urlscan.io logo urlscan.io
SecurityTrails logo

api.login.test.lasso.io Open in urlscan Pro
44.233.144.74  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://api.login.test.lasso.io/
Effective URL: https://api.login.test.lasso.io/login/
Submission: On April 26 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 44.233.144.74, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is api.login.test.lasso.io.
TLS certificate: Issued by Amazon on December 30th 2021. Valid for: a year.
This is the only time api.login.test.lasso.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 44.233.144.74 16509 (AMAZON-02)
1 52.217.72.108 16509 (AMAZON-02)
9 2
Apex Domain
Subdomains		 Transfer
9 lasso.io
api.login.test.lasso.io
901 KB
1 amazonaws.com
lasso-public.s3.amazonaws.com
21 KB
9 2
Domain Requested by
9 api.login.test.lasso.io 1 redirects api.login.test.lasso.io
1 lasso-public.s3.amazonaws.com api.login.test.lasso.io
9 2

This site contains links to these domains. Also see Links.

Domain
platform.lasso.io
Subject Issuer Validity Valid
*.test.lasso.io
Amazon		 2021-12-30 -
2023-01-28		 a year crt.sh
*.s3.amazonaws.com
Amazon		 2021-12-15 -
2022-12-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://api.login.test.lasso.io/login/
Frame ID: 1F40CC024CE6F845524802B06A1FABC6
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

LASSO App

Page URL History Show full URLs

  1. https://api.login.test.lasso.io/ HTTP 302
    https://api.login.test.lasso.io/login/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

11 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

922 kB
Transfer

918 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://api.login.test.lasso.io/ HTTP 302
    https://api.login.test.lasso.io/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
api.login.test.lasso.io/login/
Redirect Chain
  • https://api.login.test.lasso.io/
  • https://api.login.test.lasso.io/login/
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.login.test.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.233.144.74 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-233-144-74.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
a189203a01e83d7a19d7a533d555318c20d96d4d445e1e9fd5499c274aafabcf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
content-language
en
content-length
2927
content-type
text/html; charset=utf-8
date
Tue, 26 Apr 2022 15:13:47 GMT
expires
Tue, 26 Apr 2022 15:13:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Cookie, Accept-Language
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-lasso-badge
0
x-lasso-title
Login
x-xss-protection
1; mode=block

Redirect headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
content-language
en
content-length
0
content-type
text/html; charset=utf-8
date
Tue, 26 Apr 2022 15:13:46 GMT
expires
Tue, 26 Apr 2022 15:13:46 GMT
location
/login/
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Language, Cookie
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
site.bfdf7dafa228.css
api.login.test.lasso.io/site_media/static/css/ 		431 KB
432 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.login.test.lasso.io/site_media/static/css/site.bfdf7dafa228.css
Requested by
Host: api.login.test.lasso.io
URL: https://api.login.test.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.233.144.74 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-233-144-74.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
8ab3638cf1f4ab79098a6913148add5a949f06567f64cf77ad012e831197d25e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.test.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:47 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Apr 2022 17:16:54 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css; charset="utf-8"
vary
Accept-Language, Cookie
content-length
441459
x-xss-protection
1; mode=block
logo-200.png
lasso-public.s3.amazonaws.com/_account_avatars/lasso/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lasso-public.s3.amazonaws.com/_account_avatars/lasso/logo-200.png
Requested by
Host: api.login.test.lasso.io
URL: https://api.login.test.lasso.io/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.72.108 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
d654de60c51b88a7be48ba226fbf0f00200f154be83ed244b027a539c7677f5a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.test.lasso.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Tue, 26 Apr 2022 15:13:48 GMT
Last-Modified
Mon, 26 Jun 2017 15:30:51 GMT
Server
AmazonS3
x-amz-request-id
WZC62G8EHXNAFHAZ
ETag
"963ef3b65b753d34b198b1e23a08b718"
Content-Type
image/png
x-amz-version-id
null
Accept-Ranges
bytes
Content-Length
20930
x-amz-id-2
Gs+ddmb8rtApTOeot1txUgMNlFccYmW5iiclCngKc2G/8csraZDd9TzpXX/2Dp+8X5ewx/iPYLo=
logo-lasso.026d252d86f0.png
api.login.test.lasso.io/site_media/static/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.login.test.lasso.io/site_media/static/images/logo-lasso.026d252d86f0.png
Requested by
Host: api.login.test.lasso.io
URL: https://api.login.test.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.233.144.74 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-233-144-74.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ce24f92ef5fc5dad9588aa5d08e67f0e8ee36d16da80268ebae66a80b952eaaf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.test.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:47 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Apr 2022 17:13:48 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
vary
Accept-Language, Cookie
content-length
4242
x-xss-protection
1; mode=block
jquery.min.e071abda8fe6.js
api.login.test.lasso.io/site_media/static/lib/jquery-3.1.1/ 		85 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.login.test.lasso.io/site_media/static/lib/jquery-3.1.1/jquery.min.e071abda8fe6.js
Requested by
Host: api.login.test.lasso.io
URL: https://api.login.test.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.233.144.74 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-233-144-74.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.test.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:47 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Apr 2022 17:13:48 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset="utf-8"
vary
Accept-Language, Cookie
content-length
86709
x-xss-protection
1; mode=block
eldarion-ajax.min.26f4e3b51051.js
api.login.test.lasso.io/site_media/static/lib/eldarion-ajax-0.16.0/js/ 		7 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.login.test.lasso.io/site_media/static/lib/eldarion-ajax-0.16.0/js/eldarion-ajax.min.26f4e3b51051.js
Requested by
Host: api.login.test.lasso.io
URL: https://api.login.test.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.233.144.74 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-233-144-74.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
84111273390b7c2b6ceb4dd41f5924ac81b80d240ca8eebdd8cd09bce05202d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.test.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:47 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Apr 2022 17:16:54 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset="utf-8"
vary
Accept-Language, Cookie
content-length
7351
x-xss-protection
1; mode=block
bootstrap.min.5869c96cc8f1.js
api.login.test.lasso.io/site_media/static/lib/bootstrap-3.3.7/js/ 		36 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.login.test.lasso.io/site_media/static/lib/bootstrap-3.3.7/js/bootstrap.min.5869c96cc8f1.js
Requested by
Host: api.login.test.lasso.io
URL: https://api.login.test.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.233.144.74 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-233-144-74.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.test.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:47 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Apr 2022 17:16:54 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset="utf-8"
vary
Accept-Language, Cookie
content-length
37045
x-xss-protection
1; mode=block
site.d1a615faf569.js
api.login.test.lasso.io/site_media/static/js/ 		311 KB
311 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.login.test.lasso.io/site_media/static/js/site.d1a615faf569.js
Requested by
Host: api.login.test.lasso.io
URL: https://api.login.test.lasso.io/login/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.233.144.74 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-233-144-74.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
dad5a1c3bf804046f0d3b8b1a4a82c6ae3c4df9e4f61109280c120fbba52994e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.login.test.lasso.io/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:47 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Apr 2022 17:13:48 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset="utf-8"
vary
Accept-Language, Cookie
content-length
318062
x-xss-protection
1; mode=block
32A512_0_0.f8ee7ee7b31a.woff2
api.login.test.lasso.io/site_media/static/fonts/avenir/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.login.test.lasso.io/site_media/static/fonts/avenir/32A512_0_0.f8ee7ee7b31a.woff2
Requested by
Host: api.login.test.lasso.io
URL: https://api.login.test.lasso.io/site_media/static/css/site.bfdf7dafa228.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.233.144.74 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-233-144-74.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
0a67c074103a9838be83642d915dfd3f1bb0aae46120e1cf1c93523852273506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://api.login.test.lasso.io/site_media/static/css/site.bfdf7dafa228.css
Origin
https://api.login.test.lasso.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 15:13:48 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Apr 2022 17:16:54 GMT
x-frame-options
SAMEORIGIN
content-language
en
access-control-allow-origin
*
cache-control
public, max-age=315360000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
font/woff2
vary
Accept-Language, Cookie
content-length
20824
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| $ function| jQuery undefined| __nativeST__ undefined| __nativeSI__ function| Color function| Chart function| debounce object| lasso

1 Cookies

Domain/Path Name / Value
api.login.test.lasso.io/ Name: csrftoken
Value: qvGa72y0ymXaDFuvEBBTAWz8KFmqpLQ3bHiZ9wGSpR7R6kl1dRu6slkmnQM6YTsO

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block