urlscan.io logo urlscan.io
SecurityTrails logo

hsbc-staging.kikoya.mx Open in urlscan Pro
52.200.34.95  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://hsbc-staging.kikoya.mx/
Effective URL: https://hsbc-staging.kikoya.mx/landing
Submission: On July 20 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 13 HTTP transactions. The main IP is 52.200.34.95, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is hsbc-staging.kikoya.mx.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 20th 2020. Valid for: 3 months.
This is the only time hsbc-staging.kikoya.mx was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5 52.200.34.95 14618 (AMAZON-AES)
2 52.216.128.149 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
13 5
5    52.200.34.95 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-34-95.compute-1.amazonaws.com
hsbc-staging.kikoya.mx
2    52.216.128.149 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com
2    2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700:3037::6812:323a (United States)

ASN13335 (CLOUDFLARENET, US)
app-sandbox.mifiel.com
4    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Domain Requested by
5 hsbc-staging.kikoya.mx 1 redirects hsbc-staging.kikoya.mx
4 fonts.gstatic.com hsbc-staging.kikoya.mx
2 fonts.googleapis.com hsbc-staging.kikoya.mx
2 s3.amazonaws.com hsbc-staging.kikoya.mx
1 app-sandbox.mifiel.com hsbc-staging.kikoya.mx
13 5

This site contains no links.

Subject Issuer Validity Valid
hsbc-staging.kikoya.mx
Let's Encrypt Authority X3		 2020-07-20 -
2020-10-18		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-06-30 -
2020-09-22		 3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-01-30 -
2020-10-09		 8 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-06-30 -
2020-09-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://hsbc-staging.kikoya.mx/landing
Frame ID: 744929A112D6623E5114CA9F874B6861
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://hsbc-staging.kikoya.mx/ HTTP 302
    https://hsbc-staging.kikoya.mx/landing Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^Cowboy$/i
Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i
Overall confidence: 100%
Detected patterns
  • headers server /^Cowboy$/i
Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i

Page Statistics

13
Requests

85 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

730 kB
Transfer

2736 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hsbc-staging.kikoya.mx/ HTTP 302
    https://hsbc-staging.kikoya.mx/landing Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set landing
hsbc-staging.kikoya.mx/
Redirect Chain
  • https://hsbc-staging.kikoya.mx/
  • https://hsbc-staging.kikoya.mx/landing
11 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hsbc-staging.kikoya.mx/landing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.34.95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-34-95.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
23c2b12707631d54a821e0b98b89779d866b73c24314eb701f4e02b0919a798c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
hsbc-staging.kikoya.mx
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
Cowboy
Date
Mon, 20 Jul 2020 18:44:14 GMT
Connection
keep-alive
X-Frame-Options
SAMEORIGIN
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Type
text/html; charset=utf-8
Etag
W/"713f8c642e650534f0a6ff37caabe9d8"
Cache-Control
max-age=0, private, must-revalidate
Set-Cookie
_creditos_session=UmR6amlYZ0NLbnBkSXgxUGlDKzJLYXh1ZGtRYitvbXdVODhwSFU3c00yK1lQVGxYL3VGNTF2bGM5b2l4c2l2K2FINWpaMHNIUklkUmJ1bld3MlUvTGRvNFZoZzQ4RXJoVFg4RkRSMEpXWHpJZlpORkNWWWZGSXJRU1NMTFUvd2RabktlSHJWbjh6cDJKeEgvSnNiWXFBPT0tLVp1UXVLY2lFa0JOamdZMXNhSmIrOVE9PQ%3D%3D--5e4acf7d3ebf0daded48893061130d009e44e45b; path=/; secure; HttpOnly
X-Request-Id
205bc2c8-751a-4f0e-85e1-78b86dcfd941
X-Runtime
0.059126
Strict-Transport-Security
max-age=31536000
Vary
Origin
Transfer-Encoding
chunked
Via
1.1 vegur

Redirect headers

Server
Cowboy
Date
Mon, 20 Jul 2020 18:44:14 GMT
Connection
keep-alive
X-Frame-Options
SAMEORIGIN
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
Location
https://hsbc-staging.kikoya.mx/landing
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache
X-Request-Id
1b194a23-67e0-46cf-bf9c-fd60ed5465f2
X-Runtime
0.014023
Strict-Transport-Security
max-age=31536000
Vary
Origin
Transfer-Encoding
chunked
Via
1.1 vegur
application-c3a77227416f5cd3a18d56e2f137381008e7b864d83207bc6362c3955562e692.css
hsbc-staging.kikoya.mx/assets/ 		428 KB
65 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hsbc-staging.kikoya.mx/assets/application-c3a77227416f5cd3a18d56e2f137381008e7b864d83207bc6362c3955562e692.css
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/landing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.34.95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-34-95.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
66ec0c558e69bbf02dfffd78b5015adf941af3bfa2c1ceb9fa4682e3dbf1f5a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://hsbc-staging.kikoya.mx/landing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 20 Jul 2020 18:44:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 01 Jul 2020 18:55:55 GMT
Server
Cowboy
Vary
Accept-Encoding, Origin
Content-Type
text/css
Via
1.1 vegur
Connection
keep-alive
Strict-Transport-Security
max-age=31536000
Content-Length
66549
application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js
hsbc-staging.kikoya.mx/assets/ 		2 MB
533 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/landing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.34.95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-34-95.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://hsbc-staging.kikoya.mx/landing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 20 Jul 2020 18:44:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Jul 2020 19:22:28 GMT
Server
Cowboy
Vary
Accept-Encoding, Origin
Content-Type
application/javascript
Via
1.1 vegur
Connection
keep-alive
Strict-Transport-Security
max-age=31536000
Content-Length
545020
logotipo.png
s3.amazonaws.com/arbol-financiero-staging/uploads/9/landing/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://s3.amazonaws.com/arbol-financiero-staging/uploads/9/landing/logotipo.png
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/landing
Protocol
HTTP/1.1
Server
52.216.128.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
logotipoAdelana.png
s3.amazonaws.com/arbol-financiero-staging/uploads/9/landing/https%3A//s3.amazonaws.com/arbol-financiero-production/static-files/whitelabels/freemium/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://s3.amazonaws.com/arbol-financiero-staging/uploads/9/landing/https%3A//s3.amazonaws.com/arbol-financiero-production/static-files/whitelabels/freemium/logotipoAdelana.png
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/landing
Protocol
HTTP/1.1
Server
52.216.128.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
css
fonts.googleapis.com/ 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,300,300italic,400italic,700,700italic
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/landing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
81e80ee9f76c33a09fe3cfe56a41718290bd5abd3a41d9cd9805edb5e4a83602
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://hsbc-staging.kikoya.mx/landing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 20 Jul 2020 18:44:15 GMT
server
ESF
date
Mon, 20 Jul 2020 18:44:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 20 Jul 2020 18:44:15 GMT
css
fonts.googleapis.com/ 		10 KB
946 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,400,300
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/landing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ebb6e66b13d40d5c52cd9424d0a84ada975458861ae5750b495dc9114c5d8bc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://hsbc-staging.kikoya.mx/landing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 20 Jul 2020 18:33:13 GMT
server
ESF
date
Mon, 20 Jul 2020 18:44:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 20 Jul 2020 18:44:15 GMT
sign-widget-v1.0.0.js
app-sandbox.mifiel.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app-sandbox.mifiel.com/sign-widget-v1.0.0.js
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:323a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
585e1d1da7164c6010b133fabb5d447cf580f51b97da5057831fa4ce0598d0a3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://hsbc-staging.kikoya.mx/landing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 20 Jul 2020 18:44:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Wed, 08 Jul 2020 17:15:01 GMT
server
cloudflare
etag
W/"5f05ff15-933"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=691200
cf-ray
5b5ed522acf5c2e0-FRA
cf-request-id
040f2389a50000c2e0311f5200000001
fontawesome-webfont-2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe.woff2
hsbc-staging.kikoya.mx/assets/font-awesome/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hsbc-staging.kikoya.mx/assets/font-awesome/fontawesome-webfont-2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe.woff2?v=4.7.0
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.34.95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-34-95.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://hsbc-staging.kikoya.mx/assets/application-c3a77227416f5cd3a18d56e2f137381008e7b864d83207bc6362c3955562e692.css
Origin
https://hsbc-staging.kikoya.mx

Response headers

Date
Mon, 20 Jul 2020 18:44:15 GMT
Via
1.1 vegur
Vary
Origin
Last-Modified
Tue, 08 Oct 2019 18:46:55 GMT
Server
Cowboy
Strict-Transport-Security
max-age=31536000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/font-woff2
Access-Control-Allow-Origin
https://hsbc-staging.kikoya.mx
Access-Control-Max-Age
7200
Connection
keep-alive
Content-Length
77160
Access-Control-Expose-Headers
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,300,300italic,400italic,700,700italic
Origin
https://hsbc-staging.kikoya.mx

Response headers

date
Sat, 11 Jul 2020 09:25:45 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
811111
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11016
x-xss-protection
0
expires
Sun, 11 Jul 2021 09:25:45 GMT
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,400,300
Origin
https://hsbc-staging.kikoya.mx

Response headers

date
Thu, 09 Jul 2020 01:03:18 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:49 GMT
server
sffe
age
1014058
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9132
x-xss-protection
0
expires
Fri, 09 Jul 2021 01:03:18 GMT
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,300,300italic,400italic,700,700italic
Origin
https://hsbc-staging.kikoya.mx

Response headers

date
Thu, 16 Jul 2020 19:53:18 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:52 GMT
server
sffe
age
341458
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11180
x-xss-protection
0
expires
Fri, 16 Jul 2021 19:53:18 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: hsbc-staging.kikoya.mx
URL: https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,300,300italic,400italic,700,700italic
Origin
https://hsbc-staging.kikoya.mx

Response headers

date
Fri, 12 Jun 2020 13:44:12 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:58 GMT
server
sffe
age
3301204
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11020
x-xss-protection
0
expires
Sat, 12 Jun 2021 13:44:12 GMT

Verdicts & Comments Add Verdict or Comment

169 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| seekZero function| RecordRTC function| RecordRTCConfiguration function| GetRecorderType function| MRecordRTC function| bytesToSize function| invokeSaveAsDialog function| isElectron function| getTracks function| setSrcObject function| getSeekableBlob function| isMediaRecorderCompatible function| MediaStreamRecorder function| StereoAudioRecorder function| CanvasRecorder function| WhammyRecorder function| GifRecorder function| MultiStreamsMixer function| MultiStreamRecorder function| RecordRTCPromisesHandler function| WebAssemblyRecorder function| displaySignatureOptions function| setNameOnTextField function| setAuthorityOnTextField function| validateSignersForm function| signedCallback function| requestSignature function| addEventToButton function| changeRadios function| validateEnrollmentOptions function| appearsOnSignUpOk function| checkIfRfcEnabled function| checkIfCellphoneEnabled function| Finance string| browserFakeUserAgent undefined| lastTime boolean| isEdge boolean| isOpera boolean| isFirefox boolean| isChrome boolean| isSafari object| Whammy object| DiskStorage function| $ function| jQuery object| jQuery1124012277762210779519 function| AbstractChosen function| SelectParser object| Turbolinks function| swal function| sweetAlert function| BaseClass function| Component function| Docxtemplater function| JSZip object| JSZipUtils function| require function| Color function| Chart object| TinyMCERails object| tinymce object| tinyMCE object| zip object| DEFAULT_CHOSEN_OPTIONS function| startChosen function| sweet_confirm function| sweet_alert function| sweet_success function| custom_alert function| AddressFill function| AddressZipCode object| Admin object| CarDealerships object| ArbolScoreResults function| CreditReportRequestPinCode function| CreditReportUpdateWithPinCode function| initMap function| AsyncLink function| AttendoNewProject function| AutosavingField function| BeeInitializer function| BirthdaySelection function| CalculatePayment function| CirculoAuthenticationReports function| CirculoAuthenticationReportsStatus function| CollectionCreate function| CollectionRemove function| ContactRequests function| CreditReportRequestForm function| CardsControlComponent function| JointObligorPrivateLink function| FormHandler function| DependentElementDisplay function| DeviseAjaxyForm function| DocumentRemove function| DocumentRemoveBureau function| EmploymentRecordCreate function| EmploymentRecordRemove function| EmploymentRecordWarning function| EnableDisableCampusesGroups function| FinancialAssetCreate function| FinancialAssetRemove object| Financier object| Pollings function| FinancierType object| ProductApplications function| ProductLandingPages function| ProductLandingPagesForm function| FinancingConfigCarVersion function| ReportBlacklistUpdatesRequest function| GenerateReport function| GetMonthlyPayment function| ProgressBarGrower object| Helpers object| ContentEditables function| FlashMessage function| ZipParser function| LaudexFinancingOpts function| LivePreapprovalResultsTable object| mifiel function| initOcularVisitMap function| OcularVisitVideoRecorder function| PhotoModals function| ProductApplicationPhoto function| PackageCertificate function| PasswordGenerator function| PersonalReferenceCreate function| PersonalReferenceRemove function| PolledOperation function| PreapprovalResultStatuses function| PreviousAddress function| PreviousStudyCreate function| PreviousStudyRemove function| ProductApplicationDestroy function| ProductApplicationMessages function| ProductApplicationSearchForm function| ProductApplicationStatuses function| ProductApplicationSubmit function| EmploymentDocumentTypeUpdate function| initMaps function| UpdateProductApplication function| ProductApplicationsOrderBy object| Products function| ProgressBar function| ProjectSubmit object| Projects function| RemoveJointObligor function| ReportRequest function| ReportRequestStatus function| RfcCreation object| Routes function| ScrollableRow function| SearchProducts function| SearchProductsCampusLoader object| CustomForms object| Settings function| StatusModal function| StepBubbles function| SubmitDocument function| SubmitDocumentBureau function| ToggleDisplayInput object| User function| ValidationObligorModal object| Validations function| DocumentTypeValidator function| QuestionaryVerification object| VerificationRequests function| isEmpty function| encodeQueryData

1 Cookies

Domain/Path Name / Value
hsbc-staging.kikoya.mx/ Name: _creditos_session
Value: UmR6amlYZ0NLbnBkSXgxUGlDKzJLYXh1ZGtRYitvbXdVODhwSFU3c00yK1lQVGxYL3VGNTF2bGM5b2l4c2l2K2FINWpaMHNIUklkUmJ1bld3MlUvTGRvNFZoZzQ4RXJoVFg4RkRSMEpXWHpJZlpORkNWWWZGSXJRU1NMTFUvd2RabktlSHJWbjh6cDJKeEgvSnNiWXFBPT0tLVp1UXVLY2lFa0JOamdZMXNhSmIrOVE9PQ%3D%3D--5e4acf7d3ebf0daded48893061130d009e44e45b

5 Console Messages

Source Level URL
Text
console-api warning URL: https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js(Line 38)
Message:
DEPRECATED: This filename doesn't follow the convention, use bootstrap-datepicker.en-CA.js instead.
console-api warning URL: https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js(Line 38)
Message:
DEPRECATED: The language code "kh" is deprecated and will be removed in 2.0. For Khmer support use "km" instead.
console-api warning URL: https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js(Line 38)
Message:
DEPRECATED: The language code "kr" is deprecated and will be removed in 2.0. For korean support use "ko" instead.
console-api warning URL: https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js(Line 38)
Message:
DEPRECATED: This language code "rs-latin" is deprecated (invalid serbian language code) and will be removed in 2.0. For Serbian latin support use "sr-latin" instead.
console-api warning URL: https://hsbc-staging.kikoya.mx/assets/application-a6d6a690bc08254058e2daf70d1d82bbb53445f22a93fb9df4d2651de6799e7e.js(Line 38)
Message:
DEPRECATED: This language code "rs" is deprecated (invalid serbian language code) and will be removed in 2.0. For Serbian support use "sr" instead.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block