Submitted URL: https://verify.monzo.com/3ds2/challenge?auth_id=3ds2auth_665ec26a-78f1-5bf6-87e9-987b322df8e3
Effective URL: https://hooks.stripe.com/3d_secure_2/notify/acct_15kbbgKpW9DKy5hn/tds2_RFJ3c0hGTUhSQnllUFF0OW91TkMzcXJxeXFEejlKcjU2czBydU...
Submission Tags: 0xscam
Submission: On October 16 via api from US — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 54.228.85.11, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is hooks.stripe.com. The Cisco Umbrella rank of the primary domain is 109659.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on September 20th 2024. Valid for: 3 months.
This is the only time hooks.stripe.com was scanned on urlscan.io!

urlscan.io Verdict: No classification


Live information

Domain & IP information

IP Address AS Autonomous System
8 2606:4700:440... 13335 (CLOUDFLAR...)
1 2a04:4e42:600... 54113 (FASTLY)
2 54.228.85.11 16509 (AMAZON-02)
11 3
Apex Domain
Subdomains
Transfer
8 monzo.com
verify.monzo.com — Cisco Umbrella Rank: 362588
58 KB
2 stripe.com
hooks.stripe.com — Cisco Umbrella Rank: 109659
3 KB
1 sentry-cdn.com
js.sentry-cdn.com — Cisco Umbrella Rank: 5097
2 KB
11 3
Domain Requested by
8 verify.monzo.com verify.monzo.com
2 hooks.stripe.com hooks.stripe.com
1 js.sentry-cdn.com verify.monzo.com
11 3

This site contains no links.

Subject Issuer Validity Valid
monzo.com
Cloudflare Inc ECC CA-3
2024-03-05 -
2024-12-31
10 months crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA 2024 Q2
2024-06-04 -
2025-07-06
a year crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2024-09-20 -
2024-12-05
3 months crt.sh

This page contains 1 frames:

Primary Page: https://hooks.stripe.com/3d_secure_2/notify/acct_15kbbgKpW9DKy5hn/tds2_RFJ3c0hGTUhSQnllUFF0OW91TkMzcXJxeXFEejlKcjU2czBydUNRRCFnMCMSFwoVYWNjdF8xNWtiYmdLcFc5REt5NWhu
Frame ID: 8D1CA4E5C55F3CF7B58EE8BD1CE335BC
Requests: 11 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://verify.monzo.com/3ds2/challenge?auth_id=3ds2auth_665ec26a-78f1-5bf6-87e9-987b322df8e3 Page URL
  2. https://hooks.stripe.com/3d_secure_2/notify/acct_15kbbgKpW9DKy5hn/tds2_RFJ3c0hGTUhSQnllUFF0OW91TkMzcX... Page URL

Page Statistics

11
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

63 kB
Transfer

69 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://verify.monzo.com/3ds2/challenge?auth_id=3ds2auth_665ec26a-78f1-5bf6-87e9-987b322df8e3 Page URL
  2. https://hooks.stripe.com/3d_secure_2/notify/acct_15kbbgKpW9DKy5hn/tds2_RFJ3c0hGTUhSQnllUFF0OW91TkMzcXJxeXFEejlKcjU2czBydUNRRCFnMCMSFwoVYWNjdF8xNWtiYmdLcFc5REt5NWhu Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
challenge
verify.monzo.com/3ds2/
4 KB
3 KB
Document
General
Full URL
https://verify.monzo.com/3ds2/challenge?auth_id=3ds2auth_665ec26a-78f1-5bf6-87e9-987b322df8e3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:968c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9dc002733e9a917a967318e8904b63ee45ab5b8f5baa3d4977eb7e46b4768023
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-/WL3GHmV9nHNmDgXe+j8nWW5FDrsshTsIm/4tNyhdwY='; style-src 'self' 'nonce-/WL3GHmV9nHNmDgXe+j8nWW5FDrsshTsIm/4tNyhdwY='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8d355cdc4fa6914a-FRA
content-encoding
gzip
content-security-policy
base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-/WL3GHmV9nHNmDgXe+j8nWW5FDrsshTsIm/4tNyhdwY='; style-src 'self' 'nonce-/WL3GHmV9nHNmDgXe+j8nWW5FDrsshTsIm/4tNyhdwY='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
content-type
text/html;charset=utf-8
date
Wed, 16 Oct 2024 04:39:01 GMT
opentracing-id
referrer-policy
no-referrer
report-to
{ "group": "csp-endpoint", "max-age": 10886400, "endpoints": [{ "url": "https://monzo.report-uri.com/r/d/csp/enforce", "priority": 1 }] }
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
trace-id
b2cd1c00-9d04-4bb3-6ed4-61257f8fdbdb
x-content-type-options
nosniff
x-xss-protection
1; mode=block
main.css
verify.monzo.com/3ds/
5 KB
2 KB
Stylesheet
General
Full URL
https://verify.monzo.com/3ds/main.css
Requested by
Host: verify.monzo.com
URL: https://verify.monzo.com/3ds2/challenge?auth_id=3ds2auth_665ec26a-78f1-5bf6-87e9-987b322df8e3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:968c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf3b3dc05ba5c02dbf86d0bc29b7ff407bcaadd4848957b763e5f32449ea3eef
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-wT9yNORfdq1diLikxT4pwo6jy6nYrTpdq0U4+eVwuLY='; style-src 'self' 'nonce-wT9yNORfdq1diLikxT4pwo6jy6nYrTpdq0U4+eVwuLY='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-wT9yNORfdq1diLikxT4pwo6jy6nYrTpdq0U4+eVwuLY='; style-src 'self' 'nonce-wT9yNORfdq1diLikxT4pwo6jy6nYrTpdq0U4+eVwuLY='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
content-encoding
gzip
cf-cache-status
DYNAMIC
trace-id
81aca943-4be1-4b5a-488d-b7514d21db5f
report-to
{ "group": "csp-endpoint", "max-age": 10886400, "endpoints": [{ "url": "https://monzo.report-uri.com/r/d/csp/enforce", "priority": 1 }] }
referrer-policy
no-referrer
x-content-type-options
nosniff
opentracing-id
cf-ray
8d355cdd6833914a-FRA
date
Wed, 16 Oct 2024 04:39:02 GMT
x-xss-protection
1; mode=block
content-type
text/css; charset=utf-8
server
cloudflare
6d7c4b98be84475383025b83113480b3.min.js
js.sentry-cdn.com/
3 KB
2 KB
Script
General
Full URL
https://js.sentry-cdn.com/6d7c4b98be84475383025b83113480b3.min.js
Requested by
Host: verify.monzo.com
URL: https://verify.monzo.com/3ds2/challenge?auth_id=3ds2auth_665ec26a-78f1-5bf6-87e9-987b322df8e3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b5a63a32d913d1540eb2198d3c0c4c3c9392fda311b7a000d765af7c2c865fef
Security Headers
Name Value
Content-Security-Policy media-src *; style-src * 'unsafe-inline'; img-src * blob: data:; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io sentry.io *.sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; worker-src blob:; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; object-src 'none'; default-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; font-src * data:; frame-ancestors 'self' *.sentry.io; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=3006d7d3aec18101c6996e4e9625d9f5453ce461
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://verify.monzo.com
Referer

Response headers

content-encoding
gzip
age
201
x-envoy-attempt-count
1
x-content-type-options
nosniff
date
Wed, 16 Oct 2024 04:39:02 GMT
content-type
text/javascript
vary
Accept-Encoding
x-served-by
getsentry-web-default-common-production-5df49967b8-s7qpr, cache-chi-klot8100155-CHI, cache-fra-eddf8230060-FRA
x-frame-options
deny
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
media-src *; style-src * 'unsafe-inline'; img-src * blob: data:; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io sentry.io *.sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; worker-src blob:; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; object-src 'none'; default-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; font-src * data:; frame-ancestors 'self' *.sentry.io; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=3006d7d3aec18101c6996e4e9625d9f5453ce461
cache-control
public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
timing-allow-origin
*
x-envoy-upstream-service-time
28
accept-ranges
bytes
access-control-allow-origin
*
content-length
1316
x-xss-protection
1; mode=block
content-language
en
monzo_logo.svg
verify.monzo.com/3ds/
3 KB
2 KB
Image
General
Full URL
https://verify.monzo.com/3ds/monzo_logo.svg
Requested by
Host: verify.monzo.com
URL: https://verify.monzo.com/3ds2/challenge?auth_id=3ds2auth_665ec26a-78f1-5bf6-87e9-987b322df8e3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:968c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
921e2c84d091fc9de8b93c5e397d5c58b8ab04f6a96ebb37d465f75f745ee96e
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-AnZV4p+S6xTAb2M4MkOBOjPWb0koEe/eVOGWF0eeMMM='; style-src 'self' 'nonce-AnZV4p+S6xTAb2M4MkOBOjPWb0koEe/eVOGWF0eeMMM='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-AnZV4p+S6xTAb2M4MkOBOjPWb0koEe/eVOGWF0eeMMM='; style-src 'self' 'nonce-AnZV4p+S6xTAb2M4MkOBOjPWb0koEe/eVOGWF0eeMMM='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
content-encoding
gzip
cf-cache-status
DYNAMIC
trace-id
688a9e94-6597-47a2-76eb-e33586d84912
report-to
{ "group": "csp-endpoint", "max-age": 10886400, "endpoints": [{ "url": "https://monzo.report-uri.com/r/d/csp/enforce", "priority": 1 }] }
referrer-policy
no-referrer
x-content-type-options
nosniff
opentracing-id
cf-ray
8d355cdd6834914a-FRA
date
Wed, 16 Oct 2024 04:39:02 GMT
x-xss-protection
1; mode=block
content-type
image/svg+xml
server
cloudflare
mastercard_logo.svg
verify.monzo.com/3ds/
6 KB
3 KB
Image
General
Full URL
https://verify.monzo.com/3ds/mastercard_logo.svg
Requested by
Host: verify.monzo.com
URL: https://verify.monzo.com/3ds2/challenge?auth_id=3ds2auth_665ec26a-78f1-5bf6-87e9-987b322df8e3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:968c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ecf37a6002154593a2a39cc6b0e929f6e21dd7187116a3287e955495c30016d0
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-8r6Pw8t5iyCKSHCxY2uiscqrdQYiwRID5K1gtNAATbU='; style-src 'self' 'nonce-8r6Pw8t5iyCKSHCxY2uiscqrdQYiwRID5K1gtNAATbU='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-8r6Pw8t5iyCKSHCxY2uiscqrdQYiwRID5K1gtNAATbU='; style-src 'self' 'nonce-8r6Pw8t5iyCKSHCxY2uiscqrdQYiwRID5K1gtNAATbU='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
content-encoding
gzip
cf-cache-status
DYNAMIC
trace-id
982e0ca1-9142-4404-6f69-50007f3f51bc
report-to
{ "group": "csp-endpoint", "max-age": 10886400, "endpoints": [{ "url": "https://monzo.report-uri.com/r/d/csp/enforce", "priority": 1 }] }
referrer-policy
no-referrer
x-content-type-options
nosniff
opentracing-id
cf-ray
8d355cdd6836914a-FRA
date
Wed, 16 Oct 2024 04:39:02 GMT
x-xss-protection
1; mode=block
content-type
image/svg+xml
server
cloudflare
tick.svg
verify.monzo.com/3ds/
898 B
1 KB
Image
General
Full URL
https://verify.monzo.com/3ds/tick.svg
Requested by
Host: verify.monzo.com
URL: https://verify.monzo.com/3ds2/challenge?auth_id=3ds2auth_665ec26a-78f1-5bf6-87e9-987b322df8e3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:968c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30ab33662b3c7699761de24aa31a87ff84721cf6fc82f3e3317b411ca10fb630
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-mOBhaep22bQuCElfT7NSrkiXJSEP6r7+ci2PjAeKl6s='; style-src 'self' 'nonce-mOBhaep22bQuCElfT7NSrkiXJSEP6r7+ci2PjAeKl6s='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-mOBhaep22bQuCElfT7NSrkiXJSEP6r7+ci2PjAeKl6s='; style-src 'self' 'nonce-mOBhaep22bQuCElfT7NSrkiXJSEP6r7+ci2PjAeKl6s='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
content-encoding
gzip
cf-cache-status
DYNAMIC
trace-id
11f4eb90-d175-4201-4796-20e4a4f0f65e
report-to
{ "group": "csp-endpoint", "max-age": 10886400, "endpoints": [{ "url": "https://monzo.report-uri.com/r/d/csp/enforce", "priority": 1 }] }
referrer-policy
no-referrer
x-content-type-options
nosniff
opentracing-id
cf-ray
8d355cddf87b914a-FRA
date
Wed, 16 Oct 2024 04:39:02 GMT
x-xss-protection
1; mode=block
content-type
image/svg+xml
server
cloudflare
MonzoSansText-Bold.woff2
verify.monzo.com/3ds/fonts/
22 KB
23 KB
Font
General
Full URL
https://verify.monzo.com/3ds/fonts/MonzoSansText-Bold.woff2
Requested by
Host: verify.monzo.com
URL: https://verify.monzo.com/3ds/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:968c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a82eb99184db9754900a6b068ed4d5d7fc418a153cc89386b4a77260c84392a7
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-O5pzzirBcIoKGxfz+9tTeVkRpc54wgblg5E3yayg5+o='; style-src 'self' 'nonce-O5pzzirBcIoKGxfz+9tTeVkRpc54wgblg5E3yayg5+o='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://verify.monzo.com
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-O5pzzirBcIoKGxfz+9tTeVkRpc54wgblg5E3yayg5+o='; style-src 'self' 'nonce-O5pzzirBcIoKGxfz+9tTeVkRpc54wgblg5E3yayg5+o='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
cf-cache-status
DYNAMIC
trace-id
b7448eee-b6e0-4be7-550c-1a06e176658d
report-to
{ "group": "csp-endpoint", "max-age": 10886400, "endpoints": [{ "url": "https://monzo.report-uri.com/r/d/csp/enforce", "priority": 1 }] }
referrer-policy
no-referrer
x-content-type-options
nosniff
opentracing-id
cf-ray
8d355cddf87d914a-FRA
accept-ranges
bytes
content-length
22964
date
Wed, 16 Oct 2024 04:39:02 GMT
x-xss-protection
1; mode=block
content-type
font/woff2
server
cloudflare
MonzoSansText-Regular.woff2
verify.monzo.com/3ds/fonts/
22 KB
23 KB
Font
General
Full URL
https://verify.monzo.com/3ds/fonts/MonzoSansText-Regular.woff2
Requested by
Host: verify.monzo.com
URL: https://verify.monzo.com/3ds/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:968c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9742f19d4b67837278f29f2c965278af31ab8969bddccb011cea699da14baf1c
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-nf53YNQ0oKOdhM2fOiDLUYopXt38pNmxs9/Ru9ie6Hk='; style-src 'self' 'nonce-nf53YNQ0oKOdhM2fOiDLUYopXt38pNmxs9/Ru9ie6Hk='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://verify.monzo.com
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-nf53YNQ0oKOdhM2fOiDLUYopXt38pNmxs9/Ru9ie6Hk='; style-src 'self' 'nonce-nf53YNQ0oKOdhM2fOiDLUYopXt38pNmxs9/Ru9ie6Hk='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
cf-cache-status
DYNAMIC
trace-id
0a11be1e-3b7b-4b15-6143-dcbd94dd299a
report-to
{ "group": "csp-endpoint", "max-age": 10886400, "endpoints": [{ "url": "https://monzo.report-uri.com/r/d/csp/enforce", "priority": 1 }] }
referrer-policy
no-referrer
x-content-type-options
nosniff
opentracing-id
cf-ray
8d355cddf87f914a-FRA
accept-ranges
bytes
content-length
22728
date
Wed, 16 Oct 2024 04:39:02 GMT
x-xss-protection
1; mode=block
content-type
font/woff2
server
cloudflare
favicon.png
verify.monzo.com/
760 B
1 KB
Other
General
Full URL
https://verify.monzo.com/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:968c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04f79b78d15b86ddde6856f9b0cae524ae4b8d871ac8ee8d7afc7d3780a20492
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-8jOfGKqV8MOQN/B4ZOvVyFbyKWusxxbnlk6kdwWnokc='; style-src 'self' 'nonce-8jOfGKqV8MOQN/B4ZOvVyFbyKWusxxbnlk6kdwWnokc='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-8jOfGKqV8MOQN/B4ZOvVyFbyKWusxxbnlk6kdwWnokc='; style-src 'self' 'nonce-8jOfGKqV8MOQN/B4ZOvVyFbyKWusxxbnlk6kdwWnokc='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
cf-cache-status
DYNAMIC
trace-id
72516eed-b2b5-43b5-58ef-9b1a869e3f5c
report-to
{ "group": "csp-endpoint", "max-age": 10886400, "endpoints": [{ "url": "https://monzo.report-uri.com/r/d/csp/enforce", "priority": 1 }] }
referrer-policy
no-referrer
x-content-type-options
nosniff
opentracing-id
cf-ray
8d355cdec8db914a-FRA
accept-ranges
bytes
content-length
760
date
Wed, 16 Oct 2024 04:39:02 GMT
x-xss-protection
1; mode=block
content-type
image/png
server
cloudflare
Primary Request tds2_RFJ3c0hGTUhSQnllUFF0OW91TkMzcXJxeXFEejlKcjU2czBydUNRRCFnMCMSFwoVYWNjdF8xNWtiYmdLcFc5REt5NWhu
hooks.stripe.com/3d_secure_2/notify/acct_15kbbgKpW9DKy5hn/
719 B
1 KB
Document
General
Full URL
https://hooks.stripe.com/3d_secure_2/notify/acct_15kbbgKpW9DKy5hn/tds2_RFJ3c0hGTUhSQnllUFF0OW91TkMzcXJxeXFEejlKcjU2czBydUNRRCFnMCMSFwoVYWNjdF8xNWtiYmdLcFc5REt5NWhu
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.228.85.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-85-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6aaa9193899d3ba7e1e5bea85b811f01b45960be3391b87142bdc9ec94f28306
Security Headers
Name Value
Content-Security-Policy report-uri /csp-report?p=3d_secure_2%2Fnotify%2F%3Amerchant%2F%3Athree_d_secure_2; block-all-mixed-content; default-src 'none'; base-uri 'none'; font-src https://hooks.stripe.com; form-action 'none'; frame-src 'none'; img-src 'self' data:; script-src 'self' 'report-sample'; style-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
null
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-security-policy
report-uri /csp-report?p=3d_secure_2%2Fnotify%2F%3Amerchant%2F%3Athree_d_secure_2; block-all-mixed-content; default-src 'none'; base-uri 'none'; font-src https://hooks.stripe.com; form-action 'none'; frame-src 'none'; img-src 'self' data:; script-src 'self' 'report-sample'; style-src 'self'
content-type
text/html;charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="coop"
date
Wed, 16 Oct 2024 04:39:03 GMT
report-to
{"group":"coop","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coop-report?s=threedsecure-two-web-srv"}],"include_subdomains":true}
reporting-endpoints
coop="https://q.stripe.com/coop-report?s=threedsecure-two-web-srv"
server
nginx
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-inbound-proxy-type
envoy
x-stripe-outbound-proxy-type
envoy
x-stripe-upstream-host
10.75.115.115:1643
x-wc
A
trampoline.js
hooks.stripe.com/3d_secure_2/
1 KB
1 KB
Script
General
Full URL
https://hooks.stripe.com/3d_secure_2/trampoline.js
Requested by
Host: hooks.stripe.com
URL: https://hooks.stripe.com/3d_secure_2/notify/acct_15kbbgKpW9DKy5hn/tds2_RFJ3c0hGTUhSQnllUFF0OW91TkMzcXJxeXFEejlKcjU2czBydUNRRCFnMCMSFwoVYWNjdF8xNWtiYmdLcFc5REt5NWhu
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.228.85.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-85-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
21fff504982531b0fa089e34a5041d096a87d5387a9bc8950349953b570b3483
Security Headers
Name Value
Content-Security-Policy report-uri /csp-report?p=%21unknown; block-all-mixed-content; default-src 'none'; base-uri 'none'; font-src https://hooks.stripe.com; form-action 'none'; frame-ancestors 'none'; frame-src 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://hooks.stripe.com/3d_secure_2/notify/acct_15kbbgKpW9DKy5hn/tds2_RFJ3c0hGTUhSQnllUFF0OW91TkMzcXJxeXFEejlKcjU2czBydUNRRCFnMCMSFwoVYWNjdF8xNWtiYmdLcFc5REt5NWhu

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
reporting-endpoints
coop="https://q.stripe.com/coop-report?s=threedsecure-two-web-srv"
content-security-policy
report-uri /csp-report?p=%21unknown; block-all-mixed-content; default-src 'none'; base-uri 'none'; font-src https://hooks.stripe.com; form-action 'none'; frame-ancestors 'none'; frame-src 'none'; img-src 'self'; script-src 'self' 'report-sample'; style-src 'self'
x-wc
A
content-encoding
gzip
report-to
{"group":"coop","max_age":8640,"endpoints":[{"url":"https://q.stripe.com/coop-report?s=threedsecure-two-web-srv"}],"include_subdomains":true}
x-content-type-options
nosniff
cross-origin-opener-policy-report-only
same-origin; report-to="coop"
x-stripe-inbound-proxy-type
envoy
date
Wed, 16 Oct 2024 04:39:03 GMT
content-type
application/javascript;charset=utf-8
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
nginx

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
.monzo.com/ Name: __cf_bm
Value: v47OfltICV8Df9RccNO1zCqNjO5HN1CITP6rU.G_04k-1729053541-1.0.1.1-NPhmfSJq2xtgSdgFSWKBOiifnYDtNCYiJv.GfVCkyGOjZM4NSqMWpAESZjK7BJew0TdmVpeRLRXvZoEkDjCj2w

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy base-uri 'none'; connect-src 'self' api.s101.nonprod-ffs.io api.monzo.com https://o23827.ingest.sentry.io; default-src 'none'; font-src 'self'; img-src 'self' mondo-logo-cache.appspot.com lh3.googleusercontent.com public-images.monzo.com merchant-logos-s101.monzo.com merchant-logos.monzo.com api.s101.nonprod-ffs.io internal-api.monzo.com; script-src 'self' https://browser.sentry-cdn.com https://js.sentry-cdn.com 'nonce-/WL3GHmV9nHNmDgXe+j8nWW5FDrsshTsIm/4tNyhdwY='; style-src 'self' 'nonce-/WL3GHmV9nHNmDgXe+j8nWW5FDrsshTsIm/4tNyhdwY='; report-uri https://monzo.report-uri.com/r/d/csp/enforce; report-to csp-endpoint
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block