banknotecapital.web.xff0.stream Open in urlscan Pro
209.202.206.234 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://banknotecapital.web.xff0.stream/
Effective URL:
https://banknotecapital.web.xff0.stream/login?next=/
Submission: On July 28 via automatic, source certstream-suspicious (July 28th 2023, 12:18:06 am UTC) — Scanned from CA

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 209.202.206.234, located in Kitchener, Canada and belongs to CARRY-TELECOM, CA. The main domain is banknotecapital.web.xff0.stream.
TLS certificate: Issued by R3 on July 27th 2023. Valid for: 3 months.

This is the only time banknotecapital.web.xff0.stream was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 10	209.202.206.234 209.202.206.234		395965 (CARRY-TEL...) (CARRY-TELECOM)
9	1

10 209.202.206.234 (Kitchener, Canada) 1 redirects

ASN395965 (CARRY-TELECOM, CA)

banknotecapital.web.xff0.stream	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	xff0.stream 1 redirects banknotecapital.web.xff0.stream	269 KB
9	1

	Domain	Requested by
10	banknotecapital.web.xff0.stream	1 redirects banknotecapital.web.xff0.stream
9	1

This site contains no links.

Subject Issuer	Validity	Valid
banknotecapital.web.xff0.stream R3	`2023-07-27` - `2023-10-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://banknotecapital.web.xff0.stream/login?next=/
Frame ID: ECC40A64C14923561F37B50BA9550A24
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Banknote Capital Login

Page URL History Show full URLs

https://banknotecapital.web.xff0.stream/ HTTP 302
https://banknotecapital.web.xff0.stream/login?next=/ Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

269 kB
Transfer

268 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://banknotecapital.web.xff0.stream/ HTTP 302
https://banknotecapital.web.xff0.stream/login?next=/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
banknotecapital.web.xff0.stream/
Redirect Chain

https://banknotecapital.web.xff0.stream/
https://banknotecapital.web.xff0.stream/login?next=/

3 KB
4 KB

48ms
47ms

Document
text/html

209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Kitchener, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy gunicorn /

Resource Hash

ccf6d8d6e961beacd8b4acc1cd70c58c357f04e7721cf901c11745537485f995

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

allow: GET, POST, HEAD, OPTIONS
alt-svc: h3=":443"; ma=2592000
content-length: 3555
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Fri, 28 Jul 2023 00:18:01 GMT
referrer-policy: same-origin
server: Caddy gunicorn
strict-transport-security: max-age=15552000
vary: Accept, Cookie
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Fri, 28 Jul 2023 00:18:01 GMT
location: /login?next=/
referrer-policy: same-origin
server: Caddy gunicorn
strict-transport-security: max-age=15552000
vary: Cookie
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

GET
H2 200 index.ad3a2a2b.css
banknotecapital.web.xff0.stream/static/assets/ 107 KB
107 KB 44ms
42ms Stylesheet
text/css 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/index.ad3a2a2b.css

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Kitchener, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

8379b81707bb85852734fbb9012247e97c0e9837ea85e3f5f7ff22348fe17dfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banknotecapital.web.xff0.stream/login?next=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 00:18:01 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-1abae"
content-type: text/css; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
alt-svc: h3=":443"; ma=2592000
content-length: 109486

GET
H2 200 ResetPassword.6aeb2b6b.css
banknotecapital.web.xff0.stream/static/assets/ 43 B
91 B 131ms
130ms Stylesheet
text/css 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/ResetPassword.6aeb2b6b.css

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Kitchener, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

208fb78d1b0dd0616a09e74bb93f9586e6ba6d78d6b418e58f6c106bec97531f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banknotecapital.web.xff0.stream/login?next=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 00:18:01 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-2b"
content-type: text/css; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
alt-svc: h3=":443"; ma=2592000
content-length: 43

GET
H2 200 login.42dee4ec.css
banknotecapital.web.xff0.stream/static/assets/ 717 B
766 B 131ms
130ms Stylesheet
text/css 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/login.42dee4ec.css

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Kitchener, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

c1c676a7f7f7ea8088577cc9a2435bab9e2b0ad57bc71d908eac99f9c6c59109

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banknotecapital.web.xff0.stream/login?next=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 00:18:01 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-2cd"
content-type: text/css; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
alt-svc: h3=":443"; ma=2592000
content-length: 717

GET
H2 200 login.6d66d105.js Show response
banknotecapital.web.xff0.stream/static/assets/ 5 KB
5 KB 131ms
130ms Script
text/javascript 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/login.6d66d105.js

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Kitchener, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

dac8020c865cc1f56f63f4003a35b68630f422043c8ea2772b582f5826421c77

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/login?next=/
Origin: https://banknotecapital.web.xff0.stream
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 00:18:01 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-154e"
content-type: text/javascript; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
alt-svc: h3=":443"; ma=2592000
content-length: 5454

GET
H2 200 index.e3f8d951.js Show response
banknotecapital.web.xff0.stream/static/assets/ 107 KB
107 KB 44ms
43ms Script
text/javascript 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/index.e3f8d951.js

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Kitchener, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

7940e3cf1e680fbbb9d5b08a18b5dced705545e3127e5839a5ed3f738a4d10f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/static/assets/login.6d66d105.js
Origin: https://banknotecapital.web.xff0.stream
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 00:18:01 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-1ad10"
content-type: text/javascript; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
alt-svc: h3=":443"; ma=2592000
content-length: 109840

GET
H2 200 ResetPassword.a9cb703c.js Show response
banknotecapital.web.xff0.stream/static/assets/ 4 KB
4 KB 43ms
42ms Script
text/javascript 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to

Full URL

https://banknotecapital.web.xff0.stream/static/assets/ResetPassword.a9cb703c.js

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Kitchener, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

a22ae48b0c2782333e68add57e426c671d58c4c5858c5047b4ba85074b806c63

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://banknotecapital.web.xff0.stream/static/assets/login.6d66d105.js
Origin: https://banknotecapital.web.xff0.stream
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 00:18:01 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:25:02 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "64c326fe-e5f"
content-type: text/javascript; charset="utf-8"
access-control-allow-origin: *
cache-control: max-age=315360000, public, immutable
alt-svc: h3=":443"; ma=2592000
content-length: 3679

GET
H2 200 banknote-slogan.png
banknotecapital.web.xff0.stream/static/ 5 KB
5 KB 43ms
43ms Image
image/png 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banknotecapital.web.xff0.stream/static/banknote-slogan.png

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Kitchener, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

afe6159eca93854fb9ce1271255dbae17c334a4662cc2df80f54a0e2fd0fcd4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banknotecapital.web.xff0.stream/login?next=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 00:18:02 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Mon, 11 Jul 2022 00:19:36 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "62cba4d8-14e7"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, public
alt-svc: h3=":443"; ma=2592000
content-length: 5351

GET
H2 200 bnc-logo.png
banknotecapital.web.xff0.stream/static/ 36 KB
36 KB 42ms
42ms Image
image/png 209.202.206.234
CARRY-TELECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banknotecapital.web.xff0.stream/static/bnc-logo.png

Requested by

Host: banknotecapital.web.xff0.stream
URL: https://banknotecapital.web.xff0.stream/login?next=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.202.206.234 Kitchener, Canada, ASN395965 (CARRY-TELECOM, CA),

Reverse DNS

Software

Caddy, gunicorn /

Resource Hash

69b4723e41d29e2f30a28d63b4fbc746c4d3c5fdf68235841a367b34c9cbe640

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://banknotecapital.web.xff0.stream/login?next=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 00:18:02 GMT
strict-transport-security: max-age=15552000
referrer-policy: same-origin
x-content-type-options: nosniff
last-modified: Mon, 11 Jul 2022 00:19:36 GMT
server: Caddy, gunicorn
cross-origin-opener-policy: same-origin
etag: "62cba4d8-8f1a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=0, public
alt-svc: h3=":443"; ma=2592000
content-length: 36634

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

banknotecapital.web.xff0.stream
209.202.206.234
208fb78d1b0dd0616a09e74bb93f9586e6ba6d78d6b418e58f6c106bec97531f
69b4723e41d29e2f30a28d63b4fbc746c4d3c5fdf68235841a367b34c9cbe640
7940e3cf1e680fbbb9d5b08a18b5dced705545e3127e5839a5ed3f738a4d10f2
8379b81707bb85852734fbb9012247e97c0e9837ea85e3f5f7ff22348fe17dfc
a22ae48b0c2782333e68add57e426c671d58c4c5858c5047b4ba85074b806c63
afe6159eca93854fb9ce1271255dbae17c334a4662cc2df80f54a0e2fd0fcd4d
c1c676a7f7f7ea8088577cc9a2435bab9e2b0ad57bc71d908eac99f9c6c59109
ccf6d8d6e961beacd8b4acc1cd70c58c357f04e7721cf901c11745537485f995
dac8020c865cc1f56f63f4003a35b68630f422043c8ea2772b582f5826421c77

banknotecapital.web.xff0.stream Open in urlscan Pro 209.202.206.234 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

269 kBTransfer

268 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

banknotecapital.web.xff0.stream Open in urlscan Pro
209.202.206.234 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

269 kB
Transfer

268 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions