secure.xcpbank.com Open in urlscan Pro
Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://secure.xcpbank.com/
Effective URL:
https://secure.xcpbank.com/auth/login
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On November 10 via api (November 10th 2024, 2:17:59 am UTC) from IT — Scanned from IT

Summary HTTP 28 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 3 domains to perform 28 HTTP transactions. The main IP is , located in and belongs to . The main domain is secure.xcpbank.com.
TLS certificate: Issued by R10 on November 9th 2024. Valid for: 3 months.

This is the only time secure.xcpbank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	149.102.136.181 149.102.136.181	51167 (CONTABO) (CONTABO)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:831::201b	15169 (GOOGLE) (GOOGLE)
1		() ()
3	172.217.16.219 172.217.16.219	15169 (GOOGLE) (GOOGLE)
28	7

8 149.102.136.181 (Düsseldorf, Germany)

ASN51167 (CONTABO, DE)
PTR: vmi1290926.contaboserver.net

secure.xcpbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::201b (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 (None, )

ASN- ()

secure.xcpbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.16.219 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f27.1e100.net

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	xcpbank.com secure.xcpbank.com api.xcpbank.com Failed	3 MB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30 storage.googleapis.com — Cisco Umbrella Rank: 356	44 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 311	3 KB
28	3

	Domain	Requested by
9	secure.xcpbank.com	secure.xcpbank.com
4	storage.googleapis.com	cdn.jsdelivr.net secure.xcpbank.com
1	cdn.jsdelivr.net	secure.xcpbank.com
1	fonts.googleapis.com	secure.xcpbank.com
0	api.xcpbank.com Failed	secure.xcpbank.com
28	5

This site contains no links.

Subject Issuer	Validity	Valid
secure.xcpbank.com R10	`2024-11-09` - `2025-02-07`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
storage.googleapis.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://secure.xcpbank.com/auth/login
Frame ID: E89FFCC3C7AA43D79FBFA9FCED1CB4F3
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

http://secure.xcpbank.com/ HTTP 307
https://secure.xcpbank.com/ Page URL
https://secure.xcpbank.com/auth/login Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

28
Requests

54 %
HTTPS

50 %
IPv6

3
Domains

5
Subdomains

7
IPs

2
Countries

3509 kB
Transfer

7023 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://secure.xcpbank.com/ HTTP 307
https://secure.xcpbank.com/ Page URL
https://secure.xcpbank.com/auth/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://secure.xcpbank.com/ HTTP 307
https://secure.xcpbank.com/

28 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
secure.xcpbank.com/
Redirect Chain

http://secure.xcpbank.com/
https://secure.xcpbank.com/

2 KB
3 KB

171ms
45ms

Document
text/html

149.102.136.181
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.xcpbank.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.102.136.181 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi1290926.contaboserver.net

Software

Resource Hash

8fc1e38a91e255edd7b0f00a5763dece81fcf9c751a9749f24c5eb42396582f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=0 no-cache
content-length: 2491
content-type: text/html
date: Sun, 10 Nov 2024 02:17:53 GMT
etag: "65a431b2-9bb"
expires: Sun, 10 Nov 2024 02:17:53 GMT
last-modified: Sun, 14 Jan 2024 19:10:42 GMT
strict-transport-security: max-age=15724800; includeSubDomains

Redirect headers

Location: https://secure.xcpbank.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 139ms
49ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Mono|Roboto+Slab|Roboto:300,400,500,700

Requested by

Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fa541b20484682d86d38face139824921f72726b9d105f0e4ec2c56cab8f73be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 10 Nov 2024 02:17:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 10 Nov 2024 02:17:54 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Sun, 10 Nov 2024 02:17:54 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 pwacompat Show response
cdn.jsdelivr.net/npm/ 6 KB
3 KB 91ms
27ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/pwacompat

Requested by

Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

42689f1bdb72d9ca37efad650562702f929d0ce749e2c16343f50b138683d7c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://secure.xcpbank.com
Referer: https://secure.xcpbank.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"180a-4Z0I9COL/LWHBqDazLIh3caZrIw"
age: 2897
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Sun, 10 Nov 2024 02:17:53 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220127-FRA, cache-mxp6951-MXP
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3097
x-jsd-version: 2.0.17

GET
H2 200 main.9ff77703.js Show response
secure.xcpbank.com/static/js/ 3 MB
3 MB 42ms
42ms Script
application/javascript 149.102.136.181
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.xcpbank.com/static/js/main.9ff77703.js

Requested by

Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.102.136.181 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi1290926.contaboserver.net

Software

Resource Hash

a00fb86b92959a1691e9a4bde3664ae215fe9e46e84679d6431d483d9668d7f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=315360000
etag: "65a431b2-35b6da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 3520218
date: Sun, 10 Nov 2024 02:17:54 GMT
content-type: application/javascript
last-modified: Sun, 14 Jan 2024 19:10:42 GMT

GET
H2 200 main.618d3752.css
secure.xcpbank.com/static/css/ 3 KB
3 KB 45ms
44ms Stylesheet
text/css 149.102.136.181
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.xcpbank.com/static/css/main.618d3752.css

Requested by

Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.102.136.181 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi1290926.contaboserver.net

Software

Resource Hash

3fe9a69bb763cd41956277067220f8be50ec51ccb6ae933dbb23a5ec3bed2256

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=315360000
etag: "65a431b2-b29"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 2857
date: Sun, 10 Nov 2024 02:17:53 GMT
content-type: text/css
last-modified: Sun, 14 Jan 2024 19:10:42 GMT

GET
H2 200 manifest.json
storage.googleapis.com/dev-content-management-service/manifest/xcp/ 2 KB
3 KB 168ms
74ms XHR
application/json 2a00:1450:4001:831::201b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/dev-content-management-service/manifest/xcp/manifest.json
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/pwacompat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=6Hh7uw==, md5=6Wj83ZiRtXF7WyBtVPty8g==
etag: "e968fcdd9891b5717b5b206d54fb72f2"
age: 0
x-goog-stored-content-encoding: identity
expires: Sun, 10 Nov 2024 03:17:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 2044
date: Sun, 10 Nov 2024 02:17:54 GMT
last-modified: Mon, 10 Oct 2022 14:38:34 GMT
content-type: application/json
x-guploader-uploadid: AHmUCY3bcLvSClQ8sPdW51jOdLxS0SnCqrY5FmSYRlKTze84d25QbQb6HS-XkU3agOki8v905jg
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1665412714043687
content-length: 2044
server: UploadServer

GET 917e0eff-a6f4-463c-8a55-bfee4603e544
https://secure.xcpbank.com/ 0
0

OPTIONS token
api.xcpbank.com/auth/oauth/ 0
0

DELETE token
api.xcpbank.com/auth/oauth/ 0
0

GET
H2 200 324.cf21bf79.chunk.js
secure.xcpbank.com/static/js/ 5 KB
6 KB 68ms
68ms Script
application/javascript 149.102.136.181
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.xcpbank.com/static/js/324.cf21bf79.chunk.js

Requested by

Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/static/js/main.9ff77703.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.102.136.181 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi1290926.contaboserver.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=315360000
etag: "65a431b2-1521"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 5409
date: Sun, 10 Nov 2024 02:17:54 GMT
content-type: application/javascript
last-modified: Sun, 14 Jan 2024 19:10:42 GMT

GET
H2 200 favicon.ico
secure.xcpbank.com/ 2 KB
3 KB 66ms
66ms Other
text/html 149.102.136.181
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.xcpbank.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.102.136.181 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi1290926.contaboserver.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=0, no-cache
etag: "65a431b2-9bb"
expires: Sun, 10 Nov 2024 02:17:54 GMT
accept-ranges: bytes
content-length: 2491
date: Sun, 10 Nov 2024 02:17:54 GMT
content-type: text/html
last-modified: Sun, 14 Jan 2024 19:10:42 GMT

GET
H2 200 favicon.ico
secure.xcpbank.com/ 2 KB
199 B 108ms
43ms Other
text/html 149.102.136.181
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.xcpbank.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.102.136.181 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi1290926.contaboserver.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=0, no-cache
etag: "65a431b2-9bb"
expires: Sun, 10 Nov 2024 02:17:54 GMT
accept-ranges: bytes
content-length: 2491
date: Sun, 10 Nov 2024 02:17:54 GMT
last-modified: Sun, 14 Jan 2024 19:10:42 GMT
content-type: text/html

GET
H2 200 favicon.ico
secure.xcpbank.com/ 2 KB
199 B 162ms
53ms Other
text/html 149.102.136.181
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.xcpbank.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.102.136.181 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi1290926.contaboserver.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=0, no-cache
etag: "65a431b2-9bb"
expires: Sun, 10 Nov 2024 02:17:54 GMT
accept-ranges: bytes
content-length: 2491
date: Sun, 10 Nov 2024 02:17:54 GMT
last-modified: Sun, 14 Jan 2024 19:10:42 GMT
content-type: text/html

GET
H2 200 bg-logo.svg
secure.xcpbank.com/static/ 2 KB
2 KB 51ms
51ms Image
image/svg+xml 149.102.136.181
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.xcpbank.com/static/bg-logo.svg?v=4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.102.136.181 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi1290926.contaboserver.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=315360000
etag: "65a43114-643"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 1603
date: Sun, 10 Nov 2024 02:17:54 GMT
content-type: image/svg+xml
last-modified: Sun, 14 Jan 2024 19:08:04 GMT

GET
H2 200 Primary Request login Show response
secure.xcpbank.com/auth/ 2 KB
0 55ms
50ms Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.xcpbank.com/auth/login

Requested by

Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/static/js/main.9ff77703.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

-, , ASN (),

Reverse DNS

Software

Resource Hash

8fc1e38a91e255edd7b0f00a5763dece81fcf9c751a9749f24c5eb42396582f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://secure.xcpbank.com/auth/login
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=0, no-cache
content-length: 2491
content-type: text/html
date: Sun, 10 Nov 2024 02:17:54 GMT
etag: "65a431b2-9bb"
expires: Sun, 10 Nov 2024 02:17:54 GMT
last-modified: Sun, 14 Jan 2024 19:10:42 GMT
strict-transport-security: max-age=15724800; includeSubDomains

GET templates
api.xcpbank.com/cms/account-holders/ 0
0

GET favicon.png
storage.googleapis.com/dev-content-management-service/manifest/xcp/ 0
0

GET
H2 200 css
fonts.googleapis.com/ 13 KB
0 50ms
50ms Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Mono|Roboto+Slab|Roboto:300,400,500,700

Requested by

Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/auth/login

Protocol

Server

-, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

fa541b20484682d86d38face139824921f72726b9d105f0e4ec2c56cab8f73be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 10 Nov 2024 02:17:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 10 Nov 2024 02:17:55 GMT
content-type: text/css; charset=utf-8
last-modified: Sun, 10 Nov 2024 02:17:55 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 pwacompat Show response
cdn.jsdelivr.net/npm/ 6 KB
0 3ms
3ms Script
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/pwacompat

Requested by

Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/auth/login

Protocol

Server

-, , ASN (),

Reverse DNS

Software

Resource Hash

42689f1bdb72d9ca37efad650562702f929d0ce749e2c16343f50b138683d7c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://secure.xcpbank.com
Referer: https://secure.xcpbank.com/auth/login

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"180a-4Z0I9COL/LWHBqDazLIh3caZrIw"
age: 2897
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Sun, 10 Nov 2024 02:17:53 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
x-served-by: cache-fra-etou8220127-FRA, cache-mxp6951-MXP
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3097
x-jsd-version: 2.0.17

GET
H2 200 main.9ff77703.js Show response
secure.xcpbank.com/static/js/ 3 MB
0 1ms
1ms Script
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.xcpbank.com/static/js/main.9ff77703.js
Requested by: Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/auth/login
Protocol: H2
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a00fb86b92959a1691e9a4bde3664ae215fe9e46e84679d6431d483d9668d7f8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

cache-control: max-age=315360000
etag: "65a431b2-35b6da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 3520218
date: Sun, 10 Nov 2024 02:17:54 GMT
content-type: application/javascript
last-modified: Sun, 14 Jan 2024 19:10:42 GMT

GET
H2 200 main.618d3752.css
secure.xcpbank.com/static/css/ 3 KB
0 3ms
3ms Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.xcpbank.com/static/css/main.618d3752.css
Requested by: Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/auth/login
Protocol: H2
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3fe9a69bb763cd41956277067220f8be50ec51ccb6ae933dbb23a5ec3bed2256

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

cache-control: max-age=315360000
etag: "65a431b2-b29"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 2857
date: Sun, 10 Nov 2024 02:17:53 GMT
content-type: text/css
last-modified: Sun, 14 Jan 2024 19:10:42 GMT

GET
H3 200 icon-72x72.png
storage.googleapis.com/dev-content-management-service/manifest/xcp/ 2 KB
2 KB 117ms
117ms Other
image/png 172.217.16.219
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/dev-content-management-service/manifest/xcp/icon-72x72.png
Requested by: Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/auth/login
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.219 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s65-in-f27.1e100.net
Software: UploadServer /
Resource Hash: 13766da7cf92b92f71808f09a6b2bb33825e0ea5a5fd69845daff0e37fb7cf30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Type
x-goog-hash: crc32c=MerdSw==, md5=bVU+TDq4zQ+GOprFQM/edA==
etag: "6d553e4c3ab8cd0f863a9ac540cfde74"
x-goog-stored-content-encoding: identity
expires: Sun, 10 Nov 2024 03:17:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 2456
date: Sun, 10 Nov 2024 02:17:55 GMT
last-modified: Mon, 10 Oct 2022 14:38:42 GMT
content-type: image/png
x-guploader-uploadid: AHmUCY3mFDGTjo889hfL0A2GrKYO0nOO8iMWUCoqk1wR4dJAjrAyjna7-3LLoXTO3l5eJKwzuO6IIzYkwg
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1665412722066031
content-length: 2456
server: UploadServer

GET
H2 200 324.cf21bf79.chunk.js Show response
secure.xcpbank.com/static/js/ 5 KB
0 1ms
1ms Script
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.xcpbank.com/static/js/324.cf21bf79.chunk.js
Requested by: Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/static/js/main.9ff77703.js
Protocol: H2
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 473224c22710c522da26090c1b1c6efcfda3e46387cb8c5d585c8e2d8e1e5b31

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

cache-control: max-age=315360000
etag: "65a431b2-1521"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 5409
date: Sun, 10 Nov 2024 02:17:54 GMT
content-type: application/javascript
last-modified: Sun, 14 Jan 2024 19:10:42 GMT

GET
H2 200 bg-logo.svg
secure.xcpbank.com/static/ 2 KB
0 3ms
3ms Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.xcpbank.com/static/bg-logo.svg?v=4
Requested by: Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/auth/login
Protocol: H2
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90725e551b3700f751244bd66ffe75d69349a4cd1af6998d8c84cec48950c33d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

cache-control: max-age=315360000
etag: "65a43114-643"
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
content-length: 1603
date: Sun, 10 Nov 2024 02:17:54 GMT
content-type: image/svg+xml
last-modified: Sun, 14 Jan 2024 19:08:04 GMT

GET
H2 200 templates Show response
api.xcpbank.com/cms/account-holders/ 676 B
0 62ms
62ms Fetch
application/json

General

Check archive.org

Show headers Download Go to

Full URL

https://api.xcpbank.com/cms/account-holders/templates?domain=secure.xcpbank.com

Requested by

Host: secure.xcpbank.com
URL: https://secure.xcpbank.com/static/js/main.9ff77703.js

Protocol

Server

-, , ASN (),

Reverse DNS

Software

Resource Hash

68be26eb835d6ae1b9a544937b6fb225792ca06602073fec720577fa3abff0fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: application/json
Referer: https://secure.xcpbank.com/auth/login

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: 0
access-control-allow-origin: https://secure.xcpbank.com
date: Sun, 10 Nov 2024 02:17:55 GMT
x-xss-protection: 1; mode=block
content-type: application/json
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: DENY

GET
H3 200 favicon.png
storage.googleapis.com/dev-content-management-service/manifest/xcp/ 38 KB
38 KB 164ms
163ms Other
image/png 172.217.16.219
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/dev-content-management-service/manifest/xcp/favicon.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.219 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s65-in-f27.1e100.net
Software: UploadServer /
Resource Hash: e43f273d4d12a9037086e377fc895dd5b45932a279eb09b480eee47b60a2702b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Type
x-goog-hash: crc32c=IM2c2w==, md5=9r9GKZQk11I3M4NVdkPxKA==
etag: "f6bf46299424d752373383557643f128"
x-goog-stored-content-encoding: identity
expires: Sun, 10 Nov 2024 03:17:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 38848
date: Sun, 10 Nov 2024 02:17:55 GMT
last-modified: Mon, 10 Oct 2022 14:38:34 GMT
content-type: image/png
x-guploader-uploadid: AHmUCY3HLJP47QPSf11ZpoYSiXSirqE2CYzu-bJDBQkzzTm-KIJ6C3o6GZ9Hx_IWdIeGLy6oxdRoXmg5tg
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1665412714042071
content-length: 38848
server: UploadServer

GET
H3 200 ab9da933-7e1c-4537-b46f-51f8f1ad6c70%2Flogo.png
storage.googleapis.com/download/storage/v1/b/prod-content-management-service/o/ 32 KB
0 79ms
79ms Image
application/octet-stream

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/download/storage/v1/b/prod-content-management-service/o/ab9da933-7e1c-4537-b46f-51f8f1ad6c70%2Flogo.png?generation=1665410743481563&alt=media
Protocol: H3
Server: -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: 4100a4ee5e65d17c484afede417edb106d7ac1765a265fa875b371618fd2c1c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=jRj+SA==,md5=lz9uMzNwMwRyE//MxjYrPQ==
etag: CNvplL7q1foCEAE=
age: 0
x-goog-stored-content-encoding: identity
expires: Sun, 10 Nov 2024 02:17:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 32996
date: Sun, 10 Nov 2024 02:17:55 GMT
content-disposition: attachment
content-type: application/octet-stream
vary: X-Goog-Allowed-Resources,Origin,X-Origin
last-modified: Mon, 10 Oct 2022 14:05:43 GMT
x-guploader-uploadid: AHmUCY1YnlxAoT-hzLNnKyUPpDZn7Vq7uKgGFLkzRhKwGz6DySgKVm415LJ8OouHlVPvzzj1M2iX5cXZ
cache-control: public, max-age=3600, must-revalidate
x-goog-storage-class: STANDARD
x-goog-generation: 1665410743481563
content-length: 32996
server: UploadServer

GET
H3 200 icon-72x72.png
storage.googleapis.com/dev-content-management-service/manifest/xcp/ 2 KB
0 0ms
0ms Other
image/png 172.217.16.219
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/dev-content-management-service/manifest/xcp/icon-72x72.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.219 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s65-in-f27.1e100.net
Software: UploadServer /
Resource Hash: 13766da7cf92b92f71808f09a6b2bb33825e0ea5a5fd69845daff0e37fb7cf30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://secure.xcpbank.com/auth/login

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Type
x-goog-hash: crc32c=MerdSw==, md5=bVU+TDq4zQ+GOprFQM/edA==
etag: "6d553e4c3ab8cd0f863a9ac540cfde74"
x-goog-stored-content-encoding: identity
expires: Sun, 10 Nov 2024 03:17:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 2456
date: Sun, 10 Nov 2024 02:17:55 GMT
last-modified: Mon, 10 Oct 2022 14:38:42 GMT
content-type: image/png
x-guploader-uploadid: AHmUCY3mFDGTjo889hfL0A2GrKYO0nOO8iMWUCoqk1wR4dJAjrAyjna7-3LLoXTO3l5eJKwzuO6IIzYkwg
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1665412722066031
content-length: 2456
server: UploadServer

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: secure.xcpbank.com
URL: blob:https://secure.xcpbank.com/917e0eff-a6f4-463c-8a55-bfee4603e544

Domain: api.xcpbank.com
URL: https://api.xcpbank.com/auth/oauth/token

Domain: api.xcpbank.com
URL: https://api.xcpbank.com/auth/oauth/token

Domain: api.xcpbank.com
URL: https://api.xcpbank.com/cms/account-holders/templates?domain=secure.xcpbank.com

Domain: storage.googleapis.com
URL: https://storage.googleapis.com/dev-content-management-service/manifest/xcp/favicon.png

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://secure.xcpbank.com/auth/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.xcpbank.com
cdn.jsdelivr.net
fonts.googleapis.com
secure.xcpbank.com
storage.googleapis.com
api.xcpbank.com
secure.xcpbank.com
storage.googleapis.com

149.102.136.181
172.217.16.219
2a00:1450:4001:806::200a
2a00:1450:4001:831::201b
2a04:4e42:400::485
13766da7cf92b92f71808f09a6b2bb33825e0ea5a5fd69845daff0e37fb7cf30
3fe9a69bb763cd41956277067220f8be50ec51ccb6ae933dbb23a5ec3bed2256
4100a4ee5e65d17c484afede417edb106d7ac1765a265fa875b371618fd2c1c5
42689f1bdb72d9ca37efad650562702f929d0ce749e2c16343f50b138683d7c5
473224c22710c522da26090c1b1c6efcfda3e46387cb8c5d585c8e2d8e1e5b31
68be26eb835d6ae1b9a544937b6fb225792ca06602073fec720577fa3abff0fb
8fc1e38a91e255edd7b0f00a5763dece81fcf9c751a9749f24c5eb42396582f2
90725e551b3700f751244bd66ffe75d69349a4cd1af6998d8c84cec48950c33d
a00fb86b92959a1691e9a4bde3664ae215fe9e46e84679d6431d483d9668d7f8
e43f273d4d12a9037086e377fc895dd5b45932a279eb09b480eee47b60a2702b
fa541b20484682d86d38face139824921f72726b9d105f0e4ec2c56cab8f73be

secure.xcpbank.com Open in urlscan Pro Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

28 Requests

54 %HTTPS

50 %IPv6

3 Domains

5 Subdomains

7 IPs

2 Countries

3509 kBTransfer

7023 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

secure.xcpbank.com Open in urlscan Pro
Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

54 %
HTTPS

50 %
IPv6

3
Domains

5
Subdomains

7
IPs

2
Countries

3509 kB
Transfer

7023 kB
Size

0
Cookies

28 HTTP transactions
0 data transactions