URL: https://secure23uat.nmpaas.com/
Submission: On January 13 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 8 IPs in 4 countries across 7 domains to perform 17 HTTP transactions. The main IP is 13.32.27.8, located in United States and belongs to AMAZON-02, US. The main domain is secure23uat.nmpaas.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on January 13th 2023. Valid for: a year.
This is the only time secure23uat.nmpaas.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 13.32.27.8 16509 (AMAZON-02)
1 143.204.215.67 16509 (AMAZON-02)
2 2600:9000:206... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 13.234.206.238 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
17 8
Apex Domain
Subdomains
Transfer
6 nmpaas.com
secure23uat.nmpaas.com
3 MB
5 google.com
apis.google.com — Cisco Umbrella Rank: 95
accounts.google.com — Cisco Umbrella Rank: 73
311 KB
2 wzrkt.com
in1.wzrkt.com — Cisco Umbrella Rank: 23004
2 KB
1 errorception.com
beacon.errorception.com — Cisco Umbrella Rank: 69804
3 KB
1 gstatic.com
www.gstatic.com
35 KB
1 niyomoney.com
www.niyomoney.com
14 KB
1 cloudfront.net
d2r1yp2w7bby2u.cloudfront.net
16 KB
17 7
Domain Requested by
6 secure23uat.nmpaas.com secure23uat.nmpaas.com
3 accounts.google.com apis.google.com
secure23uat.nmpaas.com
www.gstatic.com
2 apis.google.com secure23uat.nmpaas.com
2 in1.wzrkt.com d2r1yp2w7bby2u.cloudfront.net
1 beacon.errorception.com secure23uat.nmpaas.com
1 www.gstatic.com accounts.google.com
1 www.niyomoney.com secure23uat.nmpaas.com
1 d2r1yp2w7bby2u.cloudfront.net secure23uat.nmpaas.com
17 8

This site contains no links.

Subject Issuer Validity Valid
secure23uat.nmpaas.com
Amazon RSA 2048 M01
2023-01-13 -
2024-02-11
a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2022-12-08 -
2023-12-07
a year crt.sh
in1.wzrkt.com
Amazon
2022-04-06 -
2023-05-05
a year crt.sh
*.apis.google.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
*.niyomoney.com
Go Daddy Secure Certificate Authority - G2
2022-04-21 -
2023-04-02
a year crt.sh
accounts.google.com
GTS CA 1C3
2022-12-12 -
2023-03-06
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-12-12 -
2023-03-06
3 months crt.sh
*.google.com
GTS CA 1C3
2022-12-12 -
2023-03-06
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-05-23 -
2023-05-23
a year crt.sh

This page contains 2 frames:

Primary Page: https://secure23uat.nmpaas.com/
Frame ID: BA5D5787EE54AB9EBEA2C6B9A760A942
Requests: 13 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 953430B3C00BDE9FB0297D72ECE48867
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

Web Onboarding

Detected technologies

Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js

Page Statistics

17
Requests

100 %
HTTPS

63 %
IPv6

7
Domains

8
Subdomains

8
IPs

4
Countries

3141 kB
Transfer

3241 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
secure23uat.nmpaas.com/
7 KB
7 KB
Document
General
Full URL
https://secure23uat.nmpaas.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-8.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
119a75b0fe11b2e17c65ea4c3fccb4d719d02fbfe842d39dbc3ea44e541bb35c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
6780
content-type
text/html
date
Fri, 13 Jan 2023 11:22:18 GMT
etag
"87b30cde4f63e9eb5002be3752e9a37d"
last-modified
Wed, 28 Dec 2022 11:15:43 GMT
server
AmazonS3
via
1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
x-amz-cf-id
7cZELb3M-kjOsShC0HbjAqsBKTOR1B1EslbEk0y4yLn0udKuGq9-lg==
x-amz-cf-pop
FRA56-C2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
main.3e3c35f0.js
secure23uat.nmpaas.com/static/js/
3 MB
3 MB
Script
General
Full URL
https://secure23uat.nmpaas.com/static/js/main.3e3c35f0.js
Requested by
Host: secure23uat.nmpaas.com
URL: https://secure23uat.nmpaas.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-8.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
55b46f5532339c67d9a2780dfe66629d4f52cf4f9517477d503f274b3798f62c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Fri, 13 Jan 2023 11:22:18 GMT
via
1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
last-modified
Wed, 28 Dec 2022 11:15:41 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"ba6605b35cdbd8f1cacfde128f33e34c"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
2802297
x-amz-cf-id
PrpP7TXkEyoV4AJ1UnTbsxeViKs9BqZ5owj59kDEsA-eB_GBjGbLBg==
main.43c77989.css
secure23uat.nmpaas.com/static/css/
8 KB
8 KB
Stylesheet
General
Full URL
https://secure23uat.nmpaas.com/static/css/main.43c77989.css
Requested by
Host: secure23uat.nmpaas.com
URL: https://secure23uat.nmpaas.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-8.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
55b61ddaba76e01cb7d7828bcbdca72879d567ccbcdc57b91d7f1bfb7630e304

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Fri, 13 Jan 2023 11:22:18 GMT
via
1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
last-modified
Wed, 28 Dec 2022 11:15:41 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"d99f728585b54702ca415356f27b5d55"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
8344
x-amz-cf-id
4OjHcanN_LFfGPTWgSIR_H06ccY9KARInUdXHWQRGkLXO3VzjMO5BA==
a.js
d2r1yp2w7bby2u.cloudfront.net/js/
45 KB
16 KB
Script
General
Full URL
https://d2r1yp2w7bby2u.cloudfront.net/js/a.js
Requested by
Host: secure23uat.nmpaas.com
URL: https://secure23uat.nmpaas.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-67.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
49a8f325c9e04a943313b226fa05cba7fb2016ebeb369b6d26990ebed5554e74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Fri, 13 Jan 2023 11:13:38 GMT
Content-Encoding
gzip
Via
1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
Last-Modified
Thu, 12 Jan 2023 05:43:30 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA53-C1
Age
520
ETag
W/"59198cf86d74f4ff2164d6d7d4c1f774"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
X-Cache
Hit from cloudfront
Cache-Control
max-age=1800, private
Connection
keep-alive
X-Amz-Cf-Id
Dk1yjmlkuGuVmWcFfkiIALEwE8ZxKGU4n0LIO29YpRptibkCuoHlqg==
a
in1.wzrkt.com/
286 B
814 B
Script
General
Full URL
https://in1.wzrkt.com/a?t=96&type=push&d=N4IgLgngDgpiBcIoCcD2AzAlgGzgGiTS1wVAGMwB9VKMVAVzAXQENsBnGAXwMwBMEIACoBRAMpCAtABYAbLMkAtWQHZJATmWKQBKAHMEARi5AA%3D%3D&optOut=false&rn=1&i=1673608937&sn=0&useIP=false&r=1673608937437
Requested by
Host: d2r1yp2w7bby2u.cloudfront.net
URL: https://d2r1yp2w7bby2u.cloudfront.net/js/a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:6200:16:b4a8:d400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
95c29048838e0d1854bd7438797f1f9ac7c06fdfe095ea67033f353ffc09e09f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 13 Jan 2023 11:22:17 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Encoding
gzip
Via
1.1 cc6cd0f2b9d4d88785ea5a737059a4fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
VIE50-C1
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript;charset=utf-8
Vary
Accept-Encoding, User-Agent
X-Cache
Miss from cloudfront
Cache-Control
no-cache, no-store, no-cache, no-store
Connection
keep-alive
X-Amz-Cf-Id
1p27yTQCWR__akdZnXjr7IHPOwS4XthaySKRY-E9zxRPuM131AQxZw==
Expires
0
a
in1.wzrkt.com/
274 B
821 B
Script
General
Full URL
https://in1.wzrkt.com/a?t=96&type=page&d=N4IglgJiBcICoFEDKcC0AWAbJ1AtTA7KgJz64gA0IADgOYwCMVAxnTCABYAuX1AztAD0gvgFNmAVwBOogEwBmCQEMuAOgB2AW2pKlfVcwD2mwZRAB1XACUA0gH0AwgEEAsgAUYoAO7aYABiouABtmGABtAF0AXyigAA%3D&rn=2&i=1673608937&sn=0&gc=648534ec66a245c2b05a4c6a1454716c&arp=N4IgVg%2BgdiBcIC0DuBeFIA0ICW06IFsALKAUwHMBNAUUxABMIAXAZzgAYt6iOsA3OAEYskNvGAACAL51s9fABYAbEoC0CJQHZVATg0I6pZmM4gATsaFaAzEvYAOHdc1SgAA%3D&useIP=false&r=1673608937692
Requested by
Host: d2r1yp2w7bby2u.cloudfront.net
URL: https://d2r1yp2w7bby2u.cloudfront.net/js/a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:6200:16:b4a8:d400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
77187b35d797e855d9a13b924c371e47062ea05e090bf0fab91b773a65d51d3c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 13 Jan 2023 11:22:17 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Encoding
gzip
Via
1.1 cc6cd0f2b9d4d88785ea5a737059a4fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
VIE50-C1
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript;charset=utf-8
Vary
Accept-Encoding, User-Agent
X-Cache
Miss from cloudfront
Cache-Control
no-cache, no-store, no-cache, no-store
Connection
keep-alive
X-Amz-Cf-Id
uFkaEa6FTeAuEATb3TzWce-IoIZOic7Pym6w04QkbwVGaAV6qs4wKA==
Expires
0
api.js
apis.google.com/js/
17 KB
7 KB
Script
General
Full URL
https://apis.google.com/js/api.js
Requested by
Host: secure23uat.nmpaas.com
URL: https://secure23uat.nmpaas.com/static/js/main.3e3c35f0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e0be6e128dd58edd11961625cf917b5f322aad95e5c5fcc04907ff08bbc3ca59
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 13 Jan 2023 11:22:19 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6893
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"1dad2ebfba88234b"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 13 Jan 2023 11:22:19 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.pt_BR.l4Bv_WkVC6g.O/m=auth2,client/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOuH5S2uqmF6E8zOW7n3yiqiwhzNQ/
301 KB
301 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.pt_BR.l4Bv_WkVC6g.O/m=auth2,client/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOuH5S2uqmF6E8zOW7n3yiqiwhzNQ/cb=gapi.loaded_0
Requested by
Host: secure23uat.nmpaas.com
URL: https://secure23uat.nmpaas.com/static/js/main.3e3c35f0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d210709f5f638e192d493f1d872b07587b89a17e289826657c1801039b82bdf2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 11 Jan 2023 04:47:09 GMT
x-content-type-options
nosniff
age
196509
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
307797
x-xss-protection
0
last-modified
Thu, 19 Nov 2020 17:03:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 11 Jan 2024 04:47:09 GMT
reverseWave.de78c24186c8e036ccb32bdf96d51f45.svg
secure23uat.nmpaas.com/static/media/
2 KB
2 KB
Image
General
Full URL
https://secure23uat.nmpaas.com/static/media/reverseWave.de78c24186c8e036ccb32bdf96d51f45.svg
Requested by
Host: secure23uat.nmpaas.com
URL: https://secure23uat.nmpaas.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-8.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
597bf0580dda8725392014fcb5401754636bf83ee5d809d56416eb70f8ffa18f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Fri, 13 Jan 2023 11:22:20 GMT
via
1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
last-modified
Wed, 28 Dec 2022 11:15:43 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"41e704581fcbc57acc5538f3798255dc"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
image/svg+xml
accept-ranges
bytes
content-length
1857
x-amz-cf-id
aT6HO5LqgWSECATt-VZjHjuGoAzEWWlwBl61BHAKdWmkzBLmfpY6Iw==
Niyo_Money_white.png
www.niyomoney.com/gw-web-assets/img/niyo-money/
15 KB
14 KB
Image
General
Full URL
https://www.niyomoney.com/gw-web-assets/img/niyo-money/Niyo_Money_white.png
Requested by
Host: secure23uat.nmpaas.com
URL: https://secure23uat.nmpaas.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.234.206.238 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-234-206-238.ap-south-1.compute.amazonaws.com
Software
/
Resource Hash
d762c15a6f2d5aa2e33f113c09a6700b3d02eb1b4e6862ea095324d3a2c4c6a1
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Fri, 13 Jan 2023 11:22:19 GMT
content-encoding
gzip
strict-transport-security
max-age=16070400; includeSubDomains
last-modified
Fri, 06 Nov 2020 16:05:35 GMT
etag
W/"5fa5744f-3bf2"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800, private, must-revalidate, proxy-revalidate
expires
Fri, 20 Jan 2023 11:22:19 GMT
google-icon.0faab3abd8459e996c7142aaa3f8e2b3.svg
secure23uat.nmpaas.com/static/media/
1 KB
1 KB
Image
General
Full URL
https://secure23uat.nmpaas.com/static/media/google-icon.0faab3abd8459e996c7142aaa3f8e2b3.svg
Requested by
Host: secure23uat.nmpaas.com
URL: https://secure23uat.nmpaas.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-8.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fd4b4d816eba8642d8da913ec417de452267b767f6565bd45a858cd75a4bc19a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Fri, 13 Jan 2023 11:22:20 GMT
via
1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
last-modified
Wed, 28 Dec 2022 11:15:42 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"7416b61f2f3ff4ce12d7cd200ac3d399"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
image/svg+xml
accept-ranges
bytes
content-length
1157
x-amz-cf-id
QPRYhzPLNKTCESlasyLJcYBoox4EF4ZY6Tyc1bLpxJWBVkq5KOMA3w==
wave.99e33c851e95288384cc384968508eff.svg
secure23uat.nmpaas.com/static/media/
2 KB
2 KB
Image
General
Full URL
https://secure23uat.nmpaas.com/static/media/wave.99e33c851e95288384cc384968508eff.svg
Requested by
Host: secure23uat.nmpaas.com
URL: https://secure23uat.nmpaas.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-8.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
91c79abeb5d97407a9d7a084c4d25f42990c0ee46777586391b5d617bed3059d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Fri, 13 Jan 2023 11:22:20 GMT
via
1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
last-modified
Wed, 28 Dec 2022 11:15:43 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"91731303cea54fdaa1e717258e99e67a"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
image/svg+xml
accept-ranges
bytes
content-length
1855
x-amz-cf-id
_AHLoBt_g_l6TJ_noD-wo501BsOCDj9p3ONxb_DXsmmn6pNrx0KR3w==
iframe
accounts.google.com/o/oauth2/ Frame 9534
280 B
1 KB
Document
General
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.pt_BR.l4Bv_WkVC6g.O/m=auth2,client/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOuH5S2uqmF6E8zOW7n3yiqiwhzNQ/cb=gapi.loaded_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
719b0b6b1791150d996e4097839f99c01b39eae73fa7bd90621fd04c1ca67fe2
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-ROgZ_dAs0cN8DZ4AE5C3wA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://secure23uat.nmpaas.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-ROgZ_dAs0cN8DZ4AE5C3wA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Fri, 13 Jan 2023 11:22:19 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
server
ESF
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-xss-protection
0
cspreport
accounts.google.com/_/IdpIFrameHttp/ Frame 9534
2 KB
913 B
Other
General
Full URL
https://accounts.google.com/_/IdpIFrameHttp/cspreport
Requested by
Host: secure23uat.nmpaas.com
URL: https://secure23uat.nmpaas.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7bdc794b23af16bc4ec5b01ea5ddc56a5b57d8a81bf8e58978a14a938328682e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Fri, 13 Jan 2023 11:22:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
m=base
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.p3aLoM3CVsc.es5.O/d=1/rs=AOaEmlGWpo6Bkh4GUBZ4Y-spI0W7MEIIww/ Frame 9534
100 KB
35 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.p3aLoM3CVsc.es5.O/d=1/rs=AOaEmlGWpo6Bkh4GUBZ4Y-spI0W7MEIIww/m=base
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8563827f413560646f5c738b68f52ed0b803500e6e7c5e8a7b906ddfbc6e2ba7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 06:39:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
276176
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35061
x-xss-protection
0
last-modified
Sat, 07 Jan 2023 03:40:23 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 10 Jan 2024 06:39:23 GMT
iframerpc
accounts.google.com/o/oauth2/ Frame 9534
49 B
98 B
XHR
General
Full URL
https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fsecure23uat.nmpaas.com&client_id=887012426450-e49juc8bnu95kf6ocjeh3hv7c8sqnnf0.apps.googleusercontent.com
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.p3aLoM3CVsc.es5.O/d=1/rs=AOaEmlGWpo6Bkh4GUBZ4Y-spI0W7MEIIww/m=base
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0b233ef74e66bceb574d4c8ea432703b8bbdfbc6e5d0e5f6c14cf191799d63c7
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-VuiSAPEVWSddaM-G5bWliw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
X-Requested-With
XmlHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Fri, 13 Jan 2023 11:22:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
script-src 'report-sample' 'nonce-VuiSAPEVWSddaM-G5bWliw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
content-encoding
gzip
cross-origin-embedder-policy
require-corp
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site, Origin
content-type
application/json; charset=utf-8
cache-control
private, max-age=3600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Fri, 13 Jan 2023 11:22:19 GMT
584e4ec98428d1e331000351.js
beacon.errorception.com/
4 KB
3 KB
Script
General
Full URL
https://beacon.errorception.com/584e4ec98428d1e331000351.js
Requested by
Host: secure23uat.nmpaas.com
URL: https://secure23uat.nmpaas.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a591b988e535760d9411c71d40928d3f9ff1fa71efceab321ac7bd2220a281f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://secure23uat.nmpaas.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
public
date
Fri, 13 Jan 2023 11:22:19 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 17 Mar 2019 07:14:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
3405
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4lMXGESL1y8rfPhoRXjOhicKYddSHKBBUwgya9QPJLjRu%2BMUgtsHMnMjqIY7crBtqHqILar4wVw5buqWdqy2o%2FTNVi1EYEV4ru8HO7PpfViv1iSITGo419EDuonRt4ICC%2F4BmD0ttyRVRpmly%2FEQs1%2BI67ppQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
public, max-age=3600
cf-ray
788dc0e0bae39b86-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange object| clevertap function| onDeviceReady function| onBackKeyDown object| _errs function| tokenReceivedFromNative object| loading function| sendNewToken function| getTokenForDigiLocker function| startLiveliness function| loadingImageCaptured function| loadingLivelinessCompleted function| loadingTokenReceivedForDigiLocker function| getFilesFromNative function| loadingFileReceivedFromNative function| exitFromPWA function| goToDashboard function| showHideAppInboxIcon object| loadingAppInbox function| getPressedLink function| shareVia object| bottomSheetStack function| clearStates function| onBackPressed function| hitDeeplink function| removeBottomSheet object| wizrocket object| $WZRK_WR object| $CLTP_WR object| webpackChunknm_web object| __core-js_shared__ number| 2f1acc6c3a606b082e5eef5e54414ffb object| gapi object| ___jsl object| gadgets object| osapi object| oauth2 object| shindig object| googleapis object| iframer object| __gapi_jstiming__ function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow

4 Cookies

Domain/Path Name / Value
.nmpaas.com/ Name: WZRK_G
Value: 648534ec66a245c2b05a4c6a1454716c
.nmpaas.com/ Name: WZRK_S_TEST-466-Z67-9Z6Z
Value: %7B%22p%22%3A1%2C%22s%22%3A1673608937%2C%22t%22%3A1673608937%7D
.secure23uat.nmpaas.com/ Name: G_ENABLED_IDPS
Value: google
.google.com/ Name: NID
Value: 511=mdthhSYjKQgzNDAGTUV7lZXNBxQNwPhsQ1TV5NO7BIglEv9KvOXCSqkYojSMVx0xH_qa2FAnEo5zB6ydlyd2yzrxvN7CB4BnD8Xl_uXXnLnKXrYhfDb3se61ljgKbVWNX1ihmOCflKR-t86yWP99nZUY4005OGmbyJwp5tqVj0E

3 Console Messages

Source Level URL
Text
security warning URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.pt_BR.l4Bv_WkVC6g.O/m=auth2,client/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOuH5S2uqmF6E8zOW7n3yiqiwhzNQ/cb=gapi.loaded_0(Line 278)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://accounts.google.com/_/IdpIFrameHttp/cspreport
Message:
Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
apis.google.com
beacon.errorception.com
d2r1yp2w7bby2u.cloudfront.net
in1.wzrkt.com
secure23uat.nmpaas.com
www.gstatic.com
www.niyomoney.com
13.234.206.238
13.32.27.8
143.204.215.67
2600:9000:206e:6200:16:b4a8:d400:93a1
2a00:1450:4001:827::200d
2a00:1450:4001:82b::200e
2a00:1450:400d:808::2003
2a06:98c1:3121::c
0b233ef74e66bceb574d4c8ea432703b8bbdfbc6e5d0e5f6c14cf191799d63c7
119a75b0fe11b2e17c65ea4c3fccb4d719d02fbfe842d39dbc3ea44e541bb35c
49a8f325c9e04a943313b226fa05cba7fb2016ebeb369b6d26990ebed5554e74
4a591b988e535760d9411c71d40928d3f9ff1fa71efceab321ac7bd2220a281f
55b46f5532339c67d9a2780dfe66629d4f52cf4f9517477d503f274b3798f62c
55b61ddaba76e01cb7d7828bcbdca72879d567ccbcdc57b91d7f1bfb7630e304
597bf0580dda8725392014fcb5401754636bf83ee5d809d56416eb70f8ffa18f
719b0b6b1791150d996e4097839f99c01b39eae73fa7bd90621fd04c1ca67fe2
77187b35d797e855d9a13b924c371e47062ea05e090bf0fab91b773a65d51d3c
7bdc794b23af16bc4ec5b01ea5ddc56a5b57d8a81bf8e58978a14a938328682e
8563827f413560646f5c738b68f52ed0b803500e6e7c5e8a7b906ddfbc6e2ba7
91c79abeb5d97407a9d7a084c4d25f42990c0ee46777586391b5d617bed3059d
95c29048838e0d1854bd7438797f1f9ac7c06fdfe095ea67033f353ffc09e09f
d210709f5f638e192d493f1d872b07587b89a17e289826657c1801039b82bdf2
d762c15a6f2d5aa2e33f113c09a6700b3d02eb1b4e6862ea095324d3a2c4c6a1
e0be6e128dd58edd11961625cf917b5f322aad95e5c5fcc04907ff08bbc3ca59
fd4b4d816eba8642d8da913ec417de452267b767f6565bd45a858cd75a4bc19a