urlscan.io logo urlscan.io
SecurityTrails logo

plaid.offramp.xyz Open in urlscan Pro
2606:4700:3037::6815:5494  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://plaid.offramp.xyz/
Effective URL: https://plaid.offramp.xyz/
Submission Tags: @phish_report
Submission: On January 23 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3037::6815:5494, located in United States and belongs to CLOUDFLARENET, US. The main domain is plaid.offramp.xyz.
TLS certificate: Issued by GTS CA 1P5 on January 23rd 2024. Valid for: 3 months.
This is the only time plaid.offramp.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 2606:4700:303... 13335 (CLOUDFLAR...)
1 18.165.183.122 16509 (AMAZON-02)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 3 2606:4700::68... 13335 (CLOUDFLAR...)
8 4
Apex Domain
Subdomains		 Transfer
4 offramp.xyz
plaid.offramp.xyz
2 MB
3 cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 5168
13 KB
2 li.quest
staging.li.quest
3 KB
1 plaid.com
cdn.plaid.com — Cisco Umbrella Rank: 14348
43 KB
8 4
Domain Requested by
4 plaid.offramp.xyz 1 redirects plaid.offramp.xyz
3 challenges.cloudflare.com 1 redirects challenges.cloudflare.com
2 staging.li.quest plaid.offramp.xyz
1 cdn.plaid.com plaid.offramp.xyz
8 4

This site contains no links.

Subject Issuer Validity Valid
plaid.offramp.xyz
GTS CA 1P5		 2024-01-23 -
2024-04-22		 3 months crt.sh
secure.plaid.com
DigiCert EV RSA CA G2		 2023-03-09 -
2024-04-08		 a year crt.sh
staging.li.quest
E1		 2024-01-21 -
2024-04-20		 3 months crt.sh
challenges.cloudflare.com
Cloudflare Inc ECC CA-3		 2023-08-18 -
2024-08-17		 a year crt.sh

This page contains 2 frames:

Primary Page: https://plaid.offramp.xyz/
Frame ID: A04034B0DFCCD1B3C5A6C9ADE640F98A
Requests: 6 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/kyrhy/0x4AAAAAAAHyOLnIJ0hvONYg/auto/normal
Frame ID: 1A41D5845FD343D1226F2F73FCB9B29F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Offramp.xyz - Instant USDC on/offramp

Page URL History Show full URLs

  1. http://plaid.offramp.xyz/ HTTP 301
    https://plaid.offramp.xyz/ Page URL

Page Statistics

8
Requests

88 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

1649 kB
Transfer

5693 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://plaid.offramp.xyz/ HTTP 301
    https://plaid.offramp.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
  • https://challenges.cloudflare.com/turnstile/v0/g/ea25f566/api.js?onload=onloadTurnstileCallback

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
plaid.offramp.xyz/
Redirect Chain
  • http://plaid.offramp.xyz/
  • https://plaid.offramp.xyz/
698 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://plaid.offramp.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:5494 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4cbb4f8d3042937e0e1987735cd26cffdb34850323223c59d7565cd33314142c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public,max-age=10,s-maxage=86400
cf-cache-status
DYNAMIC
cf-ray
849ff55cffa90b45-OSL
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 23 Jan 2024 12:14:47 GMT
last-modified
Fri, 19 Jan 2024 09:01:59 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WL2wMy%2F8ZmTiHIlErdIIx1HvW72whSPstzSQmFQMATbTObCE5H30mHz9Yf8T5YnJWIgqNZ4MzMHuoJeIanKW7ar3OZ8E3K1mu7nhbSicw0AkzvnEvlCWtQgBtL%2F6mIe%2FvUYS8Z%2BafgaL%2BB2qXFF4JA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-amz-request-id
tx00000ca744d5c89381264-0065afadb5-3c6f4915-sfo3a
x-do-app-origin
7e39ec8a-bc00-4b2a-8b86-179d35bfc36b
x-do-orig-status
200
x-do-static-catchall-document
index.html
x-envoy-upstream-healthchecked-cluster
x-rgw-object-type
Normal

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
849ff55bcb824c8c-HEL
Cache-Control
max-age=3600
Connection
keep-alive
Date
Tue, 23 Jan 2024 12:14:47 GMT
Expires
Tue, 23 Jan 2024 13:14:47 GMT
Location
https://plaid.offramp.xyz/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wERHMctzqD3Ycw7hiPzroeh7i1pksD3qUgqaXJcdYN6FTIZZ48l622TH%2B3QsRwNWXxMFp2mKyp2ZSx%2FKdfGqSohTPWTueLnM%2BsIP5qASRsNqNmvHaOZTI5eyQFpoWi%2BA9fXDj1o36mCPL8gwUrCF7g%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
index-825b2503.js
plaid.offramp.xyz/assets/ 		5 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://plaid.offramp.xyz/assets/index-825b2503.js
Requested by
Host: plaid.offramp.xyz
URL: https://plaid.offramp.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:5494 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
635599fa70f37fdb6369b49b9c3d994707be234122f7e3b945e7e3ed0a0be591

Request headers

Referer
https://plaid.offramp.xyz/
Origin
https://plaid.offramp.xyz
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 12:14:50 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-do-app-origin
7e39ec8a-bc00-4b2a-8b86-179d35bfc36b
x-amz-request-id
tx00000165b218c1882af0c-0065afadb8-3c6eaa9c-sfo3a
x-do-orig-status
200
x-envoy-upstream-healthchecked-cluster
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 19 Jan 2024 09:01:57 GMT
server
cloudflare
etag
W/"33095f979229a3ac21a2aa54e607a2ba-2"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OF7DDkJcUpovZEMObjXLRJIhcqA2x9tj6c%2B%2FQKLDYzOPSepiUP%2BIQcoSGHQK7OwMKaF7yslBJ9UXNwOz19h%2Fs8qBCwkZojal9oSSP8i4Xa4w5nilIgjda08JfAYg%2BPegXLrpX8sWX%2BbDCll6FEmaHg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
x-rgw-object-type
Normal
cache-control
public, max-age=14400, s-maxage=86400
x-do-static-catchall-document
index.html
cf-ray
849ff55d888e0b45-OSL
link-initialize.js
cdn.plaid.com/link/v2/stable/ 		143 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by
Host: plaid.offramp.xyz
URL: https://plaid.offramp.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-122.zrh55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
20db930b3e86729903db6097a337f379b0cfb4d1ad50f114484c8fab7c2e298c

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://plaid.offramp.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id
uwl3jFEFBnwwJl.cmegsLFsHjyCZ7RRS
content-encoding
gzip
via
1.1 cb0d3a2bdc5300e2d139e111e94efe5a.cloudfront.net (CloudFront)
date
Mon, 22 Jan 2024 17:51:03 GMT
x-amz-request-id
1Q1WV2NW3CPDCTB2
x-amz-cf-pop
ZRH55-P1
x-amz-server-side-encryption
AES256
age
66227
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-id-2
6Lhf5DyG9NuQwZ62ghAW0OMFDIr2nlAkpEMR36jNmh3dkqd0bnph0XvEwJuMAtbB2monbdG5KQQ=
last-modified
Fri, 19 Jan 2024 17:25:36 GMT
server
AmazonS3
etag
W/"55cf5b3041ea2abe9efd6a4978adcb2b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache,must-revalidate,max-age=0
x-amz-cf-id
MAma0afbbtiL7J8PSFWvKPH-4hx23aQiOKm6vt0kpRe0oIlXvlhkfQ==
chains
staging.li.quest/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://staging.li.quest/v1/chains
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2bd0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-lifi-integrator,x-lifi-sdk
Access-Control-Request-Method
GET
Origin
https://plaid.offramp.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers
x-lifi-integrator,x-lifi-sdk
access-control-allow-methods
GET,HEAD,POST,OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-ray
849ff5731e4ed995-HEL
content-length
0
date
Tue, 23 Jan 2024 12:14:51 GMT
server
cloudflare
vary
Accept-Encoding
chains
staging.li.quest/v1/ 		25 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://staging.li.quest/v1/chains
Requested by
Host: plaid.offramp.xyz
URL: https://plaid.offramp.xyz/assets/index-825b2503.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2bd0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9aa59a96d440076d3b5f591cf7ec1464fd9e04b68973cff8b90148d5c1f2724c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

x-lifi-sdk
2.5.0
Referer
https://plaid.offramp.xyz/
accept-language
fi-FI,fi;q=0.9
x-lifi-integrator
Offramp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 12:14:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
HIT
ratelimit-reset
60
ratelimit-limit
1000
x-lifi-requestid
a1c30857-8be4-4a1d-b5ce-4d2484f68c6b
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 23 Jan 2024 11:59:53 GMT
server
cloudflare
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
public, s-maxage=14400, max-age=14400
cf-ray
849ff5736ef9d995-HEL
ratelimit-remaining
999
api.js
challenges.cloudflare.com/turnstile/v0/g/ea25f566/
Redirect Chain
  • https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
  • https://challenges.cloudflare.com/turnstile/v0/g/ea25f566/api.js?onload=onloadTurnstileCallback
37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/turnstile/v0/g/ea25f566/api.js?onload=onloadTurnstileCallback
Protocol
H2
Server
2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18cbe0edc0b01c71a6c3ffe704550a8bb1cfe7e02839b7dbdc9c44288bf8b59c

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://plaid.offramp.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 12:14:51 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000
cf-ray
849ff5765e634c8d-HEL
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Tue, 23 Jan 2024 12:14:51 GMT
server
cloudflare
vary
accept-encoding
access-control-allow-origin
*
location
/turnstile/v0/g/ea25f566/api.js?onload=onloadTurnstileCallback
cache-control
max-age=300, public
cf-ray
849ff575fdd74c8d-HEL
alt-svc
h3=":443"; ma=86400
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/kyrhy/0x4AAAAAAAHyOLnIJ0hvONYg/auto/ Frame 1A41 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/kyrhy/0x4AAAAAAAHyOLnIJ0hvONYg/auto/normal
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'

Request headers

Referer
https://plaid.offramp.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
849ff576cdc770fd-HEL
content-encoding
br
content-security-policy
frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 12:14:51 GMT
document-policy
js-profiling
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
Uncut-Sans-Regular.otf
plaid.offramp.xyz/assets/fonts/uncut-sans/ 		59 KB
60 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://plaid.offramp.xyz/assets/fonts/uncut-sans/Uncut-Sans-Regular.otf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:5494 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7dc8fdbd0d8f3690c43626345397c975bd35795d0ebc92d4a08858c6c1747c4

Request headers

Referer
https://plaid.offramp.xyz/
Origin
https://plaid.offramp.xyz
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 12:14:53 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-do-app-origin
7e39ec8a-bc00-4b2a-8b86-179d35bfc36b
x-amz-request-id
tx00000c6a67ea81ef3f0d0-0065afadbd-3c6f4915-sfo3a
x-do-orig-status
200
x-envoy-upstream-healthchecked-cluster
alt-svc
h3=":443"; ma=86400
content-length
60864
last-modified
Fri, 19 Jan 2024 09:01:55 GMT
server
cloudflare
etag
"4a80fb578b363546665ac62f095d1620"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JyEJ0kIyRyv3sPa0n9BD2EGTe4r3qTe4fiLdknxdDCukCA4aXsQsKuTKgA5MiU9rlttLhCY7yCVGT4Xg8h0AqEHZebD0%2FSAJmJe1Zin7EJ22onDx%2BmzxMAQ0dPXvKLOV9kOZIn0BLgMWzLxoD5YDew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/vnd.oasis.opendocument.formula-template
x-rgw-object-type
Normal
cache-control
public, max-age=14400, s-maxage=86400
x-do-static-catchall-document
index.html
accept-ranges
bytes
cf-ray
849ff578093f0b45-OSL

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| Plaid object| webpackJsonpPlaid object| _ethers object| global object| process object| regeneratorRuntime function| __extends function| __assign function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __createBinding function| __values function| __read function| __spread function| __spreadArrays function| __spreadArray function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault function| __classPrivateFieldGet function| __classPrivateFieldSet function| __classPrivateFieldIn function| Buffer function| __esDecorate function| __runInitializers function| __propKey function| __setFunctionName function| __addDisposableResource function| __disposeResources function| CoinbaseWalletSDK function| CoinbaseWalletProvider function| WalletLink function| WalletLinkProvider function| onloadTurnstileCallback#cf-turnstile object| turnstile

0 Cookies