bankmatching.cpf.co.th Open in urlscan Pro
18.138.196.35  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://bankmatching.cpf.co.th/ Page URL
2. https://bankmatching.cpf.co.th/login.html Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response bankmatching.cpf.co.th/	2 KB 1000 B	1249ms 225ms	Document text/html	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bankmatching.cpf.co.th/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 42bb7034515149a7c76e5e05909f9492f0edd9af854a4b725fe718f0a3bd0169 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-type text/html date Thu, 19 Jan 2023 02:27:48 GMT expires Wed, 19 Jan 2022 02:27:48 UTC last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	custom.css bankmatching.cpf.co.th/styles/web/css/	6 KB 6 KB	226ms 225ms	Stylesheet text/css	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bankmatching.cpf.co.th/styles/web/css/custom.css?637873634091398429 Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 437cddbda4c438d116ed31868621333500539568ffc5e790738a5b69ef6311a3 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://bankmatching.cpf.co.th/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Thu, 19 Jan 2023 02:27:48 GMT x-content-type-options nosniff last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-frame-options SAMEORIGIN content-type text/css cache-control max-age=31536000 content-length 6250 x-xss-protection 1; mode=block expires Fri, 19 Jan 2024 02:27:48 GMT
GET H2	200	main.css bankmatching.cpf.co.th/styles/web/css/	357 KB 357 KB	227ms 226ms	Stylesheet text/css	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bankmatching.cpf.co.th/styles/web/css/main.css?637873634091398429 Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 617186efd1a740d4bbcade9ad4101824ed8d9d79952aa3005dde5a005c291dca Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://bankmatching.cpf.co.th/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Thu, 19 Jan 2023 02:27:48 GMT x-content-type-options nosniff last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-frame-options SAMEORIGIN content-type text/css cache-control max-age=31536000 x-xss-protection 1; mode=block expires Fri, 19 Jan 2024 02:27:48 GMT
GET H2	200	mxui.js Show response bankmatching.cpf.co.th/mxclientsystem/mxui/	1 MB 1 MB	670ms 670ms	Script application/javascript	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bankmatching.cpf.co.th/mxclientsystem/mxui/mxui.js?637873634091398429 Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 833455b88aa5afd064554dfc67d881b1c2a9e0abe2e3b8323006d61a26b829f5 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://bankmatching.cpf.co.th/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Thu, 19 Jan 2023 02:27:48 GMT x-content-type-options nosniff last-modified Mon, 11 Apr 2022 15:30:29 UTC server nginx x-frame-options SAMEORIGIN content-type application/javascript cache-control max-age=31536000 x-xss-protection 1; mode=block expires Fri, 19 Jan 2024 02:27:48 GMT
GET H2	200	css fonts.googleapis.com/	10 KB 1 KB	150ms 56ms	Stylesheet text/css	2a00:1450:400d:80c::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700 Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/styles/web/css/main.css?637873634091398429 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://bankmatching.cpf.co.th/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Thu, 19 Jan 2023 02:27:49 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 19 Jan 2023 02:03:12 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 19 Jan 2023 02:27:49 GMT
GET H2	200	metamodel.json Show response bankmatching.cpf.co.th/	21 KB 21 KB	225ms 225ms	Fetch application/json	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bankmatching.cpf.co.th/metamodel.json?637873634091398429 Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/mxclientsystem/mxui/mxui.js?637873634091398429 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 501b038f574e8f0a5b07ecf93dd4c02daef7c65015f4d17ff313e68c3f3a0c55 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers x-mx-reqtoken 1674095270153-0 Referer https://bankmatching.cpf.co.th/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Thu, 19 Jan 2023 02:27:50 GMT x-content-type-options nosniff last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-frame-options SAMEORIGIN content-type application/json content-length 21393 x-xss-protection 1; mode=block expires Wed, 19 Jan 2022 02:27:50 UTC
GET DATA	200 OK	truncated /	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Content-Type image/gif
POST H2	401	/ bankmatching.cpf.co.th/xas/	2 B 0	224ms 224ms	Fetch application/json	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bankmatching.cpf.co.th/xas/ Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/mxclientsystem/mxui/mxui.js?637873634091398429 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash Request headers x-mx-reqtoken 1674095270395-1 accept application/json Referer https://bankmatching.cpf.co.th/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 content-type application/json Response headers date Thu, 19 Jan 2023 02:27:50 GMT cache-control no-store server nginx content-length 2 content-type application/json;charset=utf-8
GET H2	200	Primary Request login.html Show response bankmatching.cpf.co.th/	11 KB 4 KB	225ms 225ms	Document text/html	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bankmatching.cpf.co.th/login.html Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/mxclientsystem/mxui/mxui.js?637873634091398429 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 4c5f73003005d570c3d8c0484e227c81bb190f7014e67b502d58474e66b8baa1 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://bankmatching.cpf.co.th/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-type text/html date Thu, 19 Jan 2023 02:27:50 GMT expires Wed, 19 Jan 2022 02:27:50 UTC last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	main.css bankmatching.cpf.co.th/styles/web/css/	357 KB 357 KB	226ms 225ms	Stylesheet text/css	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bankmatching.cpf.co.th/styles/web/css/main.css?637873634091398429 Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 617186efd1a740d4bbcade9ad4101824ed8d9d79952aa3005dde5a005c291dca Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://bankmatching.cpf.co.th/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Thu, 19 Jan 2023 02:27:50 GMT x-content-type-options nosniff last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-frame-options SAMEORIGIN content-type text/css cache-control max-age=31536000 x-xss-protection 1; mode=block expires Fri, 19 Jan 2024 02:27:50 GMT
GET H2	200	bankmatching_v2.png bankmatching.cpf.co.th/resources/	23 KB 23 KB	227ms 226ms	Image image/png	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://bankmatching.cpf.co.th/resources/bankmatching_v2.png Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 4a4a0993eab21b310b6828aefb289ebdd1325df117ee0cfb6ba8a8b4998d8899 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://bankmatching.cpf.co.th/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Thu, 19 Jan 2023 02:27:50 GMT x-content-type-options nosniff last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-frame-options SAMEORIGIN content-type image/png content-length 23742 x-xss-protection 1; mode=block expires Wed, 19 Jan 2022 02:27:50 UTC
GET H2	200	login_i18n.js Show response bankmatching.cpf.co.th/js/	716 B 963 B	224ms 224ms	Script application/javascript	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bankmatching.cpf.co.th/js/login_i18n.js?637873634091398429 Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 093714050ae6981a94e38235a1e16cfcde7105db44be1d5888798acc159d0cac Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://bankmatching.cpf.co.th/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Thu, 19 Jan 2023 02:27:50 GMT x-content-type-options nosniff last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-frame-options SAMEORIGIN content-type application/javascript cache-control max-age=31536000 content-length 716 x-xss-protection 1; mode=block expires Fri, 19 Jan 2024 02:27:50 GMT
GET H2	200	login.js Show response bankmatching.cpf.co.th/js/	5 KB 5 KB	225ms 224ms	Script application/javascript	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bankmatching.cpf.co.th/js/login.js?637873634091398429 Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 4b923a9c752c0c981859204f0601492f2e3faaf12d07bb67d860c6a2593803ad Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://bankmatching.cpf.co.th/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Thu, 19 Jan 2023 02:27:50 GMT x-content-type-options nosniff last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-frame-options SAMEORIGIN content-type application/javascript cache-control max-age=31536000 content-length 4722 x-xss-protection 1; mode=block expires Fri, 19 Jan 2024 02:27:50 GMT
GET H2	200	css fonts.googleapis.com/	10 KB 851 B	56ms 56ms	Stylesheet text/css	2a00:1450:400d:80c::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700 Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/styles/web/css/main.css?637873634091398429 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://bankmatching.cpf.co.th/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Thu, 19 Jan 2023 02:27:51 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 19 Jan 2023 02:06:44 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 19 Jan 2023 02:27:51 GMT
GET H2	200	frame1.png bankmatching.cpf.co.th/resources/	4 KB 4 KB	225ms 224ms	Image image/png	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://bankmatching.cpf.co.th/resources/frame1.png Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 74161a20cdd1631579bf5ab11d1195534d8a98ad93927acdde4e4f6e81988d4f Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://bankmatching.cpf.co.th/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Thu, 19 Jan 2023 02:27:51 GMT x-content-type-options nosniff last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-frame-options SAMEORIGIN content-type image/png content-length 4370 x-xss-protection 1; mode=block expires Wed, 19 Jan 2022 02:27:51 UTC
GET H2	200	frame2.png bankmatching.cpf.co.th/resources/	4 KB 4 KB	225ms 225ms	Image image/png	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://bankmatching.cpf.co.th/resources/frame2.png Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/login.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash 70e627e84656bfc6d140f0cad3654f2ed0ad928fe371da2cb2622eb35c518b72 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://bankmatching.cpf.co.th/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Thu, 19 Jan 2023 02:27:51 GMT x-content-type-options nosniff last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-frame-options SAMEORIGIN content-type image/png content-length 4100 x-xss-protection 1; mode=block expires Wed, 19 Jan 2022 02:27:51 UTC
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v34/	44 KB 44 KB	125ms 34ms	Font font/woff2	2a00:1450:400d:80a::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://bankmatching.cpf.co.th accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Mon, 16 Jan 2023 18:50:55 GMT x-content-type-options nosniff age 200216 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 44856 x-xss-protection 0 last-modified Mon, 15 Aug 2022 18:20:18 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 16 Jan 2024 18:50:55 GMT
GET H2	200	glyphicons-halflings-regular.woff2 bankmatching.cpf.co.th/styles/web/css/fonts/	18 KB 18 KB	225ms 225ms	Font font/woff2	18.138.196.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bankmatching.cpf.co.th/styles/web/css/fonts/glyphicons-halflings-regular.woff2 Requested by Host: bankmatching.cpf.co.th URL: https://bankmatching.cpf.co.th/styles/web/css/main.css?637873634091398429 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.138.196.35 , Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-138-196-35.ap-southeast-1.compute.amazonaws.com Software nginx / Resource Hash fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://bankmatching.cpf.co.th/styles/web/css/main.css?637873634091398429 Origin https://bankmatching.cpf.co.th accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers date Thu, 19 Jan 2023 02:27:51 GMT x-content-type-options nosniff last-modified Thu, 05 May 2022 11:02:42 UTC server nginx x-frame-options SAMEORIGIN content-type font/woff2 content-length 18028 x-xss-protection 1; mode=block expires Wed, 19 Jan 2022 02:27:51 UTC

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| i18nMap function| togglePassword

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bankmatching.cpf.co.th/	1970-01-20 17:47:11	Name: originURI Value: /login.html

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bankmatching.cpf.co.th/xas/ Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bankmatching.cpf.co.th
fonts.googleapis.com
fonts.gstatic.com
18.138.196.35
2a00:1450:400d:80a::2003
2a00:1450:400d:80c::200a
093714050ae6981a94e38235a1e16cfcde7105db44be1d5888798acc159d0cac
42bb7034515149a7c76e5e05909f9492f0edd9af854a4b725fe718f0a3bd0169
437cddbda4c438d116ed31868621333500539568ffc5e790738a5b69ef6311a3
4a4a0993eab21b310b6828aefb289ebdd1325df117ee0cfb6ba8a8b4998d8899
4b923a9c752c0c981859204f0601492f2e3faaf12d07bb67d860c6a2593803ad
4c5f73003005d570c3d8c0484e227c81bb190f7014e67b502d58474e66b8baa1
501b038f574e8f0a5b07ecf93dd4c02daef7c65015f4d17ff313e68c3f3a0c55
617186efd1a740d4bbcade9ad4101824ed8d9d79952aa3005dde5a005c291dca
6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328
70e627e84656bfc6d140f0cad3654f2ed0ad928fe371da2cb2622eb35c518b72
74161a20cdd1631579bf5ab11d1195534d8a98ad93927acdde4e4f6e81988d4f
833455b88aa5afd064554dfc67d881b1c2a9e0abe2e3b8323006d61a26b829f5
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c