risk-feedback.staging.oxford.tink.network Open in urlscan Pro
34.241.110.9 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://risk-feedback.staging.oxford.tink.network/
Submission: On August 27 via automatic, source certstream-suspicious (August 27th 2024, 9:47:55 am UTC) — Scanned from US

Summary HTTP 4 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 34.241.110.9, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is risk-feedback.staging.oxford.tink.network.
TLS certificate: Issued by R10 on August 27th 2024. Valid for: 3 months.

This is the only time risk-feedback.staging.oxford.tink.network was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
4	34.241.110.9 34.241.110.9		16509 (AMAZON-02) (AMAZON-02)
4	1

4 34.241.110.9 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-110-9.eu-west-1.compute.amazonaws.com

risk-feedback.staging.oxford.tink.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	tink.network risk-feedback.staging.oxford.tink.network	903 KB
4	1

	Domain	Requested by
4	risk-feedback.staging.oxford.tink.network	risk-feedback.staging.oxford.tink.network
4	1

This site contains no links.

Subject Issuer	Validity	Valid
risk-feedback.staging.oxford.tink.network R10	`2024-08-27` - `2024-11-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://risk-feedback.staging.oxford.tink.network/
Frame ID: CE16B9DFB7D923643AE2F6CE156DA223
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Risk Feedback App

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

903 kB
Transfer

897 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
risk-feedback.staging.oxford.tink.network/ 434 B
1 KB 525ms
166ms Document
text/html 34.241.110.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://risk-feedback.staging.oxford.tink.network/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.241.110.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-110-9.eu-west-1.compute.amazonaws.com

Software

Resource Hash

48410185f886036d124dde5bbb3dcd5e8071052d54715e35e2aab936ed6b696e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-store, max-age=0
content-length: 434
content-security-policy: default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Tue, 27 Aug 2024 09:47:50 GMT
etag: "6603f0db-1b2"
last-modified: Wed, 27 Mar 2024 10:11:39 GMT
permissions-policy: accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
referrer-policy: no-referrer
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H2 200 index-822ebf48.js Show response
risk-feedback.staging.oxford.tink.network/assets/ 681 KB
684 KB 422ms
421ms Script
application/javascript 34.241.110.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js

Requested by

Host: risk-feedback.staging.oxford.tink.network
URL: https://risk-feedback.staging.oxford.tink.network/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.241.110.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-110-9.eu-west-1.compute.amazonaws.com

Software

Resource Hash

778a459dea2ab1aeefcdfc3dbbae85bea05de44f5e1f7df591c8c68655c385b2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://risk-feedback.staging.oxford.tink.network
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 27 Aug 2024 09:47:50 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
content-length: 697426
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 27 Mar 2024 10:11:39 GMT
cross-origin-opener-policy: same-origin
etag: "6603f0db-aa452"
x-frame-options: deny
content-type: application/javascript
cache-control: no-store, max-age=0
permissions-policy: accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes

GET
H2 200 index-df1f3cf4.css
risk-feedback.staging.oxford.tink.network/assets/ 211 KB
213 KB 169ms
168ms Stylesheet
text/css 34.241.110.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://risk-feedback.staging.oxford.tink.network/assets/index-df1f3cf4.css

Requested by

Host: risk-feedback.staging.oxford.tink.network
URL: https://risk-feedback.staging.oxford.tink.network/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.241.110.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-110-9.eu-west-1.compute.amazonaws.com

Software

Resource Hash

df1f3cf433cdc316183099effacf595f0797464167ac5b08f551a0a221c8ffc6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 27 Aug 2024 09:47:50 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
content-length: 216546
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 27 Mar 2024 10:11:39 GMT
cross-origin-opener-policy: same-origin
etag: "6603f0db-34de2"
x-frame-options: deny
content-type: text/css
cache-control: no-store, max-age=0
permissions-policy: accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes

GET
H2 200 favicon.ico
risk-feedback.staging.oxford.tink.network/ 4 KB
5 KB 168ms
167ms Other
image/x-icon 34.241.110.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://risk-feedback.staging.oxford.tink.network/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.241.110.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-110-9.eu-west-1.compute.amazonaws.com

Software

Resource Hash

db74ab0b78338c1f778f8398c45f4103c99aea0e845a3118a7750b4eeafd3445

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 27 Aug 2024 09:47:51 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
x-permitted-cross-domain-policies: none
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
content-length: 4286
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 27 Mar 2024 10:11:38 GMT
cross-origin-opener-policy: same-origin
etag: "6603f0da-10be"
x-frame-options: deny
content-type: image/x-icon
cache-control: no-store, max-age=0
permissions-policy: accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __VUE_INSTANCE_SETTERS__ object| __vueuse_ssr_handlers__ object| Prism boolean| __VUE__

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

24 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	info	URL: chrome://newtab/ Message: Clear-Site-Data header on 'https://risk-feedback.staging.oxford.tink.network/': Cleared data types: "cache", "cookies", "storage". Clearing channel IDs and HTTP authentication cache is currently not supported, as it breaks active network connections.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'oversized-images'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'speaker-selection'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'unoptimized-images'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'unsized-media'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
other	info	URL: https://risk-feedback.staging.oxford.tink.network/ Message: Clear-Site-Data header on 'https://risk-feedback.staging.oxford.tink.network/assets/index-df1f3cf4.css': Cleared data types: "cache", "cookies", "storage". Clearing channel IDs and HTTP authentication cache is currently not supported, as it breaks active network connections.
other	info	URL: https://risk-feedback.staging.oxford.tink.network/ Message: Clear-Site-Data header on 'https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js': Cleared data types: "cache", "cookies", "storage". Clearing channel IDs and HTTP authentication cache is currently not supported, as it breaks active network connections.
security	error	URL: https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js(Line 415) Message: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js(Line 415) Message: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-gKpQMMSZTSQsa1l8h8MnFRNmcuzw5kwdeF8CmuhOgXk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js(Line 18) Message: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js(Line 18) Message: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-X2Bxmq7WDvuk7vGxIZZ/IxPPlx8SrxoaiZ64ROCRH6Q='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js(Line 18) Message: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js(Line 18) Message: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-AR3RLxl9h+k2bHHLTL97dctiJzvH2kBDLMehlMDLTrQ='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js(Line 18) Message: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js(Line 18) Message: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-819TMoke7ttCq0udJSis/zFWu8uJDOjVztvKsPcwr/A='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js(Line 18) Message: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://risk-feedback.staging.oxford.tink.network/assets/index-822ebf48.js(Line 18) Message: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-eNhiHjgNaNdXGCBOQiWwZhnd3LytWyeZIJ2zIVsvkiw='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
other	info	URL: https://risk-feedback.staging.oxford.tink.network/feedback Message: Clear-Site-Data header on 'https://risk-feedback.staging.oxford.tink.network/favicon.ico': Cleared data types: "cache", "cookies", "storage". Clearing channel IDs and HTTP authentication cache is currently not supported, as it breaks active network connections.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

risk-feedback.staging.oxford.tink.network
34.241.110.9
48410185f886036d124dde5bbb3dcd5e8071052d54715e35e2aab936ed6b696e
778a459dea2ab1aeefcdfc3dbbae85bea05de44f5e1f7df591c8c68655c385b2
db74ab0b78338c1f778f8398c45f4103c99aea0e845a3118a7750b4eeafd3445
df1f3cf433cdc316183099effacf595f0797464167ac5b08f551a0a221c8ffc6

risk-feedback.staging.oxford.tink.network Open in urlscan Pro 34.241.110.9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

4 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

903 kBTransfer

897 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

0 Cookies

24 Console Messages

Security Headers

Indicators

risk-feedback.staging.oxford.tink.network Open in urlscan Pro
34.241.110.9 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

903 kB
Transfer

897 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions