urlscan.io logo urlscan.io
SecurityTrails logo

api.login.prod.lasso.io Open in urlscan Pro
44.237.150.82  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://api.login.prod.lasso.io/
Effective URL: https://api.login.prod.lasso.io/login/
Submission: On April 26 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 44.237.150.82, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is api.login.prod.lasso.io.
TLS certificate: Issued by Amazon on January 31st 2022. Valid for: a year.
This is the only time api.login.prod.lasso.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 44.237.150.82 16509 (AMAZON-02)
1 52.217.228.89 16509 (AMAZON-02)
9 2
Apex Domain
Subdomains		 Transfer
9 lasso.io
api.login.prod.lasso.io
900 KB
1 amazonaws.com
lasso-public.s3.amazonaws.com
21 KB
9 2
Domain Requested by
9 api.login.prod.lasso.io 1 redirects api.login.prod.lasso.io
1 lasso-public.s3.amazonaws.com api.login.prod.lasso.io
9 2

This site contains links to these domains. Also see Links.

Domain
platform.lasso.io
Subject Issuer Validity Valid
*.lasso.io
Amazon		 2022-01-31 -
2023-03-01		 a year crt.sh
*.s3.amazonaws.com
Amazon		 2021-12-15 -
2022-12-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://api.login.prod.lasso.io/login/
Frame ID: AE4FA9B3B8B2C26407C9C1B2B2A9FEF9
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

LASSO App

Page URL History Show full URLs

  1. https://api.login.prod.lasso.io/ HTTP 302
    https://api.login.prod.lasso.io/login/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

11 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

921 kB
Transfer

917 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://api.login.prod.lasso.io/ HTTP 302
    https://api.login.prod.lasso.io/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
api.login.prod.lasso.io/login/
Redirect Chain
  • https://api.login.prod.lasso.io/
  • https://api.login.prod.lasso.io/login/
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.login.prod.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.237.150.82 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-237-150-82.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
72af3fdcc963f7d53e6272f745aaf9dde05a7176e23a6014ce8363fa8a544663
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
content-language
en
content-length
2927
content-type
text/html; charset=utf-8
date
Tue, 26 Apr 2022 15:13:55 GMT
expires
Tue, 26 Apr 2022 15:13:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Cookie, Accept-Language
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-lasso-badge
0
x-lasso-title
Login
x-xss-protection
1; mode=block

Redirect headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
content-language
en
content-length
0
content-type
text/html; charset=utf-8
date
Tue, 26 Apr 2022 15:13:54 GMT
expires
Tue, 26 Apr 2022 15:13:54 GMT
location
/login/
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Language, Cookie
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
site.57adc0a4315d.css
api.login.prod.lasso.io/site_media/static/css/ 		430 KB
431 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.login.prod.lasso.io/site_media/static/css/site.57adc0a4315d.css
Requested by
Host: api.login.prod.lasso.io
URL: https://api.login.prod.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.237.150.82 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-237-150-82.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
c1c77b7dc107d0a7ee17590462485a4648e237515b52b334e041ee87ac646067
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.prod.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:55 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Apr 2022 12:02:11 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css; charset="utf-8"
vary
Accept-Language, Cookie
content-length
440672
x-xss-protection
1; mode=block
logo-200.png
lasso-public.s3.amazonaws.com/_account_avatars/lasso/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lasso-public.s3.amazonaws.com/_account_avatars/lasso/logo-200.png
Requested by
Host: api.login.prod.lasso.io
URL: https://api.login.prod.lasso.io/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.228.89 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
d654de60c51b88a7be48ba226fbf0f00200f154be83ed244b027a539c7677f5a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.prod.lasso.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Tue, 26 Apr 2022 15:13:56 GMT
Last-Modified
Mon, 26 Jun 2017 15:30:51 GMT
Server
AmazonS3
x-amz-request-id
74604RFZ6QVNANPH
ETag
"963ef3b65b753d34b198b1e23a08b718"
Content-Type
image/png
x-amz-version-id
null
Accept-Ranges
bytes
Content-Length
20930
x-amz-id-2
nfzss0M2XezqP5t3T8D35ugO/wv65ZXyxFJzBqiFxQSRaCKLCvEZzGT68Y6cF2Tt4whE9wPwHZs=
logo-lasso.026d252d86f0.png
api.login.prod.lasso.io/site_media/static/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.login.prod.lasso.io/site_media/static/images/logo-lasso.026d252d86f0.png
Requested by
Host: api.login.prod.lasso.io
URL: https://api.login.prod.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.237.150.82 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-237-150-82.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ce24f92ef5fc5dad9588aa5d08e67f0e8ee36d16da80268ebae66a80b952eaaf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.prod.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:55 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Apr 2022 12:02:15 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
vary
Accept-Language, Cookie
content-length
4242
x-xss-protection
1; mode=block
jquery.min.e071abda8fe6.js
api.login.prod.lasso.io/site_media/static/lib/jquery-3.1.1/ 		85 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.login.prod.lasso.io/site_media/static/lib/jquery-3.1.1/jquery.min.e071abda8fe6.js
Requested by
Host: api.login.prod.lasso.io
URL: https://api.login.prod.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.237.150.82 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-237-150-82.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.prod.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 24 Apr 2022 12:02:09 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset="utf-8"
vary
Accept-Language, Cookie
content-length
86709
x-xss-protection
1; mode=block
eldarion-ajax.min.26f4e3b51051.js
api.login.prod.lasso.io/site_media/static/lib/eldarion-ajax-0.16.0/js/ 		7 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.login.prod.lasso.io/site_media/static/lib/eldarion-ajax-0.16.0/js/eldarion-ajax.min.26f4e3b51051.js
Requested by
Host: api.login.prod.lasso.io
URL: https://api.login.prod.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.237.150.82 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-237-150-82.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
84111273390b7c2b6ceb4dd41f5924ac81b80d240ca8eebdd8cd09bce05202d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.prod.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Apr 2022 12:01:20 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset="utf-8"
vary
Accept-Language, Cookie
content-length
7351
x-xss-protection
1; mode=block
bootstrap.min.5869c96cc8f1.js
api.login.prod.lasso.io/site_media/static/lib/bootstrap-3.3.7/js/ 		36 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.login.prod.lasso.io/site_media/static/lib/bootstrap-3.3.7/js/bootstrap.min.5869c96cc8f1.js
Requested by
Host: api.login.prod.lasso.io
URL: https://api.login.prod.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.237.150.82 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-237-150-82.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.prod.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Apr 2022 12:01:32 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset="utf-8"
vary
Accept-Language, Cookie
content-length
37045
x-xss-protection
1; mode=block
site.d1a615faf569.js
api.login.prod.lasso.io/site_media/static/js/ 		311 KB
311 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.login.prod.lasso.io/site_media/static/js/site.d1a615faf569.js
Requested by
Host: api.login.prod.lasso.io
URL: https://api.login.prod.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.237.150.82 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-237-150-82.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
dad5a1c3bf804046f0d3b8b1a4a82c6ae3c4df9e4f61109280c120fbba52994e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.prod.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:55 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Apr 2022 12:01:31 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset="utf-8"
vary
Accept-Language, Cookie
content-length
318062
x-xss-protection
1; mode=block
32A512_0_0.f8ee7ee7b31a.woff2
api.login.prod.lasso.io/site_media/static/fonts/avenir/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.login.prod.lasso.io/site_media/static/fonts/avenir/32A512_0_0.f8ee7ee7b31a.woff2
Requested by
Host: api.login.prod.lasso.io
URL: https://api.login.prod.lasso.io/site_media/static/css/site.57adc0a4315d.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.237.150.82 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-237-150-82.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
0a67c074103a9838be83642d915dfd3f1bb0aae46120e1cf1c93523852273506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.login.prod.lasso.io/site_media/static/css/site.57adc0a4315d.css
Origin
https://api.login.prod.lasso.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:56 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Apr 2022 12:02:14 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/woff2
vary
Accept-Language, Cookie
content-length
20824
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| $ function| jQuery undefined| __nativeST__ undefined| __nativeSI__ function| Color function| Chart function| debounce object| lasso

1 Cookies

Domain/Path Name / Value
api.login.prod.lasso.io/ Name: csrftoken
Value: dEG3IGjqNYQY267p0aqUfsuY5NZWmPjP52QhsLI9IkkPXaV6xAaqEePbXO3BjFMK

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block