urlscan.io logo urlscan.io
SecurityTrails logo

credits.xando.be Open in urlscan Pro
2a00:1c98:1000:10a4:0:1:32ae:c202  Public Scan

Go To Rescan Add Verdict Report
URL: https://credits.xando.be/
Submission: On August 27 via automatic, source certstream-suspicious — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 9 HTTP transactions. The main IP is 2a00:1c98:1000:10a4:0:1:32ae:c202, located in Belgium and belongs to COMBELL-AS, BE. The main domain is credits.xando.be.
TLS certificate: Issued by R10 on August 27th 2024. Valid for: 3 months.
This is the only time credits.xando.be was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    2a00:1c98:1000:10a4:0:1:32ae:c202 (Belgium)

ASN34762 (COMBELL-AS, BE)
credits.xando.be
5    2a00:1c98:1000:10a4:0:1:32ae:36de (Belgium)

ASN34762 (COMBELL-AS, BE)
cdn.xando.net
1    2607:f8b0:4006:817::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2607:f8b0:4006:824::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1c98:1000:1042::ba71:b53a (Belgium)

ASN34762 (COMBELL-AS, BE)
xando.pro
Apex Domain
Subdomains		 Transfer
5 xando.net
cdn.xando.net
186 KB
1 xando.pro
xando.pro
3 KB
1 gstatic.com
fonts.gstatic.com
48 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
2 KB
1 xando.be
credits.xando.be
2 KB
9 5
Domain Requested by
5 cdn.xando.net credits.xando.be
cdn.xando.net
1 xando.pro
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com credits.xando.be
1 credits.xando.be
9 5

This site contains no links.

Subject Issuer Validity Valid
credits.xando.be
R10		 2024-08-27 -
2024-11-25		 3 months crt.sh
cdn.xando.net
R10		 2024-08-19 -
2024-11-17		 3 months crt.sh
upload.video.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.gstatic.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
xando.pro
R10		 2024-08-21 -
2024-11-19		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://credits.xando.be/
Frame ID: 6EAD366FFD56B7E778831C5F9C24385C
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Xando Credits

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

9
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

240 kB
Transfer

348 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
credits.xando.be/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://credits.xando.be/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:1c98:1000:10a4:0:1:32ae:c202 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
Software
nginx /
Resource Hash
0f3a7bdc6a6a298f476e344b858b77e1eb192ad29476cf796c49ced0be9f3238
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
1337
content-type
text/html; charset=UTF-8
date
Tue, 27 Aug 2024 18:43:15 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains;
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
bootstrap.min.css
cdn.xando.net/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.xando.net/css/bootstrap.min.css
Requested by
Host: credits.xando.be
URL: https://credits.xando.be/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:1c98:1000:10a4:0:1:32ae:36de , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
Software
nginx /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

Referer
https://credits.xando.be/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 18:43:17 GMT
content-encoding
gzip
last-modified
Tue, 17 Nov 2020 12:27:52 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public
accept-ranges
bytes
content-length
19744
expires
Tue, 03 Sep 2024 18:43:17 GMT
css
fonts.googleapis.com/ 		11 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:semibold|Open+Sans
Requested by
Host: credits.xando.be
URL: https://credits.xando.be/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
057c6db7176a4b988472143ad3797e478d31de02150c22e8b892d9887102a0c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://credits.xando.be/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 27 Aug 2024 18:43:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 27 Aug 2024 18:43:16 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 27 Aug 2024 18:43:16 GMT
app.css
cdn.xando.net/css/ 		2 KB
1006 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.xando.net/css/app.css?v8
Requested by
Host: credits.xando.be
URL: https://credits.xando.be/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:1c98:1000:10a4:0:1:32ae:36de , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
Software
nginx /
Resource Hash
e7a03a4eab8aa7e77690f22c38f25a1d15061e2dcdc7cf4d9812406797468530

Request headers

Referer
https://credits.xando.be/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 18:43:17 GMT
content-encoding
gzip
last-modified
Tue, 17 Nov 2020 12:27:51 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public
accept-ranges
bytes
content-length
788
expires
Tue, 03 Sep 2024 18:43:17 GMT
xando150.png
cdn.xando.net/img/xando/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.xando.net/img/xando/xando150.png
Requested by
Host: credits.xando.be
URL: https://credits.xando.be/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:1c98:1000:10a4:0:1:32ae:36de , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
Software
nginx /
Resource Hash
a667d567676d081a99ab8a49b65553e683f8ae9e3673fa308656db07ee1963d8

Request headers

Referer
https://credits.xando.be/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 18:43:17 GMT
last-modified
Thu, 30 Aug 2018 11:03:49 GMT
server
nginx
content-type
image/png
access-control-allow-origin
*
cache-control
public
accept-ranges
bytes
content-length
3275
expires
Thu, 26 Sep 2024 18:43:17 GMT
clouds.jpg
cdn.xando.net/img/wallpapers/ 		144 KB
144 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.xando.net/img/wallpapers/clouds.jpg
Requested by
Host: credits.xando.be
URL: https://credits.xando.be/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:1c98:1000:10a4:0:1:32ae:36de , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
Software
nginx /
Resource Hash
617f22902f5f2631a541d89ba36d1fac0c64c360d8020caeaab733e8d309c152

Request headers

Referer
https://credits.xando.be/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 18:43:17 GMT
last-modified
Thu, 30 Aug 2018 11:03:45 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public
accept-ranges
bytes
content-length
147354
expires
Thu, 26 Sep 2024 18:43:17 GMT
glyphicons-halflings-regular.woff2
cdn.xando.net/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.xando.net/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: cdn.xando.net
URL: https://cdn.xando.net/css/bootstrap.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:1c98:1000:10a4:0:1:32ae:36de , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
Software
nginx /
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Request headers

Referer
https://cdn.xando.net/css/bootstrap.min.css
Origin
https://credits.xando.be
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 27 Aug 2024 18:43:18 GMT
cache-control
public
content-encoding
br
last-modified
Tue, 17 Nov 2020 12:27:59 GMT
server
nginx
content-type
font/woff2
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:semibold|Open+Sans
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://credits.xando.be
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 21 Aug 2024 06:39:25 GMT
x-content-type-options
nosniff
age
561832
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 21 Aug 2025 06:39:25 GMT
xandobox-150x150.jpg
xando.pro/wp-content/uploads/2019/05/ 		3 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://xando.pro/wp-content/uploads/2019/05/xandobox-150x150.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:1c98:1000:1042::ba71:b53a , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
Software
nginx /
Resource Hash
55203659d37d4fba97711733b00193b1239a9197ab4aa3700802fd622d6c5620
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://credits.xando.be/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 18:43:20 GMT
strict-transport-security
max-age=63072000; includeSubdomains;
x-content-type-options
nosniff
last-modified
Fri, 03 May 2019 13:20:05 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept
content-type
image/jpeg
cache-control
max-age=10368000, public
accept-ranges
bytes
content-length
2580
x-xss-protection
1; mode=block
expires
Wed, 25 Dec 2024 18:43:20 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
credits.xando.be/ Name: PHPSESSID
Value: d14cdfa7f377fb75ea9c2660046d331a

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block