indexo.dev

onetoken.app

.app crawl

First seen 2026-05-09 · Last seen 2026-05-09 · ok HTTP/1.1 200 1159 ms crawled 2026-05-15

US · 104.21.92.30 · AS13335 Cloudflare, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Login - OneBanking ICO
Language
en

Technology

CDN
Cloudflare
CMS
Gatsby

Third-party hosts loaded (1)

  • storage.googleapis.com×2

DNS records live

NS
  • adam.ns.cloudflare.com
  • cecelia.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
  • replit-verify=165b52e8-490b-4323-8f55-2610272814fc
  • v=DMARC1; p=none; pct=100; rua=mailto:re+zxiltjdurpv@dmarc.postmarkapp.com; sp=none; aspf=r;
Verified for
  • Google

Email authentication weak

SPF
v=spf1 ip4:93.127.192.152 include:relay.mailchannels.net a mx ip4:141.136.39.1 include:_spf.google.com ~all
softfail (~all)
DMARC
not published
DKIM
  • google: v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/O5wU5Egxyumhkz95aJBMfUGiT0dmYZucJvNaaRGIPElFArI8sCIVowuMCm+N+DCVXt9HshpxJ7/hr4…
selectors probed

Certificate (current)

WE1
from 2026-04-11 to 2026-07-10
Expires in 51 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://onetoken.app/accounts/login/

present
  • strict-transport-security
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
findings
  • missing Content Security Policy
  • missing Permissions Policy
Header values
referrer-policy
same-origin
x-frame-options
DENY
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
cross-origin-opener-policy
same-origin

Linked from (1)