banka.w3cdemo.labs.wl.tc Open in urlscan Pro
160.92.7.34  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response banka.w3cdemo.labs.wl.tc/	6 KB 7 KB	106ms 41ms	Document text/html	160.92.7.34 WORLDLINE
General Check archive.org Show headers Download Go to Full URL https://banka.w3cdemo.labs.wl.tc/ Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 160.92.7.34 , France, ASN8677 (WORLDLINE, FR), Reverse DNS awl.li Software / Resource Hash d0b509815925537c502dbf4e444df6b7a0619eb2938e9db1ee60dc332b03b067 Security Headers Name Value Content-Security-Policy default-src 'self';script-src 'self' 'nonce-4i70duEByW2HD3X3XWsPwA==';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self' Strict-Transport-Security max-age=63072000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers content-length 6584 content-security-policy default-src 'self';script-src 'self' 'nonce-4i70duEByW2HD3X3XWsPwA==';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self' content-type text/html; charset=utf-8 cross-origin-opener-policy same-origin cross-origin-resource-policy same-origin date Thu, 06 Jul 2023 18:18:37 GMT etag W/"19b8-cQWObGVPgGumsgeljHECNKFJ63U" origin-agent-cluster ?1 referrer-policy no-referrer strict-transport-security max-age=63072000 x-content-type-options nosniff x-dns-prefetch-control off x-download-options noopen x-frame-options DENY x-permitted-cross-domain-policies none x-robots-tag none,noarchive,nosnippet,notranslate,noimageindex,nositelinkssearchbox x-xss-protection 0
GET H2	200	jquery-3.7.0.min.js Show response banka.w3cdemo.labs.wl.tc/js/	85 KB 86 KB	34ms 33ms	Script application/javascript	160.92.7.34 WORLDLINE
General Check archive.org Show headers Download Go to Full URL https://banka.w3cdemo.labs.wl.tc/js/jquery-3.7.0.min.js Requested by Host: banka.w3cdemo.labs.wl.tc URL: https://banka.w3cdemo.labs.wl.tc/ Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 160.92.7.34 , France, ASN8677 (WORLDLINE, FR), Reverse DNS awl.li Software / Resource Hash d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8 Security Headers Name Value Content-Security-Policy default-src 'self';script-src 'self' 'nonce-eFnARZsZUp5VZts91neeOA==';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self' Strict-Transport-Security max-age=63072000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers content-security-policy default-src 'self';script-src 'self' 'nonce-eFnARZsZUp5VZts91neeOA==';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self' date Thu, 06 Jul 2023 18:18:37 GMT x-content-type-options nosniff strict-transport-security max-age=63072000 x-permitted-cross-domain-policies none x-dns-prefetch-control off cross-origin-resource-policy same-origin content-length 87462 x-xss-protection 0 referrer-policy no-referrer last-modified Thu, 06 Jul 2023 12:57:27 GMT cross-origin-opener-policy same-origin etag W/"155a6-1892b4766d8" x-download-options noopen x-frame-options DENY content-type application/javascript; charset=UTF-8 origin-agent-cluster ?1 cache-control public, max-age=0 accept-ranges bytes x-robots-tag none,noarchive,nosnippet,notranslate,noimageindex,nositelinkssearchbox
GET H2	200	style.css banka.w3cdemo.labs.wl.tc/stylesheets/	11 KB 11 KB	33ms 32ms	Stylesheet text/css	160.92.7.34 WORLDLINE
General Check archive.org Show headers Download Go to Full URL https://banka.w3cdemo.labs.wl.tc/stylesheets/style.css Requested by Host: banka.w3cdemo.labs.wl.tc URL: https://banka.w3cdemo.labs.wl.tc/ Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 160.92.7.34 , France, ASN8677 (WORLDLINE, FR), Reverse DNS awl.li Software / Express Resource Hash 608411638a51ae61ba6a9fe5464943089e99767dffa77ff43331ff343511f930 Security Headers Name Value Strict-Transport-Security max-age=63072000 X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 18:18:37 GMT strict-transport-security max-age=63072000 referrer-policy no-referrer x-content-type-options nosniff last-modified Thu, 06 Jul 2023 13:47:46 GMT etag W/"2d77-1892b7577d0" x-powered-by Express x-frame-options DENY content-type text/css; charset=UTF-8 cache-control public, max-age=0 accept-ranges bytes x-robots-tag none,noarchive,nosnippet,notranslate,noimageindex,nositelinkssearchbox content-length 11639
GET H2	200	numpad.js Show response banka.w3cdemo.labs.wl.tc/js/	796 B 1 KB	32ms 31ms	Script application/javascript	160.92.7.34 WORLDLINE
General Check archive.org Show headers Download Go to Full URL https://banka.w3cdemo.labs.wl.tc/js/numpad.js Requested by Host: banka.w3cdemo.labs.wl.tc URL: https://banka.w3cdemo.labs.wl.tc/ Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 160.92.7.34 , France, ASN8677 (WORLDLINE, FR), Reverse DNS awl.li Software / Resource Hash babceb52af2a613cff13681c6af4c2d382ccc7db6f5147a512c9bf669d76f3dc Security Headers Name Value Content-Security-Policy default-src 'self';script-src 'self' 'nonce-wGJLCFSBe6k1jWt8M+zSBQ==';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self' Strict-Transport-Security max-age=63072000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers content-security-policy default-src 'self';script-src 'self' 'nonce-wGJLCFSBe6k1jWt8M+zSBQ==';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self' date Thu, 06 Jul 2023 18:18:37 GMT x-content-type-options nosniff strict-transport-security max-age=63072000 x-permitted-cross-domain-policies none x-dns-prefetch-control off cross-origin-resource-policy same-origin content-length 796 x-xss-protection 0 referrer-policy no-referrer last-modified Tue, 20 Jun 2023 13:29:09 GMT cross-origin-opener-policy same-origin etag W/"31c-188d8feac88" x-download-options noopen x-frame-options DENY content-type application/javascript; charset=UTF-8 origin-agent-cluster ?1 cache-control public, max-age=0 accept-ranges bytes x-robots-tag none,noarchive,nosnippet,notranslate,noimageindex,nositelinkssearchbox
GET H2	200	webauthn.js Show response banka.w3cdemo.labs.wl.tc/fido/	6 KB 6 KB	55ms 55ms	Script application/javascript	160.92.7.34 WORLDLINE
General Check archive.org Show headers Download Go to Full URL https://banka.w3cdemo.labs.wl.tc/fido/webauthn.js Requested by Host: banka.w3cdemo.labs.wl.tc URL: https://banka.w3cdemo.labs.wl.tc/ Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 160.92.7.34 , France, ASN8677 (WORLDLINE, FR), Reverse DNS awl.li Software / Resource Hash ce1df8ef94a4e3382c2183bebeaa264fc173b093d768a5104ea67449460cfca6 Security Headers Name Value Content-Security-Policy default-src 'self';script-src 'self' 'nonce-aWH6RmXd3HqIGSX3bYNpUA==';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self' Strict-Transport-Security max-age=63072000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers content-security-policy default-src 'self';script-src 'self' 'nonce-aWH6RmXd3HqIGSX3bYNpUA==';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self' date Thu, 06 Jul 2023 18:18:37 GMT x-content-type-options nosniff strict-transport-security max-age=63072000 x-permitted-cross-domain-policies none x-dns-prefetch-control off cross-origin-resource-policy same-origin content-length 5897 x-xss-protection 0 referrer-policy no-referrer last-modified Tue, 20 Jun 2023 13:28:45 GMT cross-origin-opener-policy same-origin etag W/"1709-188d8fe4ec8" x-download-options noopen x-frame-options DENY content-type application/javascript; charset=UTF-8 origin-agent-cluster ?1 cache-control public, max-age=0 accept-ranges bytes x-robots-tag none,noarchive,nosnippet,notranslate,noimageindex,nositelinkssearchbox
GET H2	200	logo_bank_green.png banka.w3cdemo.labs.wl.tc/img/	15 KB 15 KB	28ms 28ms	Image image/png	160.92.7.34 WORLDLINE
General Check archive.org Show headers Download Go to Show image Full URL https://banka.w3cdemo.labs.wl.tc/img/logo_bank_green.png Requested by Host: banka.w3cdemo.labs.wl.tc URL: https://banka.w3cdemo.labs.wl.tc/stylesheets/style.css Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 160.92.7.34 , France, ASN8677 (WORLDLINE, FR), Reverse DNS awl.li Software / Express Resource Hash 777a8609f8f50c07271f6803e33f6b2fc9220f8da8f0800b4af794239a6e7939 Security Headers Name Value Strict-Transport-Security max-age=63072000 X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 18:18:37 GMT strict-transport-security max-age=63072000 referrer-policy no-referrer x-content-type-options nosniff last-modified Tue, 20 Jun 2023 13:29:30 GMT etag W/"3be0-188d8fefe90" x-powered-by Express x-frame-options DENY content-type image/png cache-control public, max-age=0 accept-ranges bytes x-robots-tag none,noarchive,nosnippet,notranslate,noimageindex,nositelinkssearchbox content-length 15328
GET H2	200	Inter-Regular.otf banka.w3cdemo.labs.wl.tc/stylesheets/fonts/	240 KB 240 KB	28ms 28ms	Font font/otf	160.92.7.34 WORLDLINE
General Check archive.org Show headers Download Go to Full URL https://banka.w3cdemo.labs.wl.tc/stylesheets/fonts/Inter-Regular.otf Requested by Host: banka.w3cdemo.labs.wl.tc URL: https://banka.w3cdemo.labs.wl.tc/stylesheets/style.css Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 160.92.7.34 , France, ASN8677 (WORLDLINE, FR), Reverse DNS awl.li Software / Express Resource Hash e9a18de6b1a417510a7a4c50196c836391606c4b03ca8f81c071d66fdd8a8c7c Security Headers Name Value Strict-Transport-Security max-age=63072000 X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer Origin https://banka.w3cdemo.labs.wl.tc accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 18:18:37 GMT strict-transport-security max-age=63072000 referrer-policy no-referrer x-content-type-options nosniff last-modified Tue, 20 Jun 2023 13:29:30 GMT etag W/"3be8c-188d8fefe90" x-powered-by Express x-frame-options DENY content-type font/otf cache-control public, max-age=0 accept-ranges bytes x-robots-tag none,noarchive,nosnippet,notranslate,noimageindex,nositelinkssearchbox content-length 245388
GET H2	200	fingerprint_grey.png banka.w3cdemo.labs.wl.tc/img/	4 KB 4 KB	50ms 50ms	Image image/png	160.92.7.34 WORLDLINE
General Check archive.org Show headers Download Go to Show image Full URL https://banka.w3cdemo.labs.wl.tc/img/fingerprint_grey.png Requested by Host: banka.w3cdemo.labs.wl.tc URL: https://banka.w3cdemo.labs.wl.tc/stylesheets/style.css Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 160.92.7.34 , France, ASN8677 (WORLDLINE, FR), Reverse DNS awl.li Software / Express Resource Hash 1b5af3dbf4049827e6d7bf997f8c88ef21c90d68dee4bb3052be159890c8a527 Security Headers Name Value Strict-Transport-Security max-age=63072000 X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 18:18:37 GMT strict-transport-security max-age=63072000 referrer-policy no-referrer x-content-type-options nosniff last-modified Tue, 20 Jun 2023 13:29:30 GMT etag W/"e45-188d8fefe90" x-powered-by Express x-frame-options DENY content-type image/png cache-control public, max-age=0 accept-ranges bytes x-robots-tag none,noarchive,nosnippet,notranslate,noimageindex,nositelinkssearchbox content-length 3653
GET H2	200	worldline_labs_green.png banka.w3cdemo.labs.wl.tc/img/	24 KB 24 KB	51ms 51ms	Image image/png	160.92.7.34 WORLDLINE
General Check archive.org Show headers Download Go to Show image Full URL https://banka.w3cdemo.labs.wl.tc/img/worldline_labs_green.png Requested by Host: banka.w3cdemo.labs.wl.tc URL: https://banka.w3cdemo.labs.wl.tc/stylesheets/style.css Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 160.92.7.34 , France, ASN8677 (WORLDLINE, FR), Reverse DNS awl.li Software / Express Resource Hash 99a64ce99d93cfa7ea45b5cee82fa2da60fdbab5116587802e52dcde34bf1b75 Security Headers Name Value Strict-Transport-Security max-age=63072000 X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 06 Jul 2023 18:18:37 GMT strict-transport-security max-age=63072000 referrer-policy no-referrer x-content-type-options nosniff last-modified Tue, 20 Jun 2023 13:29:30 GMT etag W/"5f22-188d8fefe90" x-powered-by Express x-frame-options DENY content-type image/png cache-control public, max-age=0 accept-ranges bytes x-robots-tag none,noarchive,nosnippet,notranslate,noimageindex,nositelinkssearchbox content-length 24354

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery string| passcode function| updateNumpad function| passcodeClear function| passcodeBackspace function| passcodeInput function| updatePasscode function| webauthnAvailable function| registerUser boolean| autoConnect function| checkFido function| authenticate object| fpKey object| inputUsername

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			banka.w3cdemo.labs.wl.tc/	1970-01-20 13:05:53	Name: genbank.sid Value: s%3Azc-jnb_rKVSX71J5R5cyvKhakWx1kJUM.GaEzCL040H6UZkhIV5sAFTbWi1gBcAtBV1g3RSv22c8

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self';script-src 'self' 'nonce-4i70duEByW2HD3X3XWsPwA==';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self'
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

banka.w3cdemo.labs.wl.tc
160.92.7.34
1b5af3dbf4049827e6d7bf997f8c88ef21c90d68dee4bb3052be159890c8a527
608411638a51ae61ba6a9fe5464943089e99767dffa77ff43331ff343511f930
777a8609f8f50c07271f6803e33f6b2fc9220f8da8f0800b4af794239a6e7939
99a64ce99d93cfa7ea45b5cee82fa2da60fdbab5116587802e52dcde34bf1b75
babceb52af2a613cff13681c6af4c2d382ccc7db6f5147a512c9bf669d76f3dc
ce1df8ef94a4e3382c2183bebeaa264fc173b093d768a5104ea67449460cfca6
d0b509815925537c502dbf4e444df6b7a0619eb2938e9db1ee60dc332b03b067
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
e9a18de6b1a417510a7a4c50196c836391606c4b03ca8f81c071d66fdd8a8c7c