css
api.staging.bankonloop.com/packs/css/ 232 KB
33 KB 124ms
61ms Stylesheet
text/css 54.221.251.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.staging.bankonloop.com/packs/css/application-0d6cc8c4.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-221-251-148.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

70ecc992cda313c0e88b9f58d65ce6f52b4c9e042944d90611e9477e71472e92

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://api.staging.bankonloop.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 24 Aug 2024 00:33:49 GMT
Content-Encoding: br
Via: 1.1 vegur
Strict-Transport-Security: max-age=63072000; includeSubDomains
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server: Cowboy
Last-Modified: Fri, 23 Aug 2024 21:54:26 GMT
Vary: Accept-Encoding, Origin
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D"}]}
Content-Type: text/css
Connection: keep-alive
Content-Length: 33172
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D

GET
H/1.1 200
OK vendors-370c283ab414781b9e7f.chunk.js Show response
api.staging.bankonloop.com/packs/js/ 596 KB
131 KB 177ms
61ms Script
application/javascript 54.221.251.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.staging.bankonloop.com/packs/js/vendors-370c283ab414781b9e7f.chunk.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-221-251-148.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

36a0158a3fd0c25b56b13c4aeb02e2c72ecabd2e33f18135c339e658239b9e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://api.staging.bankonloop.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 24 Aug 2024 00:33:49 GMT
Content-Encoding: br
Via: 1.1 vegur
Strict-Transport-Security: max-age=63072000; includeSubDomains
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server: Cowboy
Last-Modified: Fri, 23 Aug 2024 21:54:26 GMT
Vary: Accept-Encoding, Origin
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D"}]}
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 133065
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D

GET
H/1.1 200
OK logo-7cfc8bc68ef7d83318f9c6f3e64c5c7f.svg
api.staging.bankonloop.com/packs/media/images/ 4 KB
4 KB 176ms
60ms Image
image/svg+xml 54.221.251.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.staging.bankonloop.com/packs/media/images/logo-7cfc8bc68ef7d83318f9c6f3e64c5c7f.svg

Requested by

Host: api.staging.bankonloop.com
URL: https://api.staging.bankonloop.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-221-251-148.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

d97dd1195a8920414b964d47d9210acaae6ef5ad1e0b4ddb7f1797fd2848c8ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://api.staging.bankonloop.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 24 Aug 2024 00:33:49 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains
Via: 1.1 vegur
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server: Cowboy
Last-Modified: Fri, 23 Aug 2024 21:54:26 GMT
Vary: Origin
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D"}]}
Content-Type: image/svg+xml
Connection: keep-alive
Content-Length: 3668
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724459629&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=f%2B814IS1DfNqB3XhjLymmD84Q1M4wYVp0xDN4paPh4U%3D

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 241ms
91ms Stylesheet
text/css 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap

Requested by

Host: api.staging.bankonloop.com
URL: https://api.staging.bankonloop.com/packs/css/application-0d6cc8c4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1b4f34c4f49ea2f2c810577d2963705cd5a7463630effe9c9d668284152f6113

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://api.staging.bankonloop.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 24 Aug 2024 00:33:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 24 Aug 2024 00:33:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 24 Aug 2024 00:33:49 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 203ms
70ms Font
font/woff2 2607:f8b0:4006:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://api.staging.bankonloop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 08:46:07 GMT
x-content-type-options: nosniff
age: 56863
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Aug 2025 08:46:07 GMT

GET
H/1.1 200
OK favicon.ico
api.staging.bankonloop.com/ 5 KB
6 KB 62ms
61ms Other
image/vnd.microsoft.icon 54.221.251.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.staging.bankonloop.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-221-251-148.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

703182dac84b4c68b7bee031c21f05132a7a4f7261c3245f0ecc45cd0302b81c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://api.staging.bankonloop.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 24 Aug 2024 00:33:50 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains
Via: 1.1 vegur
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server: Cowboy
Last-Modified: Fri, 23 Aug 2024 21:52:32 GMT
Vary: Origin
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724459630&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=qM0qUQ%2BhsGC8tCXl%2F4U3773Qz8x8mDQaCK2GqHjyrT4%3D"}]}
Content-Type: image/vnd.microsoft.icon
Connection: keep-alive
Content-Length: 5430
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724459630&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=qM0qUQ%2BhsGC8tCXl%2F4U3773Qz8x8mDQaCK2GqHjyrT4%3D

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			api.staging.bankonloop.com/	1970-01-20 23:44:11	Name: utm Value: %7B%7D
			api.staging.bankonloop.com/	1969-12-31 23:59:59	Name: _loop_banking_session Value: vARpx%2FWAer1fV4oOOxHVLNQ%2Bh8uEgA0O2%2Fz0yn9zt3hRdpvKEcPld2WbFxrV0JCgy0fSRWTHh7lDso8SFVwLpXRpTJTwR9lCX8MLBUIdsm6BJ%2B8wj6oWXiW6SOmsWGY6OlQm09xs4fe6EEFyKYAC1eN1rWYt4CkkeswN4eI37M0CF6RvocNfy9wZaz3bRAHjMmj6XfHwJLTMZjZYE6oKD%2Ft89UtaV30%2BrgBrOpRnSar1SNc2ZbQE2RFCkwioBbpM9c8bhfbqAwuBzNyv8PjrtwlC%2F5nzGQRtnFD1NOk%3D--u%2BuoiVboI%2FQffWCD--jV8kR4gMZXG3%2FAZEqwQcDA%3D%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.staging.bankonloop.com
fonts.googleapis.com
fonts.gstatic.com
2607:f8b0:4006:817::2003
2607:f8b0:4006:81d::200a
54.221.251.148
11bfcc58d75deaef56e0a3a982727560794058d7748daba261ca914b0293880b
175a7b79fba2a2fb6bf505614ca80c9c4501f9edc7390051f4f48364d87c9465
1b4f34c4f49ea2f2c810577d2963705cd5a7463630effe9c9d668284152f6113
36a0158a3fd0c25b56b13c4aeb02e2c72ecabd2e33f18135c339e658239b9e32
703182dac84b4c68b7bee031c21f05132a7a4f7261c3245f0ecc45cd0302b81c
70ecc992cda313c0e88b9f58d65ce6f52b4c9e042944d90611e9477e71472e92
9a7ff4f9fcac77e8707092331a9695cbe3935b0ee60750a747d2223710c47cf7
d97dd1195a8920414b964d47d9210acaae6ef5ad1e0b4ddb7f1797fd2848c8ff
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

api.staging.bankonloop.com Open in urlscan Pro 54.221.251.148 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

196 kBTransfer

868 kBSize

2 Cookies

2 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

api.staging.bankonloop.com Open in urlscan Pro
54.221.251.148 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

196 kB
Transfer

868 kB
Size

2
Cookies

9 HTTP transactions
0 data transactions