urlscan.io logo urlscan.io
SecurityTrails logo

web-uat.itrade.cgs-cimb.co.id Open in urlscan Pro
202.165.39.134  Public Scan

Go To Rescan Add Verdict Report
URL: http://web-uat.itrade.cgs-cimb.co.id/
Submission: On March 16 via api from NL — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 6 HTTP transactions. The main IP is 202.165.39.134, located in Jakarta, Indonesia and belongs to CIRCLECOM-AS-ID-AP PT. Circlecom Nusantara Indonesia, ID. The main domain is web-uat.itrade.cgs-cimb.co.id.
This is the only time web-uat.itrade.cgs-cimb.co.id was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 202.165.39.134 17538 (CIRCLECOM...)
1 1 2400:52e0:1e0... 200325 (BUNNYCDN)
3 2606:4700::68... 13335 (CLOUDFLAR...)
6 2
Apex Domain
Subdomains		 Transfer
3 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 346
95 KB
3 cgs-cimb.co.id
web-uat.itrade.cgs-cimb.co.id
63 KB
1 rawgit.com
cdn.rawgit.com — Cisco Umbrella Rank: 13052
729 B
6 3
Domain Requested by
3 cdn.jsdelivr.net web-uat.itrade.cgs-cimb.co.id
cdn.jsdelivr.net
3 web-uat.itrade.cgs-cimb.co.id web-uat.itrade.cgs-cimb.co.id
1 cdn.rawgit.com 1 redirects
6 3

This site contains links to these domains. Also see Links.

Domain
webreport.itrade.cgs-cimb.co.id
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh

This page contains 1 frames:

Primary Page: http://web-uat.itrade.cgs-cimb.co.id/
Frame ID: 7169656E717BB0EDE8799C6AE00C4BF2
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Web Trading - Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/
Overall confidence: 100%
Detected patterns
  • <div[^>]+class="g-recaptcha"

Page Statistics

6
Requests

33 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

158 kB
Transfer

157 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://cdn.rawgit.com/resir014/Clear-Sans-Webfont/v1.1.1/css/clear-sans.css HTTP 301
  • https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
web-uat.itrade.cgs-cimb.co.id/ 		8 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://web-uat.itrade.cgs-cimb.co.id/
Protocol
HTTP/1.1
Server
202.165.39.134 Jakarta, Indonesia, ASN17538 (CIRCLECOM-AS-ID-AP PT. Circlecom Nusantara Indonesia, ID),
Reverse DNS
ip-134-39.circlecom.net.id
Software
/
Resource Hash
0cb11986ae314a9e5969f10bd29462f4214ab2c6751913fb436af163e421d6b8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
public, no-cache="Set-Cookie", max-age=0
Content-Length
8583
Content-Security-Policy
frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
Content-Type
text/html; charset=utf-8
Date
Sat, 16 Mar 2024 14:05:52 GMT
Expires
Sat, 16 Mar 2024 14:05:52 GMT
Feature-Policy
geolocation 'none'
Last-Modified
Sat, 16 Mar 2024 14:05:52 GMT
Referrer-Policy
no-referrer
Server
Strict-Transport-Security
max-age=31536000; includeSubdomains
Vary
*
X-ASPNETMVC-VERSION
X-AspNet-Version
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Xss-Protection
1; mode=block
clear-sans.css
cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/
Redirect Chain
  • https://cdn.rawgit.com/resir014/Clear-Sans-Webfont/v1.1.1/css/clear-sans.css
  • https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
Requested by
Host: web-uat.itrade.cgs-cimb.co.id
URL: http://web-uat.itrade.cgs-cimb.co.id/
Protocol
H2
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da26fc3b00b78c58f64f182b00c5fe13e8ff809dcde235cb29bd821f46b31d36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 14:11:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
189164
x-jsd-version
1.1.1
content-encoding
br
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220079-FRA, cache-lga21945-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"f53-ZfQwAHUYLf3RDjXrE9PgZVzYY4w"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OnYwgR9JE830MUdtpVon%2F32E9mQXecIivLfdACYSN7jCEwaW7db9DRCJUQ9IIR2R2qlIsS9qNkH47rGQCWHz8NNpzIeX%2FEgC%2FvlrwYaxKFtsLV%2BN%2F3OS%2BmJ7cME8rQi7aSFURHDN18Gviy6dyUc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
865555330de66562-AMS

Redirect headers

date
Sat, 16 Mar 2024 14:11:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cdn-edgestorageid
1081
age
81083
x-cache
MISS, HIT
cdn-cachedat
03/16/2024 14:11:30
cdn-pullzone
201235
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443", h3-29=":443", h3-27=":443"
content-length
115
x-served-by
cache-fra-eddf8230075-FRA, cache-chi-kigq8000160-CHI
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
301
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
location
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
access-control-allow-origin
*
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
access-control-expose-headers
*
cache-control
public, max-age=2592000
cdn-cache
EXPIRED
cdn-requestid
4fd7de5878ce876217588c95fe55b672
timing-allow-origin
*
cdn-requestcountrycode
NL
cdn-status
301
cdn-requestpullsuccess
True
Login.Custom.css
web-uat.itrade.cgs-cimb.co.id/WebTrading.Custom/ 		580 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://web-uat.itrade.cgs-cimb.co.id/WebTrading.Custom/Login.Custom.css?v=121
Requested by
Host: web-uat.itrade.cgs-cimb.co.id
URL: http://web-uat.itrade.cgs-cimb.co.id/
Protocol
HTTP/1.1
Server
202.165.39.134 Jakarta, Indonesia, ASN17538 (CIRCLECOM-AS-ID-AP PT. Circlecom Nusantara Indonesia, ID),
Reverse DNS
ip-134-39.circlecom.net.id
Software
/
Resource Hash
d6845cde56989682bc8af0f3b22da6e2f6408ffc4fcea41a0ec9db603282e7c0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubdomains
Content-Security-Policy
frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Fri, 23 Feb 2024 10:10:24 GMT
Server
X-ASPNET-VERSION
ETag
"e6e332844066da1:0"
Date
Sat, 16 Mar 2024 14:05:53 GMT
Content-Type
text/css
Feature-Policy
geolocation 'none'
Accept-Ranges
bytes
X-ASPNETMVC-VERSION
Content-Length
580
X-Xss-Protection
1; mode=block
itrade.png
web-uat.itrade.cgs-cimb.co.id/assets/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://web-uat.itrade.cgs-cimb.co.id/assets/itrade.png
Requested by
Host: web-uat.itrade.cgs-cimb.co.id
URL: http://web-uat.itrade.cgs-cimb.co.id/
Protocol
HTTP/1.1
Server
202.165.39.134 Jakarta, Indonesia, ASN17538 (CIRCLECOM-AS-ID-AP PT. Circlecom Nusantara Indonesia, ID),
Reverse DNS
ip-134-39.circlecom.net.id
Software
/
Resource Hash
a9c11f0ea7dd7a0029241cf0f9caedb69323f454c02c3efa5d7652eba8c1a1de
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubdomains
Content-Security-Policy
frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Fri, 23 Feb 2024 09:19:43 GMT
Server
X-ASPNET-VERSION
ETag
"96647d6f3966da1:0"
Date
Sat, 16 Mar 2024 14:05:53 GMT
Content-Type
image/png
Feature-Policy
geolocation 'none'
Accept-Ranges
bytes
X-ASPNETMVC-VERSION
Content-Length
53180
X-Xss-Protection
1; mode=block
ClearSans-Regular.woff2
cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/fonts/woff2-convert/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/fonts/woff2-convert/ClearSans-Regular.woff2
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
602358d68544ed2d54986ebd6ae716461cd6d68433e99f2e1ca63d2a284034c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
Origin
http://web-uat.itrade.cgs-cimb.co.id
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 14:11:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
169082
x-jsd-version
1.1.1
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
44664
x-served-by
cache-fra-eddf8230079-FRA, cache-lga21982-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"ae78-dQ4lN/o/zOn+gHju8wRHNMHS6gw"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t27LFGz6inJbBEz9wpj9gac%2FbC5i5NYWTGC9TXwf04QJkIk93SeEBW1%2FH14dYNdAtuZkQPJC2XOUI8Fooi1ywWpGf05K3SSIHnAPRotZiUst%2BSPfao1fGv20D5cz7C%2Bf5Ff1cbD8ZHLsAbWcMKM%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
cf-ray
86555538b9b366fe-AMS
ClearSans-Medium.woff2
cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/fonts/woff2-convert/ 		49 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/fonts/woff2-convert/ClearSans-Medium.woff2
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7a44d65de0fa865598d717bd575fb2eda490ed79d908a45e0677c2401c05f9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
Origin
http://web-uat.itrade.cgs-cimb.co.id
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 14:11:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
169082
x-jsd-version
1.1.1
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
49708
x-served-by
cache-fra-eddf8230076-FRA, cache-lga21961-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"c22c-0DywoECkmi9DXKoNsLoRBfN/+xs"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A2coiU3G1z58CGaX3zhiEsc%2BUL289Cs6Ks0Vs5loq7Aoy8KoquIOyuSlFO8OJm%2BC0%2BwL%2FJynSG%2BEwE%2FXhhDu8EgFaANhZaltSrsIxA6wshoDzJ8O6bNZFdXSP3XePBcUZIsQrqW3sfy72Hke4GM%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
cf-ray
86555538b9b766fe-AMS

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| isInvisible function| onUserFormKeyDown function| onPasswordFormKeyDown string| tsCodePublic

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block