urlscan.io logo urlscan.io
SecurityTrails logo

account.midtrans.com Open in urlscan Pro
104.16.43.37  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://account.midtrans.com/
Effective URL: https://account.midtrans.com/login
Submission: On December 27 via manual from ID
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 2 countries across 9 domains to perform 19 HTTP transactions. The main IP is 104.16.43.37, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is account.midtrans.com.
TLS certificate: Issued by Sectigo RSA Extended Validation Secur... on March 4th 2019. Valid for: a year.
This is the only time account.midtrans.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5 104.16.43.37 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 143.204.214.38 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 143.204.214.3 16509 (AMAZON-02)
1 143.204.214.122 16509 (AMAZON-02)
1 151.101.114.110 54113 (FASTLY)
1 162.247.242.18 23467 (NEWRELIC-...)
19 11
5    104.16.43.37 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
account.midtrans.com
1    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
1    2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
1    2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    143.204.214.38 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-214-38.fra53.r.cloudfront.net
d31qbv1cthcecs.cloudfront.net
2    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.gstatic.com
1    143.204.214.3 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-214-3.fra53.r.cloudfront.net
d5nxst8fruw4z.cloudfront.net
1    143.204.214.122 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-214-122.fra53.r.cloudfront.net
certify.alexametrics.com
1    151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
js-agent.newrelic.com
1    162.247.242.18 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-6.nr-data.net
bam.nr-data.net
Domain Requested by
5 account.midtrans.com 1 redirects account.midtrans.com
2 fonts.gstatic.com ajax.googleapis.com
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com account.midtrans.com
1 certify.alexametrics.com account.midtrans.com
1 d5nxst8fruw4z.cloudfront.net account.midtrans.com
1 d31qbv1cthcecs.cloudfront.net account.midtrans.com
1 www.google-analytics.com account.midtrans.com
1 ajax.googleapis.com account.midtrans.com
1 fonts.googleapis.com account.midtrans.com
0 stats.g.doubleclick.net Failed account.midtrans.com
19 11

This site contains no links.

Subject Issuer Validity Valid
account.midtrans.com
Sectigo RSA Extended Validation Secure Server CA		 2019-03-04 -
2020-04-01		 a year crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2019-07-17 -
2020-07-05		 a year crt.sh
*.google.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
certify.alexametrics.com
Amazon		 2019-07-26 -
2020-08-26		 a year crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-04-10 -
2020-03-21		 a year crt.sh
*.nr-data.net
GeoTrust RSA CA 2018		 2018-01-11 -
2020-03-17		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://account.midtrans.com/login
Frame ID: F3F343D3C2DE9E06A0B781A4D899FD65
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://account.midtrans.com/ HTTP 302
    https://account.midtrans.com/login Page URL

Detected technologies

Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i
Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

19
Requests

74 %
HTTPS

40 %
IPv6

9
Domains

11
Subdomains

11
IPs

2
Countries

164 kB
Transfer

567 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://account.midtrans.com/ HTTP 302
    https://account.midtrans.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
account.midtrans.com/
Redirect Chain
  • https://account.midtrans.com/
  • https://account.midtrans.com/login
14 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://account.midtrans.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.43.37 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc5400d433a2abcdc94761717b3b758113dedd294255122ee8ff930863fb2036
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.mxpnl.com js-agent.newrelic.com *.nr-data.net www.google.com www.gstatic.com cdn.optimizely.com *.google-analytics.com *.cloudfront.net; connect-src api.mixpanel.com; child-src www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.google-analytics.com certify.alexametrics.com cloudfront-labs.amazonaws.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
account.midtrans.com
:scheme
https
:path
/login
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
cookie
__cfduid=d6f627f5af5c4ff8ed64d23b165c6b6ae1577472800
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
date
Fri, 27 Dec 2019 18:53:22 GMT
content-type
text/html; charset=utf-8
cache-control
max-age=0, private, must-revalidate
content-language
en
etag
W/"42097ac7b2ce42b2545fd1e9fd2476e3"
set-cookie
_muffin_session=53b5b28f3c7c3b4b1956876c45723397; path=/; expires=Sat, 28 Dec 2019 00:53:21 -0000; HttpOnly
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-request-id
037da375-5ee6-4759-9368-3eb80cbd39a2
x-runtime
0.011795
x-xss-protection
1; mode=block
access-control-allow-origin
*
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.mxpnl.com js-agent.newrelic.com *.nr-data.net www.google.com www.gstatic.com cdn.optimizely.com *.google-analytics.com *.cloudfront.net; connect-src api.mixpanel.com; child-src www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.google-analytics.com certify.alexametrics.com cloudfront-labs.amazonaws.com
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
54bd7f2fed909d24-AMS
content-encoding
gzip

Redirect headers

status
302
date
Fri, 27 Dec 2019 18:53:21 GMT
content-type
text/html; charset=utf-8
content-length
100
set-cookie
__cfduid=d6f627f5af5c4ff8ed64d23b165c6b6ae1577472800; expires=Sun, 26-Jan-20 18:53:20 GMT; path=/; domain=.midtrans.com; HttpOnly; SameSite=Lax
cache-control
no-cache
content-language
en
location
https://account.midtrans.com/login
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-request-id
bf14e4ef-a2d1-4649-b42a-c3ae94c8db3a
x-runtime
0.003846
x-xss-protection
1; mode=block
access-control-allow-origin
*
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.mxpnl.com js-agent.newrelic.com *.nr-data.net www.google.com www.gstatic.com cdn.optimizely.com *.google-analytics.com *.cloudfront.net; connect-src api.mixpanel.com; child-src www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.google-analytics.com certify.alexametrics.com cloudfront-labs.amazonaws.com
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
54bd7f2acef99d24-AMS
application-70c49caf506f8736b67e1b5944a17a4faa95dbb3f57729c315226e8bab935fc5.css
account.midtrans.com/assets/ 		193 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.midtrans.com/assets/application-70c49caf506f8736b67e1b5944a17a4faa95dbb3f57729c315226e8bab935fc5.css
Requested by
Host: account.midtrans.com
URL: https://account.midtrans.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.43.37 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca48eff00d1f888bea8c25a3ac9ac7290d0c02fd1ef207fd552d32cb72ed5cb8
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.mxpnl.com js-agent.newrelic.com *.nr-data.net www.google.com www.gstatic.com cdn.optimizely.com *.google-analytics.com *.cloudfront.net; connect-src api.mixpanel.com; child-src www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.google-analytics.com certify.alexametrics.com cloudfront-labs.amazonaws.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://account.midtrans.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 27 Dec 2019 18:53:23 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Thu, 12 Dec 2019 08:43:43 GMT
server
cloudflare
access-control-allow-origin
*
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.mxpnl.com js-agent.newrelic.com *.nr-data.net www.google.com www.gstatic.com cdn.optimizely.com *.google-analytics.com *.cloudfront.net; connect-src api.mixpanel.com; child-src www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.google-analytics.com certify.alexametrics.com cloudfront-labs.amazonaws.com
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
cf-ray
54bd7f35dee09d24-AMS
content-length
21766
css
fonts.googleapis.com/ 		5 KB
703 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Requested by
Host: account.midtrans.com
URL: https://account.midtrans.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
89ac1771ea8d65a47a2e165b6e4697ad9cacda83315b9ddffbcb2e4782c128e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://account.midtrans.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 27 Dec 2019 18:53:22 GMT
server
ESF
access-control-allow-origin
*
date
Fri, 27 Dec 2019 18:53:22 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Fri, 27 Dec 2019 18:53:22 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Requested by
Host: account.midtrans.com
URL: https://account.midtrans.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://account.midtrans.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 20 Dec 2019 02:46:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
662828
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
33576
x-xss-protection
0
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 19 Dec 2020 02:46:14 GMT
application-58f46be8e10117bc47d77d92bfada93ca315bd0d0024cc7448661e8d0142d5d6.js
account.midtrans.com/assets/ 		158 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.midtrans.com/assets/application-58f46be8e10117bc47d77d92bfada93ca315bd0d0024cc7448661e8d0142d5d6.js
Requested by
Host: account.midtrans.com
URL: https://account.midtrans.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.43.37 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
58f46be8e10117bc47d77d92bfada93ca315bd0d0024cc7448661e8d0142d5d6
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.mxpnl.com js-agent.newrelic.com *.nr-data.net www.google.com www.gstatic.com cdn.optimizely.com *.google-analytics.com *.cloudfront.net; connect-src api.mixpanel.com; child-src www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.google-analytics.com certify.alexametrics.com cloudfront-labs.amazonaws.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://account.midtrans.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 27 Dec 2019 18:53:22 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
last-modified
Thu, 12 Dec 2019 08:43:43 GMT
server
cloudflare
access-control-allow-origin
*
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.mxpnl.com js-agent.newrelic.com *.nr-data.net www.google.com www.gstatic.com cdn.optimizely.com *.google-analytics.com *.cloudfront.net; connect-src api.mixpanel.com; child-src www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.google-analytics.com certify.alexametrics.com cloudfront-labs.amazonaws.com
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
cf-ray
54bd7f35dee19d24-AMS
content-length
45307
header-logo-7a777cb9b91e3b8c01a5ec16e2904521703b6349ade1b6dedb6dbf892b0e59ce.svg
account.midtrans.com/assets/logo/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.midtrans.com/assets/logo/header-logo-7a777cb9b91e3b8c01a5ec16e2904521703b6349ade1b6dedb6dbf892b0e59ce.svg
Requested by
Host: account.midtrans.com
URL: https://account.midtrans.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.43.37 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a777cb9b91e3b8c01a5ec16e2904521703b6349ade1b6dedb6dbf892b0e59ce
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.mxpnl.com js-agent.newrelic.com *.nr-data.net www.google.com www.gstatic.com cdn.optimizely.com *.google-analytics.com *.cloudfront.net; connect-src api.mixpanel.com; child-src www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.google-analytics.com certify.alexametrics.com cloudfront-labs.amazonaws.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://account.midtrans.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 27 Dec 2019 18:53:22 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
last-modified
Thu, 12 Dec 2019 08:43:43 GMT
server
cloudflare
access-control-allow-origin
*
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
content-security-policy
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.mxpnl.com js-agent.newrelic.com *.nr-data.net www.google.com www.gstatic.com cdn.optimizely.com *.google-analytics.com *.cloudfront.net; connect-src api.mixpanel.com; child-src www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.google-analytics.com certify.alexametrics.com cloudfront-labs.amazonaws.com
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-ray
54bd7f35dee29d24-AMS
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: account.midtrans.com
URL: https://account.midtrans.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://account.midtrans.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
1186
date
Fri, 27 Dec 2019 18:33:37 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Fri, 27 Dec 2019 20:33:37 GMT
atrk.js
d31qbv1cthcecs.cloudfront.net/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d31qbv1cthcecs.cloudfront.net/atrk.js
Requested by
Host: account.midtrans.com
URL: https://account.midtrans.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
90451ba3e82cd9db02f0ca76bd45d0ab5ef7e90a49da4215903cb7f08471e2e7

Request headers

Referer
https://account.midtrans.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 10 Oct 2019 00:37:14 GMT
Content-Encoding
gzip
Last-Modified
Sat, 16 Mar 2019 16:01:33 GMT
Server
AmazonS3
Age
6804970
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Via
1.1 86ef89199388021c33b079c598103b12.cloudfront.net (CloudFront)
Cache-Control
max-age=26920000
Transfer-Encoding
chunked
X-Amz-Cf-Pop
FRA53-C1
Connection
keep-alive
X-Amz-Cf-Id
tk2lEP8UgyTt4ndcObPsVBK3Lvf3U_FMbjOQS-GKt6EDJiwUcEwd7g==
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v13/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v13/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Origin
https://account.midtrans.com

Response headers

date
Thu, 21 Nov 2019 06:48:04 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:46:19 GMT
server
sffe
age
3153919
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
13324
x-xss-protection
0
expires
Fri, 20 Nov 2020 06:48:04 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v13/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v13/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
fc772b0188bc262494be9dc529c50893ae189110dfcad5a286512b737aef93b8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Origin
https://account.midtrans.com

Response headers

date
Fri, 20 Dec 2019 00:05:15 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:46:07 GMT
server
sffe
age
672488
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
13108
x-xss-protection
0
expires
Sat, 19 Dec 2020 00:05:15 GMT
atrk.gif
d5nxst8fruw4z.cloudfront.net/ 		43 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d5nxst8fruw4z.cloudfront.net/atrk.gif?account=0VtQk1a4SBe05T
Requested by
Host: account.midtrans.com
URL: https://account.midtrans.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.3 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-3.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://account.midtrans.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 26 Dec 2019 21:48:05 GMT
Via
1.1 850ccace60916919bf31313cb9176e01.cloudfront.net (CloudFront)
x-amz-meta-alexa-last-modified
20110117123941
Last-Modified
Mon, 17 Jan 2011 20:41:40 GMT
Server
AmazonS3
Age
75918
ETag
"221d8352905f2c38b3cb2bd191d630b0"
X-Cache
Hit from cloudfront
Content-Type
image/gif
X-Amz-Cf-Pop
FRA53-C1
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
Ngvuc1FtXRsCXhSot99D9e8Nqza6C5oAbsdE0WoJmh_Y7P6BqIki6g==
collect
www.google-analytics.com/r/ 		0
0
collect
www.google-analytics.com/r/ 		0
0
collect
stats.g.doubleclick.net/r/ 		0
0
collect
stats.g.doubleclick.net/r/ 		0
0
atrk.gif
certify.alexametrics.com/ 		43 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=MAP%20%7C%20Midtrans&time=1577472803335&time_zone_offset=-60&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=&host_url=https%3A%2F%2Faccount.midtrans.com%2Flogin&random_number=19085202875&sess_cookie=17ed16d216f48b4c206c2db66e5&sess_cookie_flag=1&user_cookie=17ed16d216f48b4c206c2db66e5&user_cookie_flag=1&dynamic=true&domain=veritrans.co.id&account=0VtQk1a4SBe05T&jsv=20130128&user_lang=en-US
Requested by
Host: account.midtrans.com
URL: https://account.midtrans.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.122 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-122.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://account.midtrans.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 26 Dec 2019 21:48:06 GMT
Via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-meta-alexa-last-modified
20110117123941
Last-Modified
Mon, 17 Jan 2011 20:41:40 GMT
Server
AmazonS3
Age
75918
ETag
"221d8352905f2c38b3cb2bd191d630b0"
X-Cache
Hit from cloudfront
Content-Type
image/gif
X-Amz-Cf-Pop
FRA53-C1
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
WhGu647PoyVYndZKekO9umpLKzOLzxdd3Kqiy8GrWTHQs_vtBPiPYg==
nr-1158.min.js
js-agent.newrelic.com/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1158.min.js
Requested by
Host: account.midtrans.com
URL: https://account.midtrans.com/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
005414ad9d93e4cb677b5e4f87112b0ff6d3731b414bc425bfa1bb94c99a081a

Request headers

Referer
https://account.midtrans.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 27 Dec 2019 18:53:23 GMT
content-encoding
gzip
x-amz-request-id
11FEE1152DB0EE3C
x-cache
HIT
status
200
content-length
10068
x-amz-id-2
MUaeQJa9hF5/JSfUD4HoWNAu5ysTiWs6VvC7g/Ta4x/G7YfoQETVwPPJE8AoOQqQ+YfklJB27WQ=
x-served-by
cache-hhn4041-HHN
last-modified
Wed, 18 Dec 2019 00:24:13 GMT
server
AmazonS3
x-timer
S1577472804.525716,VS0,VE0
etag
"0be8452b990e805f60431dce9e0279b2"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
3201
534502d1f9
bam.nr-data.net/1/ 		57 B
261 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/534502d1f9?a=22681843&v=1158.afc605b&to=cQtfTEJYXAlVFB8QU0EXWFdeRB8LVRE%3D&rst=3209&ref=https://account.midtrans.com/login&ap=11&be=1857&fe=3109&dc=2878&perf=%7B%22timing%22:%7B%22of%22:1577472800348,%22n%22:0,%22r%22:0,%22re%22:912,%22f%22:912,%22dn%22:912,%22dne%22:912,%22c%22:912,%22ce%22:912,%22rq%22:912,%22rp%22:1683,%22rpe%22:1853,%22dl%22:1685,%22di%22:2878,%22ds%22:2878,%22de%22:2891,%22dc%22:3108,%22l%22:3108,%22le%22:3109%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=2898&fcp=2898&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1158.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS
bam-6.nr-data.net
Software
/
Resource Hash
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Referer
https://account.midtrans.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/javascript;charset=ISO-8859-1
Content-Length
57
Expires
Thu, 01 Jan 1970 00:00:00 GMT
534502d1f9
bam.nr-data.net/events/1/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google-analytics.com
URL
https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1300132571&t=pageview&_s=1&dl=https%3A%2F%2Faccount.midtrans.com%2Flogin&ul=en-us&de=UTF-8&dt=MAP%20%7C%20Midtrans&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=906600424&gjid=1442530396&cid=562749123.1577472803&tid=UA-32232768-7&_gid=19948718.1577472803&_r=1&z=1592063304
Domain
www.google-analytics.com
URL
https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1300132571&t=pageview&_s=1&dl=https%3A%2F%2Faccount.midtrans.com%2Flogin&ul=en-us&de=UTF-8&dt=MAP%20%7C%20Midtrans&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEAB~&jid=518594298&gjid=954808040&cid=562749123.1577472803&tid=UA-85529823-1&_gid=19948718.1577472803&_r=1&z=1006250783
Domain
stats.g.doubleclick.net
URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-32232768-7&cid=562749123.1577472803&jid=906600424&_gid=19948718.1577472803&gjid=1442530396&_v=j79&z=1592063304
Domain
stats.g.doubleclick.net
URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85529823-1&cid=562749123.1577472803&jid=518594298&_gid=19948718.1577472803&gjid=954808040&_v=j79&z=1006250783
Domain
bam.nr-data.net
URL
https://bam.nr-data.net/events/1/534502d1f9?a=22681843&v=1158.afc605b&to=cQtfTEJYXAlVFB8QU0EXWFdeRB8LVRE%3D&rst=13207&ref=https://account.midtrans.com/login

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| NREUM object| newrelic function| __nr_require function| $ function| jQuery function| listToArray function| disableInputWith function| setTimezone function| mailcheck function| applyValidation function| validatePassword function| validatePasswordConf function| validateTel function| applySuggestedEamil function| onSubmitSignUp function| onSubmitPhone object| ErrorReporter object| Kicksend undefined| getElementsByClassName object| jQuery111008184705968256334 object| bowser object| jstz function| _ string| GoogleAnalyticsObject function| ga object| _atrk_opts object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| atrk boolean| _atrk_fired

6 Cookies

Domain/Path Name / Value
.midtrans.com/ Name: __cfduid
Value: d6f627f5af5c4ff8ed64d23b165c6b6ae1577472800
.midtrans.com/ Name: _gid
Value: GA1.2.19948718.1577472803
.midtrans.com/ Name: _gat_shared
Value: 1
.midtrans.com/ Name: _gat
Value: 1
.midtrans.com/ Name: _ga
Value: GA1.2.562749123.1577472803
account.midtrans.com/ Name: _muffin_session
Value: 53b5b28f3c7c3b4b1956876c45723397

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.mxpnl.com js-agent.newrelic.com *.nr-data.net www.google.com www.gstatic.com cdn.optimizely.com *.google-analytics.com *.cloudfront.net; connect-src api.mixpanel.com; child-src www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.google-analytics.com certify.alexametrics.com cloudfront-labs.amazonaws.com
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.midtrans.com
ajax.googleapis.com
bam.nr-data.net
certify.alexametrics.com
d31qbv1cthcecs.cloudfront.net
d5nxst8fruw4z.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
js-agent.newrelic.com
stats.g.doubleclick.net
www.google-analytics.com
bam.nr-data.net
stats.g.doubleclick.net
www.google-analytics.com
104.16.43.37
143.204.214.122
143.204.214.3
143.204.214.38
151.101.114.110
162.247.242.18
2a00:1450:4001:800::2003
2a00:1450:4001:806::200a
2a00:1450:4001:806::200e
2a00:1450:4001:809::200a
005414ad9d93e4cb677b5e4f87112b0ff6d3731b414bc425bfa1bb94c99a081a
58f46be8e10117bc47d77d92bfada93ca315bd0d0024cc7448661e8d0142d5d6
7a777cb9b91e3b8c01a5ec16e2904521703b6349ade1b6dedb6dbf892b0e59ce
89ac1771ea8d65a47a2e165b6e4697ad9cacda83315b9ddffbcb2e4782c128e6
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
90451ba3e82cd9db02f0ca76bd45d0ab5ef7e90a49da4215903cb7f08471e2e7
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
ca48eff00d1f888bea8c25a3ac9ac7290d0c02fd1ef207fd552d32cb72ed5cb8
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
fc5400d433a2abcdc94761717b3b758113dedd294255122ee8ff930863fb2036
fc772b0188bc262494be9dc529c50893ae189110dfcad5a286512b737aef93b8