urlscan.io logo urlscan.io
SecurityTrails logo

web-uat.itrade.cgsi.co.id Open in urlscan Pro
202.165.39.134  Public Scan

Go To Rescan Add Verdict Report
URL: https://web-uat.itrade.cgsi.co.id/
Submission: On May 02 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 7 HTTP transactions. The main IP is 202.165.39.134, located in Jakarta, Indonesia and belongs to CIRCLECOM-AS-ID-AP PT. Circlecom Nusantara Indonesia, ID. The main domain is web-uat.itrade.cgsi.co.id.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on February 12th 2024. Valid for: a year.
This is the only time web-uat.itrade.cgsi.co.id was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 202.165.39.134 17538 (CIRCLECOM...)
1 1 2400:52e0:1e0... 200325 (BUNNYCDN)
1 2a04:4e42:400... 54113 (FASTLY)
2 151.101.1.229 54113 (FASTLY)
7 3
Apex Domain
Subdomains		 Transfer
4 cgsi.co.id
web-uat.itrade.cgsi.co.id
63 KB
3 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 310
94 KB
1 rawgit.com
cdn.rawgit.com — Cisco Umbrella Rank: 13470
728 B
7 3
Domain Requested by
4 web-uat.itrade.cgsi.co.id web-uat.itrade.cgsi.co.id
3 cdn.jsdelivr.net web-uat.itrade.cgsi.co.id
cdn.jsdelivr.net
1 cdn.rawgit.com 1 redirects
7 3

This site contains links to these domains. Also see Links.

Domain
webreport.itrade.cgs-cimb.co.id
Subject Issuer Validity Valid
*.itrade.cgsi.co.id
Sectigo RSA Domain Validation Secure Server CA		 2024-02-12 -
2025-02-11		 a year crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://web-uat.itrade.cgsi.co.id/
Frame ID: 7C9C5FCA999DA08660A19DBAD36BCE23
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Web Trading - Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/
Overall confidence: 100%
Detected patterns
  • <div[^>]+class="g-recaptcha"

Page Statistics

7
Requests

86 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

157 kB
Transfer

158 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://cdn.rawgit.com/resir014/Clear-Sans-Webfont/v1.1.1/css/clear-sans.css HTTP 301
  • https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
web-uat.itrade.cgsi.co.id/ 		8 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web-uat.itrade.cgsi.co.id/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.165.39.134 Jakarta, Indonesia, ASN17538 (CIRCLECOM-AS-ID-AP PT. Circlecom Nusantara Indonesia, ID),
Reverse DNS
ip-134-39.circlecom.net.id
Software
/
Resource Hash
8de0a31299f6cc729ecdad1ac470f23946254686cacc75de29f094799c962496
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
public, max-age=0
content-length
8583
content-security-policy
frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
content-type
text/html; charset=utf-8
date
Thu, 02 May 2024 14:18:30 GMT
expires
Thu, 02 May 2024 14:18:29 GMT
feature-policy
geolocation 'none'
last-modified
Thu, 02 May 2024 14:18:29 GMT
referrer-policy
no-referrer
server
strict-transport-security
max-age=31536000; includeSubdomains
vary
*
x-aspnet-version
x-aspnetmvc-version
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
clear-sans.css
cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/
Redirect Chain
  • https://cdn.rawgit.com/resir014/Clear-Sans-Webfont/v1.1.1/css/clear-sans.css
  • https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
4 KB
1010 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
Requested by
Host: web-uat.itrade.cgsi.co.id
URL: https://web-uat.itrade.cgsi.co.id/
Protocol
H2
Server
2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
da26fc3b00b78c58f64f182b00c5fe13e8ff809dcde235cb29bd821f46b31d36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 02 May 2024 14:24:11 GMT
x-content-type-options
nosniff
content-encoding
br
age
2098161
x-jsd-version
1.1.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
546
x-served-by
cache-fra-etou8220079-FRA, cache-mxp6963-MXP
x-jsd-version-type
version
etag
W/"f53-ZfQwAHUYLf3RDjXrE9PgZVzYY4w"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*

Redirect headers

date
Thu, 02 May 2024 14:24:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cdn-edgestorageid
1081
age
77160
x-cache
MISS, HIT
cdn-cachedat
05/02/2024 14:24:11
cdn-pullzone
201235
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443", h3-29=":443", h3-27=":443"
content-length
115
x-served-by
cache-fra-eddf8230075-FRA, cache-chi-kigq8000162-CHI
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
301
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
location
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
access-control-allow-origin
*
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
access-control-expose-headers
*
cache-control
public, max-age=2592000
cdn-cache
EXPIRED
cdn-requestid
2b331b75eb00c223422175862704ce41
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
301
cdn-requestpullsuccess
True
Login.Custom.css
web-uat.itrade.cgsi.co.id/WebTrading.Custom/ 		580 B
678 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web-uat.itrade.cgsi.co.id/WebTrading.Custom/Login.Custom.css?v=121
Requested by
Host: web-uat.itrade.cgsi.co.id
URL: https://web-uat.itrade.cgsi.co.id/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.165.39.134 Jakarta, Indonesia, ASN17538 (CIRCLECOM-AS-ID-AP PT. Circlecom Nusantara Indonesia, ID),
Reverse DNS
ip-134-39.circlecom.net.id
Software
/
Resource Hash
d6845cde56989682bc8af0f3b22da6e2f6408ffc4fcea41a0ec9db603282e7c0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
x-content-type-options
nosniff
referrer-policy
no-referrer
last-modified
Fri, 23 Feb 2024 10:10:24 GMT
server
x-aspnet-version
etag
"e6e332844066da1:0"
date
Thu, 02 May 2024 14:18:30 GMT
content-type
text/css
feature-policy
geolocation 'none'
accept-ranges
bytes
x-aspnetmvc-version
content-length
580
x-xss-protection
1; mode=block
itrade.png
web-uat.itrade.cgsi.co.id/assets/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://web-uat.itrade.cgsi.co.id/assets/itrade.png
Requested by
Host: web-uat.itrade.cgsi.co.id
URL: https://web-uat.itrade.cgsi.co.id/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.165.39.134 Jakarta, Indonesia, ASN17538 (CIRCLECOM-AS-ID-AP PT. Circlecom Nusantara Indonesia, ID),
Reverse DNS
ip-134-39.circlecom.net.id
Software
/
Resource Hash
a9c11f0ea7dd7a0029241cf0f9caedb69323f454c02c3efa5d7652eba8c1a1de
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
x-content-type-options
nosniff
referrer-policy
no-referrer
last-modified
Fri, 23 Feb 2024 09:19:43 GMT
server
x-aspnet-version
etag
"96647d6f3966da1:0"
date
Thu, 02 May 2024 14:18:30 GMT
content-type
image/png
feature-policy
geolocation 'none'
accept-ranges
bytes
x-aspnetmvc-version
content-length
53180
x-xss-protection
1; mode=block
ClearSans-Regular.woff2
cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/fonts/woff2-convert/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/fonts/woff2-convert/ClearSans-Regular.woff2
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
602358d68544ed2d54986ebd6ae716461cd6d68433e99f2e1ca63d2a284034c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
Origin
https://web-uat.itrade.cgsi.co.id
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 02 May 2024 14:24:11 GMT
x-content-type-options
nosniff
age
822511
x-jsd-version
1.1.1
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
44664
x-served-by
cache-fra-etou8220039-FRA
x-jsd-version-type
version
etag
W/"ae78-dQ4lN/o/zOn+gHju8wRHNMHS6gw"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
ClearSans-Medium.woff2
cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/fonts/woff2-convert/ 		49 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/fonts/woff2-convert/ClearSans-Medium.woff2
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f7a44d65de0fa865598d717bd575fb2eda490ed79d908a45e0677c2401c05f9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cdn.jsdelivr.net/gh/resir014/Clear-Sans-Webfont@v1.1.1/css/clear-sans.css
Origin
https://web-uat.itrade.cgsi.co.id
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 02 May 2024 14:24:11 GMT
x-content-type-options
nosniff
age
181167
x-jsd-version
1.1.1
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
49708
x-served-by
cache-fra-etou8220039-FRA
x-jsd-version-type
version
etag
W/"c22c-0DywoECkmi9DXKoNsLoRBfN/+xs"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
favicon.ico
web-uat.itrade.cgsi.co.id/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://web-uat.itrade.cgsi.co.id/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.165.39.134 Jakarta, Indonesia, ASN17538 (CIRCLECOM-AS-ID-AP PT. Circlecom Nusantara Indonesia, ID),
Reverse DNS
ip-134-39.circlecom.net.id
Software
/
Resource Hash
4dc14b3fecee24dada048f78655de440baa6d34fbf44fac05e1e9a78107e9dce
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
x-content-type-options
nosniff
referrer-policy
no-referrer
last-modified
Sat, 11 Aug 2018 02:56:06 GMT
server
x-aspnet-version
etag
"0a7ffd81e31d41:0"
date
Thu, 02 May 2024 14:18:32 GMT
content-type
image/x-icon
feature-policy
geolocation 'none'
accept-ranges
bytes
x-aspnetmvc-version
content-length
1150
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| isInvisible function| onUserFormKeyDown function| onPasswordFormKeyDown string| tsCodePublic

2 Cookies

Domain/Path Name / Value
web-uat.itrade.cgsi.co.id/ Name: __RequestVerificationToken
Value: TTzLtF3k_uso9b3QJ4T5wR0hHlBMbxQpXoCSkW_LMLgMiMpZsCh3H9QfWZNlhSmLiOZKFEgikYeq_L1I0kQdyaA0tzLjiO3Op8H3moV-w1k1
web-uat.itrade.cgsi.co.id/ Name: ASP.NET_SessionId
Value: gsxuv0pibeexqvma52dx2la5

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' default-src: https: data: unsafe-inline unsafe-eval
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block