urlscan.io logo urlscan.io
SecurityTrails logo

static.xapo.com Open in urlscan Pro
2606:4700::6812:8a2d  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://xapo.onelink.me/PT23?pid=referral&af_dp=xapoapp://shareCode=9336R
Effective URL: https://static.xapo.com/mkt/web-referral.html?pid=referral
Submission Tags: 0xscam
Submission: On June 16 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 2606:4700::6812:8a2d, located in United States and belongs to CLOUDFLARENET, US. The main domain is static.xapo.com. The Cisco Umbrella rank of the primary domain is 825310.
TLS certificate: Issued by WE1 on June 10th 2024. Valid for: 3 months.
This is the only time static.xapo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 23.48.23.10 20940 (AKAMAI-ASN1)
1 8 2606:4700::68... 13335 (CLOUDFLAR...)
8 2
Apex Domain
Subdomains		 Transfer
8 xapo.com
static.xapo.com — Cisco Umbrella Rank: 825310
203 KB
1 onelink.me
xapo.onelink.me
225 B
0 xapobank.com Failed
www.xapobank.com Failed
8 3
Domain Requested by
8 static.xapo.com 1 redirects static.xapo.com
1 xapo.onelink.me 1 redirects
0 www.xapobank.com Failed static.xapo.com
8 3

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.instagram.com
www.linkedin.com
Subject Issuer Validity Valid
static.xapo.com
WE1		 2024-06-10 -
2024-09-08		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://static.xapo.com/mkt/web-referral.html?pid=referral
Frame ID: 85A7FA7EA8912560F2F6490CAAB477CA
Requests: 6 HTTP requests in this frame

Frame: https://static.xapo.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js
Frame ID: E7692788A3CC36B805D9F77D77E27566
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Web Referal

Page URL History Show full URLs

  1. https://xapo.onelink.me/PT23?pid=referral&af_dp=xapoapp://shareCode=9336R HTTP 301
    https://static.xapo.com/mkt/web-referral.html?pid=referral Page URL

Page Statistics

8
Requests

75 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

202 kB
Transfer

347 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://xapo.onelink.me/PT23?pid=referral&af_dp=xapoapp://shareCode=9336R HTTP 301
    https://static.xapo.com/mkt/web-referral.html?pid=referral Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://www.xapo.com/static/img/logo.svg HTTP 301
  • https://www.xapobank.com/static/img/logo.svg
Request Chain 4
  • https://static.xapo.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://static.xapo.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request web-referral.html
static.xapo.com/mkt/
Redirect Chain
  • https://xapo.onelink.me/PT23?pid=referral&af_dp=xapoapp://shareCode=9336R
  • https://static.xapo.com/mkt/web-referral.html?pid=referral
217 KB
89 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://static.xapo.com/mkt/web-referral.html?pid=referral
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:8a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d287fee5295d962f920874eba15d706dbec039dbd22e67526aae88ab29e46e8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

CF-Cache-Status
DYNAMIC
CF-Ray
894e74483b47975b-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
upgrade-insecure-requests
Content-Type
text/html
Date
Sun, 16 Jun 2024 23:07:07 GMT
Last-Modified
Thu, 30 May 2024 17:58:32 GMT
Server
cloudflare
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
expect-ct
max-age=86400, enforce
referrer-policy
same-origin
x-amz-id-2
7Az7iZe3R4836UBUCVDq9YHPcBrR2tll3fOy86w6tCtkts3jZISyG6t2UTEPVpOfTlaW4wsfNOI=
x-amz-request-id
KZABCJCN1Z3JQMN7
x-amz-server-side-encryption
AES256
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
cache-control
no-cache, no-store
content-length
0
content-type
application/octet-stream
date
Sun, 16 Jun 2024 23:07:06 GMT
location
https://static.xapo.com/mkt/web-referral.html?pid=referral
server
AkamaiGHost
strict-transport-security
max-age=31536000; includeSubDomains
web-referral.css
static.xapo.com/mkt/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xapo.com/mkt/web-referral.css
Requested by
Host: static.xapo.com
URL: https://static.xapo.com/mkt/web-referral.html?pid=referral
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:8a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
305d319229aa221cf76dc574407f0f6db7cb01adeadd5bc79e27eeee9ae3ca7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://static.xapo.com/mkt/web-referral.html?pid=referral
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 16 Jun 2024 23:07:07 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
CF-Cache-Status
MISS
x-amz-request-id
KZA65J3PA9WF5AKV
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
Connection
keep-alive
x-amz-id-2
5vqlT260AWw3XXOA3FzWAdMlEm99B7UnMGPyj5JneJ4xz8J8pDqtG/HzKfGsgoHdFtpjC2wVgxQ=
x-xss-protection
1; mode=block
referrer-policy
same-origin
Last-Modified
Thu, 30 May 2024 17:58:32 GMT
Server
cloudflare
ETag
W/"6f442ce6e39633699c3986d0d0452bd1"
expect-ct
max-age=86400, enforce
Vary
Accept-Encoding
x-frame-options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public, max-age=14400
CF-Ray
894e744aa979361d-FRA
Expires
Mon, 17 Jun 2024 03:07:07 GMT
logo.svg
www.xapobank.com/static/img/
Redirect Chain
  • https://www.xapo.com/static/img/logo.svg
  • https://www.xapobank.com/static/img/logo.svg
0
0
value-serif.woff
static.xapo.com/frontend-assets/fonts/ 		46 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.xapo.com/frontend-assets/fonts/value-serif.woff
Requested by
Host: static.xapo.com
URL: https://static.xapo.com/mkt/web-referral.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:8a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d49dcb4cb0c3ac5bae692e284bd768ba92ff93bea1157936c20cdd220f9d965e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://static.xapo.com/mkt/web-referral.css
Origin
https://static.xapo.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 16 Jun 2024 23:07:07 GMT
x-content-type-options
nosniff
CF-Cache-Status
MISS
x-amz-request-id
KZA65DR7RRD2MF59
x-amz-server-side-encryption
AES256
Connection
keep-alive
Content-Length
46760
x-amz-id-2
0j1F6sQxQg1tUte6EwV5Du7oPXO7SFAq9RHF9XM2qPxAf3WY8qviBJz0kVC+Qlvf/7W5z/w2BJw=
x-xss-protection
1; mode=block
referrer-policy
same-origin
Last-Modified
Thu, 30 May 2024 17:58:35 GMT
Server
cloudflare
ETag
"31760575b7bfa15717ccb1cb2eae612c"
expect-ct
max-age=86400, enforce
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
font/woff
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=14400
Access-Control-Max-Age
2592000
Accept-Ranges
bytes
CF-Ray
894e744c5b52361d-FRA
x-frame-options
SAMEORIGIN
Expires
Mon, 17 Jun 2024 03:07:07 GMT
Fabriga-Regular.woff
static.xapo.com/frontend-assets/fonts/ 		56 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.xapo.com/frontend-assets/fonts/Fabriga-Regular.woff
Requested by
Host: static.xapo.com
URL: https://static.xapo.com/mkt/web-referral.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:8a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2f17619797b900626db95d78edbe1a2ad1fb7186d520d73194dc6435b77575c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://static.xapo.com/mkt/web-referral.css
Origin
https://static.xapo.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 16 Jun 2024 23:07:07 GMT
x-content-type-options
nosniff
CF-Cache-Status
MISS
x-amz-request-id
KZA51KEJ0BF3N653
x-amz-server-side-encryption
AES256
Connection
keep-alive
Content-Length
57728
x-amz-id-2
0VXmqVkBtQVdSgk90/JfoudVrMN1LW2iKH1Ql0f1oMsarUJ6vxP89IlbthuktTqYJaHddyvaf/E=
x-xss-protection
1; mode=block
referrer-policy
same-origin
Last-Modified
Thu, 30 May 2024 17:58:35 GMT
Server
cloudflare
ETag
"06cf56378bd7c8a73e44bb30712f88c5"
expect-ct
max-age=86400, enforce
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
font/woff
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=14400
Access-Control-Max-Age
2592000
Accept-Ranges
bytes
CF-Ray
894e744c5a8f975b-FRA
x-frame-options
SAMEORIGIN
Expires
Mon, 17 Jun 2024 03:07:07 GMT
main.js
static.xapo.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/ Frame E769
Redirect Chain
  • https://static.xapo.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://static.xapo.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xapo.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js
Requested by
Host: static.xapo.com
URL: https://static.xapo.com/mkt/web-referral.html?pid=referral
Protocol
HTTP/1.1
Server
2606:4700::6812:8a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2e7d9f1b0f2137a9c48d6cc8ad5dd6e226c89a6c0d55042f29df87286bd3b18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Sun, 16 Jun 2024 23:07:07 GMT
Content-Encoding
gzip
referrer-policy
same-origin
x-content-type-options
nosniff
Server
cloudflare
expect-ct
max-age=86400, enforce
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
x-frame-options
SAMEORIGIN
cache-control
max-age=14400, public
Connection
keep-alive
CF-RAY
894e744cae089c01-FRA
x-xss-protection
1; mode=block

Redirect headers

Date
Sun, 16 Jun 2024 23:07:07 GMT
referrer-policy
same-origin
x-content-type-options
nosniff
Server
cloudflare
expect-ct
max-age=86400, enforce
Vary
Accept-Encoding
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/6aac8896f227/main.js
cache-control
max-age=300, public
Connection
keep-alive
CF-RAY
894e744c8df49c01-FRA
Content-Length
0
x-xss-protection
1; mode=block
894e74483b47975b
static.xapo.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame E769 		0
758 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.xapo.com/cdn-cgi/challenge-platform/h/g/jsd/r/894e74483b47975b
Requested by
Host: static.xapo.com
URL: https://static.xapo.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:8a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

Date
Sun, 16 Jun 2024 23:07:07 GMT
referrer-policy
same-origin
x-content-type-options
nosniff
Server
cloudflare
expect-ct
max-age=86400, enforce
x-frame-options
SAMEORIGIN
Content-Type
text/plain; charset=UTF-8
Connection
keep-alive
CF-RAY
894e744d2e5a9c01-FRA
Content-Length
0
x-xss-protection
1; mode=block
favicon.ico
static.xapo.com/frontend-assets/images/ 		15 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://static.xapo.com/frontend-assets/images/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:8a2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94bd792e3cc86fa33d55824cf7cf548182f66fec5f93f7f0192e3aef3fe20b03
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://static.xapo.com/mkt/web-referral.html?pid=referral
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 16 Jun 2024 23:07:07 GMT
Content-Encoding
gzip
x-content-type-options
nosniff
CF-Cache-Status
MISS
x-amz-request-id
KZABYT1292X4RYDG
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
Connection
keep-alive
x-amz-id-2
thqS06dGHecNFHzJR2Gwm1+QdHHoKoR7Xv6rP239+h3vTlpfX9pNrLKCt6qB8j3SZY/HMxggHXg=
x-xss-protection
1; mode=block
referrer-policy
same-origin
Last-Modified
Thu, 30 May 2024 17:58:35 GMT
Server
cloudflare
ETag
W/"e895648916a25bb06931ee2fb6156914"
expect-ct
max-age=86400, enforce
Vary
Accept-Encoding
x-frame-options
SAMEORIGIN
Content-Type
image/vnd.microsoft.icon
Cache-Control
public, max-age=14400
CF-Ray
894e744d9c98361d-FRA
Expires
Mon, 17 Jun 2024 03:07:07 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.xapobank.com
URL
https://www.xapobank.com/static/img/logo.svg

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 undefined| event object| fence object| sharedStorage function| goToHomePage

3 Cookies

Domain/Path Name / Value
.xapo.com/ Name: __cf_bm
Value: zvGQvYEvL_wKQbDhFklgbIx.2gQd8xknWcx92uEtr3w-1718579227-1.0.1.1-9zh9gXigC0y_o.0ROPV6IGg6ht6jmxD2EzYtcGZjSDreOKOXosDpNJOckWTwdEOOcH7jSYsLz6v3zmIfYwOwCw
.xapo.com/ Name: _cfuvid
Value: lkzZe7Lsn0tJJYn_c_x7_H.YQMSc34bWv3U_Exga6mI-1718579227280-0.0.1.1-604800000
.xapo.com/ Name: cf_clearance
Value: rD1hD_yhyIFF0jF7vlbFD9tvopXdFLYx38nNNoYP0BM-1718579227-1.0.1.1-VKyrAhQ5z_IWhla4uNuA86427Y.F7AGA0B66m77Bdaxk50XnShnUdW7_rW5duQhH7Abi1cVsnS.3IVEafjMMiw

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block