urlscan.io logo urlscan.io
SecurityTrails logo

cmp.nxplatform.io Open in urlscan Pro
13.67.9.1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://cmp.nxplatform.io/
Effective URL: https://cmp.nxplatform.io/
Submission: On April 28 via manual from SG — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 15 HTTP transactions. The main IP is 13.67.9.1, located in Singapore and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is cmp.nxplatform.io.
TLS certificate: Issued by GeoTrust Global TLS RSA4096 SHA256 20... on December 14th 2022. Valid for: 6 months.
This is the only time cmp.nxplatform.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 13.67.9.1 8075 (MICROSOFT...)
1 1 23.50.31.75 16625 (AKAMAI-AS)
1 13.33.33.126 16509 (AMAZON-02)
2 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
3 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
15 6
8    13.67.9.1 (Singapore)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
cmp.nxplatform.io
1    23.50.31.75 (Tseung Kwan O, Hong Kong)

ASN16625 (AKAMAI-AS, US)
PTR: a23-50-31-75.deploy.static.akamaitechnologies.com
cloud.typography.com
1    13.33.33.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-33-126.sin2.r.cloudfront.net
cldcvr.com
2    2404:6800:4003:c1a::66 (Singapore)

ASN15169 (GOOGLE, US)
apis.google.com
1    2404:6800:4003:c1a::61 (Singapore)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2404:6800:4003:c02::54 (Singapore)

ASN15169 (GOOGLE, US)
accounts.google.com
1    2404:6800:4003:c11::5e (Singapore)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
8 nxplatform.io
cmp.nxplatform.io
1 MB
5 google.com
apis.google.com — Cisco Umbrella Rank: 236
accounts.google.com — Cisco Umbrella Rank: 92
49 KB
1 gstatic.com
www.gstatic.com
35 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
82 KB
1 cldcvr.com
cldcvr.com
1 typography.com
cloud.typography.com — Cisco Umbrella Rank: 8491
443 B
15 6
Domain Requested by
8 cmp.nxplatform.io 1 redirects cmp.nxplatform.io
3 accounts.google.com apis.google.com
cmp.nxplatform.io
www.gstatic.com
2 apis.google.com cmp.nxplatform.io
apis.google.com
1 www.gstatic.com accounts.google.com
1 www.googletagmanager.com cmp.nxplatform.io
1 cldcvr.com cmp.nxplatform.io
1 cloud.typography.com 1 redirects
15 7

This site contains no links.

Subject Issuer Validity Valid
cmp.nxplatform.io
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2022-12-14 -
2023-06-14		 6 months crt.sh
*.apis.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://cmp.nxplatform.io/
Frame ID: 61F51B0ED6CF51794B781DF0E2346D52
Requests: 11 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 6F0C5D879EF4C222E14F9A6E3470356B
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. http://cmp.nxplatform.io/ HTTP 301
    https://cmp.nxplatform.io/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

15
Requests

93 %
HTTPS

57 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

1256 kB
Transfer

3918 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cmp.nxplatform.io/ HTTP 301
    https://cmp.nxplatform.io/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://cloud.typography.com/7371256/6548392/css/fonts.css HTTP 302
  • https://cldcvr.com/product-fonts/835631/2B9E725E3E20ED1CD.css

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
cmp.nxplatform.io/
Redirect Chain
  • http://cmp.nxplatform.io/
  • https://cmp.nxplatform.io/
1 KB
904 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cmp.nxplatform.io/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.67.9.1 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
ecee18267f793dac7c61cac9b7830f10fd10acc1c1f37f324d91068ac02709db

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

Content-Encoding
gzip
Content-Type
text/html
Date
Fri, 28 Apr 2023 06:32:29 GMT
ETag
W/"642e9141-529"
Last-Modified
Thu, 06 Apr 2023 09:30:41 GMT
Server
nginx/1.22.1
Transfer-Encoding
chunked

Redirect headers

Content-Length
0
Date
Fri, 28 Apr 2023 06:32:29 GMT
Location
https://cmp.nxplatform.io/
index.7ab5d821.js
cmp.nxplatform.io/assets/ 		157 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp.nxplatform.io/assets/index.7ab5d821.js
Requested by
Host: cmp.nxplatform.io
URL: https://cmp.nxplatform.io/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.67.9.1 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
096bc0b2563c51619047397744552d3436fbd88f7c0d9e3e7e93f6ee49c79128

Request headers

Referer
https://cmp.nxplatform.io/
Origin
https://cmp.nxplatform.io
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Fri, 28 Apr 2023 06:32:29 GMT
Content-Encoding
gzip
Last-Modified
Thu, 06 Apr 2023 09:30:41 GMT
Server
nginx/1.22.1
ETag
W/"642e9141-275a5"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000
Expires
Sun, 28 May 2023 06:32:29 GMT
vendor.a285d4d7.js
cmp.nxplatform.io/assets/ 		3 MB
942 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp.nxplatform.io/assets/vendor.a285d4d7.js
Requested by
Host: cmp.nxplatform.io
URL: https://cmp.nxplatform.io/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.67.9.1 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
cad7a5031d7d74e48f9279185e5e7e6187e2a7c43b62d8b43bc69eebf536cc01

Request headers

Referer
https://cmp.nxplatform.io/
Origin
https://cmp.nxplatform.io
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Fri, 28 Apr 2023 06:32:29 GMT
Content-Encoding
gzip
Last-Modified
Thu, 06 Apr 2023 09:30:41 GMT
Server
nginx/1.22.1
ETag
W/"642e9141-29db31"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000
Expires
Sun, 28 May 2023 06:32:29 GMT
index.40d65999.css
cmp.nxplatform.io/assets/ 		605 KB
94 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cmp.nxplatform.io/assets/index.40d65999.css
Requested by
Host: cmp.nxplatform.io
URL: https://cmp.nxplatform.io/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.67.9.1 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
40d65999ed3224672f762938334e66735de2391d2ef5d9c95f9d9597a8c1020c

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://cmp.nxplatform.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Fri, 28 Apr 2023 06:32:29 GMT
Content-Encoding
gzip
Last-Modified
Thu, 06 Apr 2023 09:30:41 GMT
Server
nginx/1.22.1
ETag
W/"642e9141-975e2"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=2592000
Expires
Sun, 28 May 2023 06:32:29 GMT
2B9E725E3E20ED1CD.css
cldcvr.com/product-fonts/835631/
Redirect Chain
  • https://cloud.typography.com/7371256/6548392/css/fonts.css
  • https://cldcvr.com/product-fonts/835631/2B9E725E3E20ED1CD.css
0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cldcvr.com/product-fonts/835631/2B9E725E3E20ED1CD.css
Requested by
Host: cmp.nxplatform.io
URL: https://cmp.nxplatform.io/assets/index.40d65999.css
Protocol
H2
Server
13.33.33.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-33-126.sin2.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://cmp.nxplatform.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Redirect headers

Date
Fri, 28 Apr 2023 06:32:30 GMT
Last-Modified
Wed, 24 Nov 2021 06:33:19 GMT
Server
AkamaiNetStorage
X-HCo-pid
16
ETag
"7c9c32da471a5bd6538cea122aa914c8:1637735597.87455"
Content-Type
text/html
Location
https://cldcvr.com/product-fonts/835631/2B9E725E3E20ED1CD.css
Cache-Control
must-revalidate, private
Connection
keep-alive
Content-Length
154
Expires
Fri, 28 April 2023 06:32:30 GMT
base-06e3b633.es-RJCGOVTQ.b54247bb.js
cmp.nxplatform.io/assets/ 		31 B
328 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp.nxplatform.io/assets/base-06e3b633.es-RJCGOVTQ.b54247bb.js
Requested by
Host: cmp.nxplatform.io
URL: https://cmp.nxplatform.io/assets/vendor.a285d4d7.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.67.9.1 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
0dcf50a048a5669e5d25bf08f51ac3f47d5ccb0c4dc3070f340e698a23b626ff

Request headers

Referer
https://cmp.nxplatform.io/
Origin
https://cmp.nxplatform.io
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Fri, 28 Apr 2023 06:32:31 GMT
Last-Modified
Thu, 06 Apr 2023 09:30:41 GMT
Server
nginx/1.22.1
ETag
"642e9141-1f"
Content-Type
application/javascript
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Content-Length
31
Expires
Sun, 28 May 2023 06:32:31 GMT
api.js
apis.google.com/js/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/api.js
Requested by
Host: cmp.nxplatform.io
URL: https://cmp.nxplatform.io/assets/vendor.a285d4d7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c1a::66 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5064ba7b500ec492ddab2be685221e97532908ac2bab709090de4dfb077c918d
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://cmp.nxplatform.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 28 Apr 2023 06:32:31 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6897
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"757175b5e943406e"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 28 Apr 2023 06:32:31 GMT
js
www.googletagmanager.com/gtag/ 		236 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-XWETDSCEQF
Requested by
Host: cmp.nxplatform.io
URL: https://cmp.nxplatform.io/assets/index.7ab5d821.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c1a::61 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6667b381ad7ba169192c19d9b9a07f3c52aaed5890cf7b3522427c73eb9e4ebe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://cmp.nxplatform.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Fri, 28 Apr 2023 06:32:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
83102
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 28 Apr 2023 06:32:31 GMT
nx-vertical-logo.png
cmp.nxplatform.io/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cmp.nxplatform.io/nx-vertical-logo.png
Requested by
Host: cmp.nxplatform.io
URL: https://cmp.nxplatform.io/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.67.9.1 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
34c39638ffb383471e45410e0ed9b45e9ddb9e45fa055111ea258a49f0b92fac

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://cmp.nxplatform.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Fri, 28 Apr 2023 06:32:31 GMT
Last-Modified
Thu, 06 Apr 2023 09:30:39 GMT
Server
nginx/1.22.1
ETag
"642e913f-ef1"
Content-Type
image/png
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Content-Length
3825
Expires
Sun, 28 May 2023 06:32:31 GMT
profile
cmp.nxplatform.io/identity/v0/users/self/ 		79 B
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cmp.nxplatform.io/identity/v0/users/self/profile
Requested by
Host: cmp.nxplatform.io
URL: https://cmp.nxplatform.io/assets/vendor.a285d4d7.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.67.9.1 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
8d9710d820899fb018d1bba3b2e088c1b5ec11e68413003da107c8f0a5761a80

Request headers

Accept
application/json, text/plain, */*
Referer
https://cmp.nxplatform.io/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Fri, 28 Apr 2023 06:32:31 GMT
x-envoy-upstream-service-time
1
Server
nginx/1.22.1
Content-Length
79
Vary
Origin
X-Request-ID
5a310c89-8299-4fa4-b7da-c2f0f46e8e8b
Content-Type
application/json
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.zh_CN.quTwr4-C3FA.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9n_GI23vRmygLB8-P-XnZJbFGxvg/ 		116 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.zh_CN.quTwr4-C3FA.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9n_GI23vRmygLB8-P-XnZJbFGxvg/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c1a::66 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1f8d667b706cda220bb8cfaf9195b273ad86e71fd8ce10e9b32d9ba625f14d23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://cmp.nxplatform.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 14:58:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
228837
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40092
x-xss-protection
0
last-modified
Sat, 01 Apr 2023 15:23:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 Apr 2024 14:58:34 GMT
iframe
accounts.google.com/o/oauth2/ Frame 6F0C 		283 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.zh_CN.quTwr4-C3FA.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9n_GI23vRmygLB8-P-XnZJbFGxvg/cb=gapi.loaded_0?le=scs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c02::54 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
78631f2d7e2f50d5a903b686500fe84ecb97afff8f3b4f589051f3b5042fa9b0
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-ldf2MGXyS4SjNXFDhTAvWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cmp.nxplatform.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-ldf2MGXyS4SjNXFDhTAvWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Fri, 28 Apr 2023 06:32:31 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
server
ESF
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-xss-protection
0
cspreport
accounts.google.com/_/IdpIFrameHttp/ Frame 6F0C 		2 KB
915 B 		Other
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/_/IdpIFrameHttp/cspreport
Requested by
Host: cmp.nxplatform.io
URL: https://cmp.nxplatform.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c02::54 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
aece6520022b5e933679a5cc2bb550c5d444a7e59dd731224f08841af4e8e27e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Fri, 28 Apr 2023 06:32:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
m=base
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.zh_CN.oEbZYoPuSIw.es5.O/d=1/rs=AOaEmlGsdCGGpz2z9opyWrZsZEGwtwlCeg/ Frame 6F0C 		100 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.zh_CN.oEbZYoPuSIw.es5.O/d=1/rs=AOaEmlGsdCGGpz2z9opyWrZsZEGwtwlCeg/m=base
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c11::5e , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f775e704b958e14cd243f8374a42d16086f93abdd8c72000b7ec1984b9f8353a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 22:17:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
202485
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35244
x-xss-protection
0
last-modified
Fri, 21 Apr 2023 20:42:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 24 Apr 2024 22:17:46 GMT
iframerpc
accounts.google.com/o/oauth2/ Frame 6F0C 		50 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fcmp.nxplatform.io&client_id=177012935306-8ker7pkj76ciuin6hpvk9s940rij8jo4.apps.googleusercontent.com
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.zh_CN.oEbZYoPuSIw.es5.O/d=1/rs=AOaEmlGsdCGGpz2z9opyWrZsZEGwtwlCeg/m=base
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4003:c02::54 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
427653d8b0569e986b88bb7dca1852b627a034f69be1da68b150eb0d2bbacb5d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-95CJHQgVtvDCqZ770rQB4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
X-Requested-With
XmlHttpRequest
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Fri, 28 Apr 2023 06:32:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
script-src 'report-sample' 'nonce-95CJHQgVtvDCqZ770rQB4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
content-encoding
gzip
cross-origin-embedder-policy
require-corp
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site, Origin
content-type
application/json; charset=utf-8
cache-control
private, max-age=3600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Fri, 28 Apr 2023 06:32:31 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| dataLayer function| gtag string| VUE_APP_API_BASE_URL string| VUE_APP_SITE_URL object| __core-js_shared__ object| core object| gapi object| ___jsl object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| osapi

2 Cookies

Domain/Path Name / Value
.cmp.nxplatform.io/ Name: G_ENABLED_IDPS
Value: google
.google.com/ Name: NID
Value: 511=rzyOkVKWvw3cpeopp4jVOVAvHgi-q_pPioKerYF2VVqadVJxObCyflOOvClolGClgEq8kyTiWSOKO3V1HvXXWgd8bzui3oZeUa50pFeniMc-tjID4jJEKVtxI_ihl6fEGXv3W6bDqHIgbueWHsrrwYCgc-VHhkMoDL1uMNnaP5A

5 Console Messages

Source Level URL
Text
network error URL: https://cldcvr.com/product-fonts/835631/2B9E725E3E20ED1CD.css
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://cmp.nxplatform.io/identity/v0/users/self/profile
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)
security warning URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.zh_CN.quTwr4-C3FA.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9n_GI23vRmygLB8-P-XnZJbFGxvg/cb=gapi.loaded_0?le=scs(Line 177)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://accounts.google.com/_/IdpIFrameHttp/cspreport
Message:
Failed to load resource: the server responded with a status of 400 ()