URL: https://demo.banked.com/
Submission: On March 17 via automatic, source certstream-suspicious

Summary

This website contacted 6 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 151.101.1.195, located in United States and belongs to FASTLY, US. The main domain is demo.banked.com.
TLS certificate: Issued by GTS CA 1O1 on October 21st 2020. Valid for: a year.
This is the only time demo.banked.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 151.101.1.195 54113 (FASTLY)
1 151.101.65.195 54113 (FASTLY)
7 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
15 6
Domain Requested by
6 api.banked.com demo.banked.com
js.banked.com
3 demo.banked.com demo.banked.com
2 banked-css.web.app css.banked.com
1 storage.googleapis.com
1 fonts.googleapis.com demo.banked.com
1 js.banked.com demo.banked.com
1 css.banked.com demo.banked.com
15 7

This site contains no links.

Subject Issuer Validity Valid
firebaseapp.com
GTS CA 1O1
2020-10-21 -
2021-10-20
a year crt.sh
www.holtmon.dev
GTS CA 1D2
2021-01-31 -
2021-05-01
3 months crt.sh
banked.com
QuoVadis Europe EV SSL CA G1
2021-01-08 -
2022-01-08
a year crt.sh
upload.video.google.com
GTS CA 1O1
2021-02-23 -
2021-05-18
3 months crt.sh
web.app
GTS CA 1O1
2020-04-15 -
2021-04-14
a year crt.sh
*.storage.googleapis.com
GTS CA 1O1
2021-02-23 -
2021-05-18
3 months crt.sh

This page contains 1 frames:

Primary Page: https://demo.banked.com/
Frame ID: 1C98EB870CC9F393749A535CEB595D9C
Requests: 13 HTTP requests in this frame

Screenshot


Page Statistics

15
Requests

80 %
HTTPS

60 %
IPv6

3
Domains

7
Subdomains

6
IPs

2
Countries

228 kB
Transfer

680 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
demo.banked.com/
2 KB
916 B
Document
General
Full URL
https://demo.banked.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1a9ecfc87a46e8fd85726684539f13efd17a642ed1d11ff7c155baf3c0a334c0
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

:method
GET
:authority
demo.banked.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control
max-age=3600
content-encoding
br
content-type
text/html; charset=utf-8
etag
"b47a7c028323384b2baaa9f9e6224f05ae7d1ed659c5fa3664c8a9b1b67f7197-br"
last-modified
Wed, 17 Mar 2021 14:27:08 GMT
strict-transport-security
max-age=31556926
accept-ranges
bytes
date
Wed, 17 Mar 2021 14:34:42 GMT
x-served-by
cache-ams21048-AMS
x-cache
MISS
x-cache-hits
0
x-timer
S1615991682.066829,VS0,VE275
vary
x-fh-requested-host, accept-encoding
content-length
628
index.css
css.banked.com/stylesheets/1/
90 KB
10 KB
Stylesheet
General
Full URL
https://css.banked.com/stylesheets/1/index.css
Requested by
Host: demo.banked.com
URL: https://demo.banked.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ba47ca2618d99994216171095afa37ba5397ac73d1239d06793b72527d67ad3b
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://demo.banked.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
br
last-modified
Thu, 04 Mar 2021 15:54:19 GMT
x-timer
S1615991682.421198,VS0,VE1
etag
"9324082931cb46ded6ab0f48d67436978cacc331ba5945d45b53b8ccb7bfd3c3-br"
x-served-by
cache-ams21078-AMS
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/css; charset=utf-8
cache-control
max-age=3600
date
Wed, 17 Mar 2021 14:34:42 GMT
accept-ranges
bytes
content-length
10378
x-cache-hits
1
styles.css
demo.banked.com/
3 KB
918 B
Stylesheet
General
Full URL
https://demo.banked.com/styles.css
Requested by
Host: demo.banked.com
URL: https://demo.banked.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
84b053ca7b28c5834e3e81febc9b4881272d5e9ce0123ca3ee132627c8ab51fc
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://demo.banked.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
br
last-modified
Wed, 17 Mar 2021 14:27:08 GMT
x-timer
S1615991682.364198,VS0,VE267
etag
"deb543d388cf749fb6c00b89336c414b827f80514397cf3e1dc6c69884d5e422-br"
x-served-by
cache-ams21048-AMS
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/css; charset=utf-8
cache-control
max-age=3600
date
Wed, 17 Mar 2021 14:34:42 GMT
accept-ranges
bytes
content-length
786
x-cache-hits
0
/
js.banked.com/v3/
484 KB
119 KB
Script
General
Full URL
https://js.banked.com/v3/
Requested by
Host: demo.banked.com
URL: https://demo.banked.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700:10::6814:25f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d64384188aff622e4d20477417927f84194226b74fa7dd947fe1fba16e57a830

Request headers

Referer
https://demo.banked.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 17 Mar 2021 14:34:42 GMT
content-encoding
gzip
cf-cache-status
HIT
server
cloudflare
age
102920
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cf-ray
6316f1923b53c29f-FRA
cf-request-id
08e2354f6f0000c29f058ec000000001
demo.js
demo.banked.com/
4 KB
1 KB
Script
General
Full URL
https://demo.banked.com/demo.js
Requested by
Host: demo.banked.com
URL: https://demo.banked.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c4a625a4cd1cfaff97d4656541b9da5973108bf8651b146c5c543464b10befc7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://demo.banked.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
br
last-modified
Wed, 17 Mar 2021 14:27:08 GMT
x-timer
S1615991682.364157,VS0,VE344
etag
"defc6ab2fc1a8e224a2a41eba2127d8f44fb74794a11fdfa3952b28fd9c55754-br"
x-served-by
cache-ams21048-AMS
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
date
Wed, 17 Mar 2021 14:34:42 GMT
accept-ranges
bytes
content-length
1244
x-cache-hits
0
css2
fonts.googleapis.com/
2 KB
669 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Source+Code+Pro&display=swap
Requested by
Host: demo.banked.com
URL: https://demo.banked.com/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b4c01b3174c2704d365015e7929b074063b40216361e3e87327c6767034bbf57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://demo.banked.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 17 Mar 2021 14:32:37 GMT
server
ESF
date
Wed, 17 Mar 2021 14:34:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 17 Mar 2021 14:34:42 GMT
Hermes-RegularCond.1f201324.woff2
banked-css.web.app/static/media/
38 KB
39 KB
Font
General
Full URL
https://banked-css.web.app/static/media/Hermes-RegularCond.1f201324.woff2
Requested by
Host: css.banked.com
URL: https://css.banked.com/stylesheets/1/index.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5c8a9525a50f7b3aa41c17596f3fc395a34d7bbef6ac6204caa0725210ded9a6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Origin
https://demo.banked.com
Referer
https://css.banked.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
last-modified
Thu, 04 Mar 2021 15:54:19 GMT
x-timer
S1615991683.778029,VS0,VE1
etag
"00886aef475ed860c00376ef2fd8f0907a460808e47986d8f587765992b6c6a0"
x-served-by
cache-ams21063-AMS
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=3600
date
Wed, 17 Mar 2021 14:34:42 GMT
accept-ranges
bytes
content-length
39352
x-cache-hits
1
Hermes-LightCond.e9c1345d.woff2
banked-css.web.app/static/media/
38 KB
38 KB
Font
General
Full URL
https://banked-css.web.app/static/media/Hermes-LightCond.e9c1345d.woff2
Requested by
Host: css.banked.com
URL: https://css.banked.com/stylesheets/1/index.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
67ccfec01a40692a66c14c620038d3903b2ea4ac74b50d4ae1c0729a55f6263a
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Origin
https://demo.banked.com
Referer
https://css.banked.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
last-modified
Thu, 04 Mar 2021 15:54:19 GMT
x-timer
S1615991683.778030,VS0,VE1
etag
"8b9c5ae665ef17655138e750a2a99f66514433d6073cc8c5e571d71a60f690d9"
x-served-by
cache-ams21063-AMS
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=3600
date
Wed, 17 Mar 2021 14:34:42 GMT
accept-ranges
bytes
content-length
39012
x-cache-hits
1
payment_sessions
api.banked.com/v2/
0
0
Preflight
General
Full URL
https://api.banked.com/v2/payment_sessions?api_key=ef73750ebd7c0633491056c06ba3363b
Protocol
H2
Server
2606:4700:10::6814:25f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://demo.banked.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 17 Mar 2021 14:34:43 GMT
access-control-allow-origin
https://demo.banked.com
access-control-allow-methods
POST
access-control-expose-headers
access-control-max-age
0
access-control-allow-headers
content-type
vary
Accept-Encoding
content-encoding
gzip
via
1.1 google
cf-cache-status
DYNAMIC
cf-request-id
08e23550530000c28606364000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6316f193bb13c286-FRA
checkout_sessions
api.banked.com/checkout/v1/
0
0
Preflight
General
Full URL
https://api.banked.com/checkout/v1/checkout_sessions?api_key=ef73750ebd7c0633491056c06ba3363b
Protocol
H2
Server
2606:4700:10::6814:25f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
banked-platform,banked-platform-version,content-type
Origin
https://demo.banked.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 17 Mar 2021 14:34:43 GMT
access-control-allow-origin
https://demo.banked.com
access-control-allow-methods
GET, POST, PATCH, OPTIONS
access-control-expose-headers
access-control-max-age
0
access-control-allow-credentials
true
access-control-allow-headers
banked-platform,banked-platform-version,content-type
vary
Accept-Encoding
content-encoding
gzip
via
1.1 google
cf-cache-status
DYNAMIC
cf-request-id
08e23550510000c28641ba5000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6316f193bb19c286-FRA
payment_sessions
api.banked.com/v2/
775 B
628 B
Fetch
General
Full URL
https://api.banked.com/v2/payment_sessions?api_key=ef73750ebd7c0633491056c06ba3363b
Requested by
Host: demo.banked.com
URL: https://demo.banked.com/demo.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700:10::6814:25f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cd5f0f4534815101723df2faa39df1f80a207ce053872bfdb53f4b65c9a3bb5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://demo.banked.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 17 Mar 2021 14:34:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
access-control-allow-origin
https://demo.banked.com
access-control-allow-methods
POST
vary
Origin,Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
06c0b790-2111-416a-ada9-6005ed958a04
x-runtime
0.229837
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"9cd5f0f4534815101723df2faa39df1f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
0
x-download-options
noopen
content-type
application/json; charset=utf-8
via
1.1 google
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
cf-request-id
08e235507f0000c286e6a7b000000001
cf-ray
6316f193fb61c286-FRA
checkout_sessions
api.banked.com/checkout/v1/
105 B
461 B
Fetch
General
Full URL
https://api.banked.com/checkout/v1/checkout_sessions?api_key=ef73750ebd7c0633491056c06ba3363b
Requested by
Host: js.banked.com
URL: https://js.banked.com/v3/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700:10::6814:25f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a711c58c858ec7cb30a94601be97e2b1ce5c600084cdb731f86ba033292540e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://demo.banked.com/
banked-platform-version
3
banked-platform
Checkout
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type
application/json

Response headers

date
Wed, 17 Mar 2021 14:34:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
access-control-allow-origin
https://demo.banked.com
access-control-allow-methods
GET, POST, PATCH, OPTIONS
vary
Origin,Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
b8f77f3e-9b68-45d4-8876-d609c03429d1
x-runtime
0.015760
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
0
x-download-options
noopen
content-type
application/json; charset=utf-8
via
1.1 google
access-control-expose-headers
cache-control
no-cache
access-control-allow-credentials
true
cf-request-id
08e235507e0000c286e3bdf000000001
cf-ray
6316f193fb60c286-FRA
truncated
/
14 KB
14 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d0b76793ff6386dc2dfd53a607748c4c5c1cbde389f51ed071095e134afc497f

Request headers

Origin
https://demo.banked.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
font/woff2
checkout_sessions
api.banked.com/checkout/v1/
0
0
Preflight
General
Full URL
https://api.banked.com/checkout/v1/checkout_sessions?api_key=ef73750ebd7c0633491056c06ba3363b
Protocol
H2
Server
2606:4700:10::6814:25f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
banked-platform,banked-platform-version,content-type
Origin
https://demo.banked.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 17 Mar 2021 14:34:43 GMT
access-control-allow-origin
https://demo.banked.com
access-control-allow-methods
GET, POST, PATCH, OPTIONS
access-control-expose-headers
access-control-max-age
0
access-control-allow-credentials
true
access-control-allow-headers
banked-platform,banked-platform-version,content-type
vary
Accept-Encoding
content-encoding
gzip
via
1.1 google
cf-cache-status
DYNAMIC
cf-request-id
08e23551900000c286359b2000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6316f195bccbc286-FRA
checkout_sessions
api.banked.com/checkout/v1/
3 KB
2 KB
Fetch
General
Full URL
https://api.banked.com/checkout/v1/checkout_sessions?api_key=ef73750ebd7c0633491056c06ba3363b
Requested by
Host: js.banked.com
URL: https://js.banked.com/v3/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700:10::6814:25f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98a08fd7cd8c54e25a10b27064223247e2915fec55085a684a146ad83caae8f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://demo.banked.com/
banked-platform-version
3
banked-platform
Checkout
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type
application/json

Response headers

date
Wed, 17 Mar 2021 14:34:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
access-control-allow-origin
https://demo.banked.com
access-control-allow-methods
GET, POST, PATCH, OPTIONS
vary
Origin,Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
753f4fbc-7445-4f73-a4a8-e2e602ff4722
x-runtime
0.178807
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"98a08fd7cd8c54e25a10b27064223247"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
0
x-download-options
noopen
content-type
application/json; charset=utf-8
via
1.1 google
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
cf-request-id
08e23551bb0000c28659b01000000001
cf-ray
6316f195fd02c286-FRA
607a1081fd6ed88e27c7c7918305f6b1d64f59f0620a3f8e06f90756e54b5137
storage.googleapis.com/banked-active-storage-bucket-production/variants/3rxdp7j52zhs5lraqyonavgvwyg7/
1 KB
2 KB
Image
General
Full URL
https://storage.googleapis.com/banked-active-storage-bucket-production/variants/3rxdp7j52zhs5lraqyonavgvwyg7/607a1081fd6ed88e27c7c7918305f6b1d64f59f0620a3f8e06f90756e54b5137?GoogleAccessId=banked-app-service-account%40productionf7576c6f.iam.gserviceaccount.com&Expires=4740129283&Signature=grX18NDXlgyAfWv%2BXelDxBkZfld5h0hpZf6tUtUqKbOxQGOLQeFagTCHgKBCjwpDRkYd%2BjdOduWBD31RKGu3x9cOhb7Mt5adwZrXSf541wMfO4bv3ovVnmPar6NZEF3ltUaj8S0f0%2FUdZYEHVDiuDIy4g%2Fqxw92CF9%2FaqWuvapbnX4Cnpy7vBctPjhrhu%2FC0fcI4egdpYBJpFd7SBVWyUWEWzhgPqL5fZ5sTXl%2F36qj1W3dSI7X7sX2nUCuKdFP1YGGQrZGXfxjSaLJmOHkuT%2F7NNym8zG3mPaODCKpHMpLytv53U4dqmrARaaTfjP7Eg%2BmS7dtKe5qmzQ9%2FyByDuA%3D%3D&response-content-disposition=inline%3B+filename%3D%22you-logo-here-150x48px%25402x.png%22%3B+filename%2A%3DUTF-8%27%27you-logo-here-150x48px%25402x.png&response-content-type=image%2Fpng
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
f6a381b7e1a81699a147b3a42660375e8013cf3c28d13c16e5dfba11e8ec660f

Request headers

Referer
https://demo.banked.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 17 Mar 2021 14:34:43 GMT
x-guploader-uploadid
ABg5-UwGc9poK4zwbKUSGC656n3IeQY29rsFFouC2AudvnXAHrQewJB5bL2C7dfT5R0y1XN-cnh0bGjO7jG0tw602ZA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-disposition
inline; filename="you-logo-here-150x48px%402x.png"; filename*=UTF-8''you-logo-here-150x48px%402x.png
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1327
last-modified
Wed, 17 Mar 2021 14:26:29 GMT
server
UploadServer
etag
"7c49f4562792dfc775db3e40f4877ce7"
x-goog-hash
crc32c=P1upCg==, md5=fEn0VieS38d12z5A9Id85w==
x-goog-generation
1615991189528897
cache-control
public, max-age=3600
x-goog-stored-content-length
1327
accept-ranges
bytes
content-type
image/png
expires
Wed, 17 Mar 2021 15:34:43 GMT

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| setLineItems function| showAllProviders function| hideHeader function| setCssValue function| getPaymentId function| setPaymentIdFromHash function| updateCodeSnippet undefined| Banked object| webpackJsonpBanked object| __SENTRY__ object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions

1 Cookies

Domain/Path Name / Value
.banked.com/ Name: __cfduid
Value: d343e0bad3e68873176e7bd94a9215cc11615991682

1 Console Messages

Source Level URL
Text
console-api warning URL: https://js.banked.com/v3/(Line 152)
Message:
Error: Payment ID not provided

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926