openapi-authn.surugabank.co.jp

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 35.190.53.251, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is openapi-authn.surugabank.co.jp.
TLS certificate: Issued by GeoTrust Global TLS RSA4096 SHA256 20... on June 21st 2022. Valid for: a year.

This is the only time openapi-authn.surugabank.co.jp was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
7	35.190.53.251 35.190.53.251		15169 (GOOGLE) (GOOGLE)
7	1

7 35.190.53.251 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 251.53.190.35.bc.googleusercontent.com

openapi-authn.surugabank.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	surugabank.co.jp openapi-authn.surugabank.co.jp	74 KB
7	1

	Domain	Requested by
7	openapi-authn.surugabank.co.jp	openapi-authn.surugabank.co.jp
7	1

This site contains no links.

Subject Issuer	Validity	Valid
*.surugabank.co.jp GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2022-06-21` - `2023-07-20`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://openapi-authn.surugabank.co.jp/vdauthenticate?ticket=ERfDUdljDvFgS_s6-40H4vCl9dyxh0Qj7MOp7b41SHw&scope=rAccount+rCustomer+rTransaction&client_id=52164251563
Frame ID: 0097088BCDCA87630D8D3405A49D90BC
Requests: 6 HTTP requests in this frame

Frame: https://openapi-authn.surugabank.co.jp/appopenapi_terms.html
Frame ID: 3D983208FBFAFE81A895A09874136B58
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

スルガ銀行

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

74 kB
Transfer

151 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request vdauthenticate Show response
openapi-authn.surugabank.co.jp/ 6 KB
2 KB 57ms
36ms Document
text/html 35.190.53.251
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://openapi-authn.surugabank.co.jp/vdauthenticate?ticket=ERfDUdljDvFgS_s6-40H4vCl9dyxh0Qj7MOp7b41SHw&scope=rAccount+rCustomer+rTransaction&client_id=52164251563

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

35.190.53.251 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

251.53.190.35.bc.googleusercontent.com

Software

/

Resource Hash

dbbd72f787fee0042375acd0961bd01bdaa251d9814961590ee1f9d9f52f4c06

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-language: jp-JP
content-security-policy: script-src 'self'
content-type: text/html;charset=UTF-8
date: Sun, 28 May 2023 04:48:18 GMT
expires: 0
pragma: no-cache
strict-transport-security: max-age=31536000 ; includeSubDomains
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 srg-openapi-1.0.0.css
openapi-authn.surugabank.co.jp/css/ 6 KB
2 KB 24ms
20ms Stylesheet
text/css 35.190.53.251
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://openapi-authn.surugabank.co.jp/css/srg-openapi-1.0.0.css

Requested by

Host: openapi-authn.surugabank.co.jp
URL: https://openapi-authn.surugabank.co.jp/vdauthenticate?ticket=ERfDUdljDvFgS_s6-40H4vCl9dyxh0Qj7MOp7b41SHw&scope=rAccount+rCustomer+rTransaction&client_id=52164251563

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

35.190.53.251 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

251.53.190.35.bc.googleusercontent.com

Software

/

Resource Hash

0752e8be13e9416f759c8ccd5f1243af80d7564073bc68d9ffda904d6bd62946

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://openapi-authn.surugabank.co.jp/vdauthenticate?ticket=ERfDUdljDvFgS_s6-40H4vCl9dyxh0Qj7MOp7b41SHw&scope=rAccount+rCustomer+rTransaction&client_id=52164251563
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
content-security-policy: script-src 'self'
x-content-type-options: nosniff
date: Sun, 28 May 2023 04:48:18 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 08 Feb 2023 08:17:49 GMT
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options: DENY
content-type: text/css
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
expires: 0

GET
H2 200 jquery-3.3.1.min.js Show response
openapi-authn.surugabank.co.jp/js/ 85 KB
30 KB 34ms
32ms Script
application/javascript 35.190.53.251
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://openapi-authn.surugabank.co.jp/js/jquery-3.3.1.min.js

Requested by

Host: openapi-authn.surugabank.co.jp
URL: https://openapi-authn.surugabank.co.jp/vdauthenticate?ticket=ERfDUdljDvFgS_s6-40H4vCl9dyxh0Qj7MOp7b41SHw&scope=rAccount+rCustomer+rTransaction&client_id=52164251563

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

35.190.53.251 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

251.53.190.35.bc.googleusercontent.com

Software

/

Resource Hash

4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://openapi-authn.surugabank.co.jp/vdauthenticate?ticket=ERfDUdljDvFgS_s6-40H4vCl9dyxh0Qj7MOp7b41SHw&scope=rAccount+rCustomer+rTransaction&client_id=52164251563
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
content-security-policy: script-src 'self'
x-content-type-options: nosniff
date: Sun, 28 May 2023 04:48:18 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 08 Feb 2023 08:17:49 GMT
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
expires: 0

GET
H2 200 vdauth.js Show response
openapi-authn.surugabank.co.jp/js/ 7 KB
1 KB 28ms
26ms Script
application/javascript 35.190.53.251
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://openapi-authn.surugabank.co.jp/js/vdauth.js

Requested by

Host: openapi-authn.surugabank.co.jp
URL: https://openapi-authn.surugabank.co.jp/vdauthenticate?ticket=ERfDUdljDvFgS_s6-40H4vCl9dyxh0Qj7MOp7b41SHw&scope=rAccount+rCustomer+rTransaction&client_id=52164251563

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

35.190.53.251 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

251.53.190.35.bc.googleusercontent.com

Software

/

Resource Hash

9836d6bb388727157dd1be3acf7ec3e08c4bc0703405fd1b5c3906eeef7f97d3

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://openapi-authn.surugabank.co.jp/vdauthenticate?ticket=ERfDUdljDvFgS_s6-40H4vCl9dyxh0Qj7MOp7b41SHw&scope=rAccount+rCustomer+rTransaction&client_id=52164251563
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
content-security-policy: script-src 'self'
x-content-type-options: nosniff
date: Sun, 28 May 2023 04:48:18 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 08 Feb 2023 08:17:49 GMT
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
expires: 0

GET
H3 200 appopenapi_terms.html Show response
openapi-authn.surugabank.co.jp/ Frame 3D98 12 KB
4 KB 23ms
23ms Document
text/html 35.190.53.251
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://openapi-authn.surugabank.co.jp/appopenapi_terms.html

Requested by

Host: openapi-authn.surugabank.co.jp
URL: https://openapi-authn.surugabank.co.jp/vdauthenticate?ticket=ERfDUdljDvFgS_s6-40H4vCl9dyxh0Qj7MOp7b41SHw&scope=rAccount+rCustomer+rTransaction&client_id=52164251563

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

35.190.53.251 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

251.53.190.35.bc.googleusercontent.com

Software

/

Resource Hash

d1998d7a14c53f4a35807965c19e08072819388776106eddba8a26bf13ef325f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://openapi-authn.surugabank.co.jp/vdauthenticate?ticket=ERfDUdljDvFgS_s6-40H4vCl9dyxh0Qj7MOp7b41SHw&scope=rAccount+rCustomer+rTransaction&client_id=52164251563
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-type: text/html
date: Sun, 28 May 2023 04:48:18 GMT
expires: 0
last-modified: Wed, 08 Feb 2023 08:17:49 GMT
pragma: no-cache
strict-transport-security: max-age=31536000 ; includeSubDomains
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H3 200 custom-2.png
openapi-authn.surugabank.co.jp/img/ 15 KB
15 KB 21ms
21ms Image
image/png 35.190.53.251
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://openapi-authn.surugabank.co.jp/img/custom-2.png

Requested by

Host: openapi-authn.surugabank.co.jp
URL: https://openapi-authn.surugabank.co.jp/css/srg-openapi-1.0.0.css

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

35.190.53.251 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

251.53.190.35.bc.googleusercontent.com

Software

/

Resource Hash

d775ae11dbad8b1a4e40cdc8d31977ab20ff3af8a4fa0de91ebf8f67e2e997ba

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://openapi-authn.surugabank.co.jp/css/srg-openapi-1.0.0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
content-security-policy: script-src 'self'
x-content-type-options: nosniff
date: Sun, 28 May 2023 04:48:18 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15345
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 08 Feb 2023 08:17:49 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: DENY
content-type: image/png
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
expires: 0

GET
H3 200 common-2.png
openapi-authn.surugabank.co.jp/img/ 20 KB
20 KB 20ms
20ms Image
image/png 35.190.53.251
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://openapi-authn.surugabank.co.jp/img/common-2.png

Requested by

Host: openapi-authn.surugabank.co.jp
URL: https://openapi-authn.surugabank.co.jp/css/srg-openapi-1.0.0.css

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

35.190.53.251 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

251.53.190.35.bc.googleusercontent.com

Software

/

Resource Hash

d4eae6cb286dea94380f643a9b3ab10609650f19726578c4e643b459b74bee03

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://openapi-authn.surugabank.co.jp/css/srg-openapi-1.0.0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
content-security-policy: script-src 'self'
x-content-type-options: nosniff
date: Sun, 28 May 2023 04:48:18 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20414
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 08 Feb 2023 08:17:49 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: DENY
content-type: image/png
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
expires: 0

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			openapi-authn.surugabank.co.jp/	1969-12-31 23:59:59	Name: JSESSIONID Value: ZGYxM2ZkYTctOTBhZi00MjUwLTg2OTEtNGJmYTE5MGM3MDQ0
			openapi-authn.surugabank.co.jp/	1969-12-31 23:59:59	Name: TS0116e722 Value: 01244bef8221386d22281d6462a5df1c1f9f3435902aa16066267d379d7764a094b258fc8e968829cad40c42b735463050c56ea39f6829d89972e08d6956cbf6c70146274c

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'self'
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

openapi-authn.surugabank.co.jp
35.190.53.251
0752e8be13e9416f759c8ccd5f1243af80d7564073bc68d9ffda904d6bd62946
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
9836d6bb388727157dd1be3acf7ec3e08c4bc0703405fd1b5c3906eeef7f97d3
d1998d7a14c53f4a35807965c19e08072819388776106eddba8a26bf13ef325f
d4eae6cb286dea94380f643a9b3ab10609650f19726578c4e643b459b74bee03
d775ae11dbad8b1a4e40cdc8d31977ab20ff3af8a4fa0de91ebf8f67e2e997ba
dbbd72f787fee0042375acd0961bd01bdaa251d9814961590ee1f9d9f52f4c06

openapi-authn.surugabank.co.jp Open in urlscan Pro 35.190.53.251 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

74 kBTransfer

151 kBSize

2 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

openapi-authn.surugabank.co.jp Open in urlscan Pro
35.190.53.251 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

74 kB
Transfer

151 kB
Size

2
Cookies

7 HTTP transactions
0 data transactions