urlscan.io logo urlscan.io
SecurityTrails logo

my.oakstarbank.com Open in urlscan Pro
52.189.66.201  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://my.oakstarbank.com/
Effective URL: https://my.oakstarbank.com/
Submission: On March 05 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 52.189.66.201, located in Des Moines, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is my.oakstarbank.com.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on July 5th 2023. Valid for: a year.
This is the only time my.oakstarbank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 20 52.189.66.201 8075 (MICROSOFT...)
19 2
Apex Domain
Subdomains		 Transfer
20 oakstarbank.com
my.oakstarbank.com
308 KB
19 1
Domain Requested by
20 my.oakstarbank.com 1 redirects my.oakstarbank.com
19 1

This site contains no links.

Subject Issuer Validity Valid
my.oakstarbank.com
GeoTrust TLS RSA CA G1		 2023-07-05 -
2024-07-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://my.oakstarbank.com/
Frame ID: 974FAEF2FB8B8B10FCA799A9C49BA217
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login ยท OakStar Bank

Page URL History Show full URLs

  1. http://my.oakstarbank.com/ HTTP 308
    https://my.oakstarbank.com/ Page URL

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

307 kB
Transfer

853 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://my.oakstarbank.com/ HTTP 308
    https://my.oakstarbank.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
my.oakstarbank.com/
Redirect Chain
  • http://my.oakstarbank.com/
  • https://my.oakstarbank.com/
84 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
3c1eb194b2ffd180f64a5fb3b8853aa351a9a466bfd4368f79db98bdd79cb033
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'sha256-5tglEW0Vs+Qd9vtRZ++NKLr08Vk0yoF/jPR+mbB5eq8=' 'sha256-wyuUAa+a967T1T6WNseoupM6GGreJ7AugW1DgkH8rQI=' 'sha256-i/C2B7ezJ785lLrL6edgNbipopvtJF6KJkyQbI7MRQc=' 'sha256-bzW0sZHT7A+V0G1bXbiGULuNNxBiulbiOyWmyXQgEpk=' 'sha256-qOf7oEywvMbVwKXDcHcVbK7OGv1yfnLZfG01islrRwQ=' 'sha256-ildUzQ5UsadChij+sqp2CK8DE6fAqU4NwegKKfap0rs=' 'sha256-LOZeRBamzr5R83HdWldojkXqCKrTCXqYEiCkM98gscc=' 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://banno.com https://*.banno.com https://*.googleusercontent.com https://banno-assets-production.s3.amazonaws.com https://banno-sentry-production.s3.amazonaws.com; media-src 'self' mediastream:; frame-src 'self' https://*.mybankhq.com https://*.billpaysite.com https://*.banno.com https://geezeo-tiles.s3.amazonaws.com https://*.geezeo.com https://orcasnet-investments.banno-plugins-uat.com https://connect2.finicity.com https://businessbillpay-e.com/ https://*.businessbillpay-e.com/ https://apim.autobooks.co https://platform-gateway.truv.com; child-src 'self'; font-src https: data:; frame-ancestors 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com wss://my.oakstarbank.com; manifest-src 'self'; worker-src 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, no-cache
content-encoding
gzip
content-length
18733
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'sha256-5tglEW0Vs+Qd9vtRZ++NKLr08Vk0yoF/jPR+mbB5eq8=' 'sha256-wyuUAa+a967T1T6WNseoupM6GGreJ7AugW1DgkH8rQI=' 'sha256-i/C2B7ezJ785lLrL6edgNbipopvtJF6KJkyQbI7MRQc=' 'sha256-bzW0sZHT7A+V0G1bXbiGULuNNxBiulbiOyWmyXQgEpk=' 'sha256-qOf7oEywvMbVwKXDcHcVbK7OGv1yfnLZfG01islrRwQ=' 'sha256-ildUzQ5UsadChij+sqp2CK8DE6fAqU4NwegKKfap0rs=' 'sha256-LOZeRBamzr5R83HdWldojkXqCKrTCXqYEiCkM98gscc=' 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://banno.com https://*.banno.com https://*.googleusercontent.com https://banno-assets-production.s3.amazonaws.com https://banno-sentry-production.s3.amazonaws.com; media-src 'self' mediastream:; frame-src 'self' https://*.mybankhq.com https://*.billpaysite.com https://*.banno.com https://geezeo-tiles.s3.amazonaws.com https://*.geezeo.com https://orcasnet-investments.banno-plugins-uat.com https://connect2.finicity.com https://businessbillpay-e.com/ https://*.businessbillpay-e.com/ https://apim.autobooks.co https://platform-gateway.truv.com; child-src 'self'; font-src https: data:; frame-ancestors 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com wss://my.oakstarbank.com; manifest-src 'self'; worker-src 'self';
content-type
text/html
date
Tue, 05 Mar 2024 23:47:29 GMT
etag
W/"492d-v48ORybecasZhW1Fcx6gPkAsJeI"
permissions-policy
document-domain=()
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-sampled
1
x-b3-spanid
34abdd7658c859c1
x-b3-traceid
276fd6961d1014c59f1f474aef5ba2dc
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

Connection
keep-alive
Content-Length
164
Content-Type
text/html
Date
Tue, 05 Mar 2024 23:47:28 GMT
Location
https://my.oakstarbank.com
standalone-app-969f65b4.js
my.oakstarbank.com/js/ 		123 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/js/standalone-app-969f65b4.js
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
a395227eb3d805d412791aee4aca1daaeafe7aa8f3f277fca9cff8191bc98764
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
Origin
https://my.oakstarbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:29 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
7feef53dff2270edf88af6f0d57561a5
etag
W/"8a34-G3QOH0h8BpHWSrLaWDN2O7Xfogg"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
17755ba7f659f510
x-b3-sampled
1
content-length
35380
banno-web-f0e64d6c.js
my.oakstarbank.com/js/ 		455 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/js/banno-web-f0e64d6c.js
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
4d5293e5791c24ac8633999f021b9a66675e9730e185fa32641ebb038929e8f3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
Origin
https://my.oakstarbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:29 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
962a03f599c400b103565e1912130711
etag
W/"184a3-8Pz1DpwjwONigQt0+FilOQHvncg"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
6ef3ac6757031e17
x-b3-sampled
1
content-length
99491
oakstar-bank-logo-d61f3040.png
my.oakstarbank.com/images/fi-assets/oakstar-bank/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.oakstarbank.com/images/fi-assets/oakstar-bank/oakstar-bank-logo-d61f3040.png
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
97559a63a1e3f5d9261b729a007c247ddd0249f150aea04f396773375a4effa8
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.oakstarbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:29 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Tue, 05 Mar 2024 05:02:19 GMT
x-b3-traceid
387309040458881d62bd28bdd20f7369
etag
W/"32ba-18e0cfdbb78"
content-type
image/png
cache-control
public, max-age=31536000
x-b3-spanid
88f9f58f32f0c4ed
x-b3-sampled
1
accept-ranges
bytes
content-length
12986
jha-icon-circle-warning-bb4c51a7.js
my.oakstarbank.com/js/ 		733 B
653 B 		Script
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/js/jha-icon-circle-warning-bb4c51a7.js
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
d3b2bc7897535ec9c7772c9978e777a1f0f343a00f2415274a55b8c597e174f2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
Origin
https://my.oakstarbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:29 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
71304b2e2f6a7ca17e338a400f2db4bc
etag
W/"176-GBwozbA04LucofGX43jQsyHqxRw"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
e8a5075b0ef61585
x-b3-sampled
1
content-length
374
client-shared-f69a9c01.js
my.oakstarbank.com/js/ 		146 B
392 B 		Script
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/js/client-shared-f69a9c01.js
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
0b6338ccf5689a95408e97f5bf2252d4da41e35795ecacf00f67a0eea55d07ca
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
Origin
https://my.oakstarbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:29 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
b78559c90f85151232b7351582170b7e
etag
W/"71-NQvkiVwBQKBbY6e8cTN8kBQS8Jw"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
62430ea6312b9d80
x-b3-sampled
1
content-length
113
bd22c266-ec46-4d92-b47b-118400037118
my.oakstarbank.com/a/consumer/api/offline-status/institutions/ 		20 B
266 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/a/consumer/api/offline-status/institutions/bd22c266-ec46-4d92-b47b-118400037118
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/js/standalone-app-969f65b4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
bdbf1c1b735b09d5cdd6e0d87b5a3db5f5334f23e13dfe29e2ceb3d687e02716
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Tue, 05 Mar 2024 23:47:29 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
5ebcde248dfc05f4ba965cd39e606552
content-type
application/json
x-b3-spanid
65ad22be29134dc7
x-envoy-upstream-service-time
0
x-b3-sampled
1
content-length
20
x-request-id
b3a6a35cad0459a8588900b34e3e40a1
mixpanel-2541ad0c.js
my.oakstarbank.com/js/ 		54 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/js/mixpanel-2541ad0c.js
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
5c520e7c1fac111b00e30c58630f8b4bcf583a458042554226b5cfd2d7a33c6a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
Origin
https://my.oakstarbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:29 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
ca952a874452ba31ad580847695f4b00
etag
W/"4257-mX5eRjStlZR9iRZ2HVGAPIqWD6I"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
1f1d693f96009bbc
x-b3-sampled
1
content-length
16983
bannoweb-background-hero-f9e08684.js
my.oakstarbank.com/js/ 		820 B
658 B 		Script
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/js/bannoweb-background-hero-f9e08684.js
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
b732509805fa1c3b151d0e1751309706b9145e249e5098c52a5e81c8a6f1a86f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
Origin
https://my.oakstarbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:29 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
cf89c95afd919a92c1ef27e74f8a42e7
etag
W/"17b-vTaltopErIOTLwLKF9G4JG4GQko"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
19d1d12d7b0abf7f
x-b3-sampled
1
content-length
379
validate
my.oakstarbank.com/a/consumer/api/auth/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/a/consumer/api/auth/validate
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/js/standalone-app-969f65b4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Tue, 05 Mar 2024 23:47:29 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-spanid
61fb75a47600ea61
x-b3-sampled
1
x-b3-traceid
b55441453fc571f9134acb3320395219
content-length
0
x-request-id
9e77a581a9f5081c74de416b457b9896
oakstar-bank-background-landscape-0058a8e7.png
my.oakstarbank.com/images/fi-assets/oakstar-bank/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.oakstarbank.com/images/fi-assets/oakstar-bank/oakstar-bank-background-landscape-0058a8e7.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
7fd36cc9d2ad8fb3d78dde5ae651bedd0fc1cef9eed46b87f4df44dd1140a551
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.oakstarbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:30 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Tue, 05 Mar 2024 05:02:19 GMT
x-b3-traceid
0721c1d61009818d3f8ee851053ba655
etag
W/"b4f3-18e0cfdbb78"
content-type
image/png
cache-control
public, max-age=31536000
x-b3-spanid
3d9dfd8ed1ecc9cf
x-b3-sampled
1
accept-ranges
bytes
content-length
46323
bd22c266-ec46-4d92-b47b-118400037118
my.oakstarbank.com/a/consumer/api/institutions/ 		59 KB
59 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/a/consumer/api/institutions/bd22c266-ec46-4d92-b47b-118400037118
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/js/standalone-app-969f65b4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
cd9f3720ff0a8bf7bad0cfe1392a71be989d187188e1ec66cf4809b2b1a42651
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Tue, 05 Mar 2024 23:47:30 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
07f449532ea655f01463033241d700f6
content-type
application/json
x-b3-spanid
93b45ac03df98860
x-b3-sampled
1
content-length
60355
x-request-id
40b77ba64d0e0e3bf56b8f73bd63bcaa
jha-icon-form-9733cdba.js
my.oakstarbank.com/js/ 		1 KB
790 B 		Script
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/js/jha-icon-form-9733cdba.js
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
998c8b87d63f2b091d5c01ddcb10ebc7e9d5c89e7ad62636c92c253cf88b529b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
Origin
https://my.oakstarbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:30 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
ce4af8db96531384a4fa97f9723f9a81
etag
W/"200-5pWyIAuF2xj2BMQ2fsg1Jw96TIA"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
39bb073f9a6a04b9
x-b3-sampled
1
content-length
512
jha-icon-life-preserver-a58278b6.js
my.oakstarbank.com/js/ 		1 KB
909 B 		Script
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/js/jha-icon-life-preserver-a58278b6.js
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
06cf2a50b02fd4afa38a09bf1542087f331bd527590421acb1e93a25019a4cbd
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
Origin
https://my.oakstarbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:30 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
828d5855b377f3fcdb2d6dd51435baf8
etag
W/"274-KULG4SVJQYAfW3E0SoVqlAhDHzA"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
67e67fa1cfc86263
x-b3-sampled
1
content-length
628
time
my.oakstarbank.com/a/consumer/api/v0/login/ 		13 B
339 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/a/consumer/api/v0/login/time
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/js/standalone-app-969f65b4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
df252327d845649f6fa5ceff2e116ba4eeb704238771befe567ece98608b5881
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Tue, 05 Mar 2024 23:47:30 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
e943ca3cbf7cf04683e033abe48c57b0
etag
W/"d-gZuELV/l0RwV9yd2AYtDnfZYK/Y"
content-type
application/json; charset=utf-8
cache-control
private, no-store, no-cache
x-b3-spanid
e3c6a8f06571b209
x-b3-parentspanid
820d2b827564ba13
x-b3-sampled
1
content-length
13
x-request-id
ddf8b2aa8f39e4dba7cd1705c6c6bd28
jha-icon-warning-56989691.js
my.oakstarbank.com/js/ 		896 B
728 B 		Script
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/js/jha-icon-warning-56989691.js
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
694d4efc3daf0bb2ed1f72ce55c3382beae01ca08397ad3c0f56047476e4746e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
Origin
https://my.oakstarbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:30 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
3f4595f57af95a3ca5cbd3c00aa8b1ab
etag
W/"1c1-jGS7mAN8wXfuPT/Nhe3sowIn+G0"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
9e7cdd475bc47dd7
x-b3-sampled
1
content-length
449
time
my.oakstarbank.com/a/consumer/api/v0/login/ 		13 B
338 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/a/consumer/api/v0/login/time
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/js/standalone-app-969f65b4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
679d2d753e7bd04c531652513916218b4e63ff3bbfed1bd37717dd7bd74b8604
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/login
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Tue, 05 Mar 2024 23:47:30 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
540828ae843620ced4b508091d60989b
etag
W/"d-1DcqdJzAm+So8wzKI7Biui3Rri0"
content-type
application/json; charset=utf-8
cache-control
private, no-store, no-cache
x-b3-spanid
d61f669c504add84
x-b3-parentspanid
b4202b28b75e047e
x-b3-sampled
1
content-length
13
x-request-id
c7c4f287edd2b801905c88a9a3a0f090
roboto-regular-webfont.woff2
my.oakstarbank.com/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/fonts/roboto-regular-webfont.woff2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/
Origin
https://my.oakstarbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 23:47:30 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Tue, 05 Mar 2024 05:08:14 GMT
x-b3-traceid
a39f9530cded8493125484f8327ddbdb
etag
W/"3bf0-18e0d032630"
content-type
font/woff2
cache-control
public, no-cache
x-b3-spanid
1c42a3d227a339c0
x-b3-sampled
1
accept-ranges
bytes
content-length
15344
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Type
image/gif
start
my.oakstarbank.com/a/consumer/api/login/assertion/ 		155 B
481 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.oakstarbank.com/a/consumer/api/login/assertion/start
Requested by
Host: my.oakstarbank.com
URL: https://my.oakstarbank.com/js/standalone-app-969f65b4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
a7cef9f233ec2e32bc4179e5bc243eeecd60eade411f72c7c27ca20dcf3d4b0e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://my.oakstarbank.com/login
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type
application/json

Response headers

date
Tue, 05 Mar 2024 23:47:30 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
372bfe15b95725c1596991aece95b45d
etag
W/"9b-fEBtsvCHp2OSE3mLv3116E1olio"
content-type
application/json; charset=utf-8
cache-control
private, no-store, no-cache
x-b3-spanid
4bc2d83f57c8adc0
x-b3-parentspanid
53794f3d6ec3e1d2
x-b3-sampled
1
content-length
155
x-request-id
d5d75681e2956217552b500ce70ae5fe

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| imprt_ object| banno string| mitekWorkerPath object| ShadyCSS object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions function| qcb function| sAc function| tT function| wt function| idb function| kvc function| fCc function| ayc function| v function| rgc function| gHc function| oja function| gnc function| nzb function| wm function| mpc function| znc function| soc function| tgb function| f0a function| yn function| ga function| cEc function| nTc function| gvc function| eCc function| gMb function| imc function| dYa function| dFc function| em function| tGc function| s7b function| cCc function| fVa function| h0 function| vja function| b1 function| wMa function| pFa function| nzc function| yK function| sFa function| zia function| jv function| eea function| vf function| w1a function| sxa function| qc function| qAc function| dU function| vHc function| n5a function| hic function| oRb function| jVb function| sCb

2 Cookies

Domain/Path Name / Value
my.oakstarbank.com/ Name: deviceId
Value: online-4ab333d7-df3c-4d6e-9aa3-5a42a5382366
my.oakstarbank.com/ Name: mp_5ad87dc510a720035bac28b0d20a2df5_mixpanel
Value: %7B%22distinct_id%22%3A%20%22%24device%3A18e1103ddee6ac-07b6e53c140881-14313374-1d4c00-18e1103ddee6ac%22%2C%22%24device_id%22%3A%20%2218e1103ddee6ac-07b6e53c140881-14313374-1d4c00-18e1103ddee6ac%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22__mps%22%3A%20%7B%7D%2C%22__mpso%22%3A%20%7B%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D%2C%22__mpus%22%3A%20%7B%7D%2C%22__mpa%22%3A%20%7B%7D%2C%22__mpu%22%3A%20%7B%7D%2C%22__mpr%22%3A%20%5B%5D%2C%22__mpap%22%3A%20%5B%5D%2C%22institutionId%22%3A%20%22bd22c266-ec46-4d92-b47b-118400037118%22%2C%22institutionName%22%3A%20%22OakStar%20Bank%22%2C%22userAgent%22%3A%20%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F122.0.6261.94%20Safari%2F537.36%22%7D

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
network error URL: https://my.oakstarbank.com/a/consumer/api/auth/validate
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'sha256-5tglEW0Vs+Qd9vtRZ++NKLr08Vk0yoF/jPR+mbB5eq8=' 'sha256-wyuUAa+a967T1T6WNseoupM6GGreJ7AugW1DgkH8rQI=' 'sha256-i/C2B7ezJ785lLrL6edgNbipopvtJF6KJkyQbI7MRQc=' 'sha256-bzW0sZHT7A+V0G1bXbiGULuNNxBiulbiOyWmyXQgEpk=' 'sha256-qOf7oEywvMbVwKXDcHcVbK7OGv1yfnLZfG01islrRwQ=' 'sha256-ildUzQ5UsadChij+sqp2CK8DE6fAqU4NwegKKfap0rs=' 'sha256-LOZeRBamzr5R83HdWldojkXqCKrTCXqYEiCkM98gscc=' 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://banno.com https://*.banno.com https://*.googleusercontent.com https://banno-assets-production.s3.amazonaws.com https://banno-sentry-production.s3.amazonaws.com; media-src 'self' mediastream:; frame-src 'self' https://*.mybankhq.com https://*.billpaysite.com https://*.banno.com https://geezeo-tiles.s3.amazonaws.com https://*.geezeo.com https://orcasnet-investments.banno-plugins-uat.com https://connect2.finicity.com https://businessbillpay-e.com/ https://*.businessbillpay-e.com/ https://apim.autobooks.co https://platform-gateway.truv.com; child-src 'self'; font-src https: data:; frame-ancestors 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com wss://my.oakstarbank.com; manifest-src 'self'; worker-src 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN