urlscan.io logo urlscan.io
SecurityTrails logo

login.xximo.com Open in urlscan Pro
104.18.3.252  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://my.xximo.com/leaseplan-be/fr
Effective URL: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e0...
Submission: On February 21 via manual from BE — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 2 domains to perform 12 HTTP transactions. The main IP is 104.18.3.252, located in and belongs to CLOUDFLARENET, US. The main domain is login.xximo.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 16th 2021. Valid for: a year.
This is the only time login.xximo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 3 83.96.148.150 21155 (ASN-PROSE...)
1 11 104.18.3.252 13335 (CLOUDFLAR...)
2 152.199.19.160 15133 (EDGECAST)
12 2
Apex Domain
Subdomains		 Transfer
14 xximo.com
my.xximo.com
login.xximo.com
319 KB
2 aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 631
9 KB
12 2
Domain Requested by
11 login.xximo.com 1 redirects login.xximo.com
3 my.xximo.com 3 redirects
2 ajax.aspnetcdn.com login.xximo.com
12 3

This site contains links to these domains. Also see Links.

Domain
www.xximo.nl
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-11-16 -
2022-11-15		 a year crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA		 2021-08-06 -
2022-08-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw
Frame ID: 4D0A739EA6F8CFADA0D3F45CB1A964DD
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Leaseplan Login

Page URL History Show full URLs

  1. https://my.xximo.com/leaseplan-be/fr HTTP 301
    https://my.xximo.com/leaseplan-be/fr/ HTTP 307
    https://my.xximo.com/leaseplan-be/fr/connect/ HTTP 302
    https://login.xximo.com/connect/authorize?scope=ssw%20openid&state=2e06c4baedb9b13cb6a5805155cf7eb1&... HTTP 302
    https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

3
Countries

327 kB
Transfer

736 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://my.xximo.com/leaseplan-be/fr HTTP 301
    https://my.xximo.com/leaseplan-be/fr/ HTTP 307
    https://my.xximo.com/leaseplan-be/fr/connect/ HTTP 302
    https://login.xximo.com/connect/authorize?scope=ssw%20openid&state=2e06c4baedb9b13cb6a5805155cf7eb1&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmy.xximo.com%2Fleaseplan-be%2Ffr%2Fconnect%2Fcheck&client_id=xximo.ssw HTTP 302
    https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login
login.xximo.com/Account/
Redirect Chain
  • https://my.xximo.com/leaseplan-be/fr
  • https://my.xximo.com/leaseplan-be/fr/
  • https://my.xximo.com/leaseplan-be/fr/connect/
  • https://login.xximo.com/connect/authorize?scope=ssw%20openid&state=2e06c4baedb9b13cb6a5805155cf7eb1&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmy.xximo.com%2Fleaseplan-be%2F...
  • https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto...
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bcba7a1b90ed6b3e105b968b72fc7a4b6974a9204cfa8d29d131af804634be94
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'self' *.xximo.com http://localhost:55446/frame-source 'self'; sandbox allow-forms allow-same-origin allow-scripts; script-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'unsafe-inline' 'self' data: https:; base-uri 'self';
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'self' *.xximo.com http://localhost:55446/frame-source 'self'; sandbox allow-forms allow-same-origin allow-scripts; script-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'unsafe-inline' 'self' data: https:; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN, http://localhost:55446/

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store
pragma
no-cache
vary
Accept-Encoding
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN, http://localhost:55446/
content-security-policy
default-src 'self'; object-src 'none'; frame-ancestors 'self' *.xximo.com http://localhost:55446/frame-source 'self'; sandbox allow-forms allow-same-origin allow-scripts; script-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'unsafe-inline' 'self' data: https:; base-uri 'self';
x-content-security-policy
default-src 'self'; object-src 'none'; frame-ancestors 'self' *.xximo.com http://localhost:55446/frame-source 'self'; sandbox allow-forms allow-same-origin allow-scripts; script-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'unsafe-inline' 'self' data: https:; base-uri 'self';
referrer-policy
no-referrer
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6e0f1c7a6d3f6963-FRA
content-encoding
gzip

Redirect headers

date
Mon, 21 Feb 2022 09:57:34 GMT
location
https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw
strict-transport-security
max-age=2592000
x-frame-options
SAMEORIGIN, http://localhost:55446/
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6e0f1c796ae46963-FRA
fontawesome.css
login.xximo.com/css/ 		58 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.xximo.com/css/fontawesome.css?v=0fuNgzfNIlaClbDtmYyFxY8LTNCDrwsNshywr4AALy0
Requested by
Host: login.xximo.com
URL: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1fb8d8337cd22568295b0ed998c85c58f0b4cd083af0b0db21cb0af80002f2d
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Frame-Options SAMEORIGIN, http://localhost:55446/

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 14 Feb 2022 15:27:28 GMT
server
cloudflare
age
1809
x-frame-options
SAMEORIGIN, http://localhost:55446/
etag
W/"1d821b75ff4d7d0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
strict-transport-security
max-age=2592000
cf-ray
6e0f1c7bf8ab6963-FRA
expires
Mon, 21 Feb 2022 13:57:34 GMT
leaseplan.css
login.xximo.com/css/vendors/ 		177 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.xximo.com/css/vendors/leaseplan.css?v=MbL_-bfdls7TEH6nbn2rqCP_FXjfYc05X4o4DomLEjc
Requested by
Host: login.xximo.com
URL: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6fbaf3ed8b4496f1c273e4ae82fe3f1c1e2fb091419f28529c36f245a37621ba
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Frame-Options SAMEORIGIN, http://localhost:55446/

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
last-modified
Mon, 14 Feb 2022 15:27:28 GMT
server
cloudflare
x-frame-options
SAMEORIGIN, http://localhost:55446/
etag
"1d821b75ff6f480"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
strict-transport-security
max-age=2592000
cf-ray
6e0f1c7bf8ad6963-FRA
expires
Mon, 21 Feb 2022 13:57:34 GMT
vendor.min.js
login.xximo.com/js/ 		234 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.xximo.com/js/vendor.min.js?v=urMONyKAFEYshjCfPJNDAos853aqd9CAXT6YZ52PFxA
Requested by
Host: login.xximo.com
URL: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bab30e37228014462c86309f3c9343028b3ce776aa77d0805d3e98679d8f1710
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Frame-Options SAMEORIGIN, http://localhost:55446/

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 14 Feb 2022 15:27:28 GMT
server
cloudflare
age
1809
x-frame-options
SAMEORIGIN, http://localhost:55446/
etag
"1d821b75ff796b1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
strict-transport-security
max-age=2592000
cf-ray
6e0f1c7bf8b06963-FRA
expires
Mon, 21 Feb 2022 13:57:34 GMT
leaseplan.png
login.xximo.com/images/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.xximo.com/images/leaseplan.png
Requested by
Host: login.xximo.com
URL: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca4b9c2abd890492987e54d402a8167200209e3144c3fb6b9acda7117bd28003
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Frame-Options SAMEORIGIN, http://localhost:55446/

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
cf-cache-status
REVALIDATED
last-modified
Mon, 14 Feb 2022 15:27:28 GMT
server
cloudflare
x-frame-options
SAMEORIGIN, http://localhost:55446/
etag
"1d821b75ff4071d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=14400
strict-transport-security
max-age=2592000
accept-ranges
bytes
cf-ray
6e0f1c7d1b516963-FRA
content-length
14109
expires
Mon, 21 Feb 2022 13:57:34 GMT
bootstrap.bundle.min.js
login.xximo.com/js/ 		82 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.xximo.com/js/bootstrap.bundle.min.js?v=jXCJJT3KKcnNjZ3rfsabCj1EX4j2omR4xxm-H5CtywE
Requested by
Host: login.xximo.com
URL: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Frame-Options SAMEORIGIN, http://localhost:55446/

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 14 Feb 2022 15:27:28 GMT
server
cloudflare
age
1809
x-frame-options
SAMEORIGIN, http://localhost:55446/
etag
W/"1d821b75ff578b8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
strict-transport-security
max-age=2592000
cf-ray
6e0f1c7c8a196963-FRA
expires
Mon, 21 Feb 2022 13:57:34 GMT
site.js
login.xximo.com/js/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.xximo.com/js/site.js?v=RM809t0M7JqVxRWJcuX865N-kD_NrXLUt5PrgXAyyu8
Requested by
Host: login.xximo.com
URL: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c31b5df5f3535024fed9f9ab9f8b1a30f079d930b7ddbd5ad8a1784fb6ab415
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Frame-Options SAMEORIGIN, http://localhost:55446/

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 14 Feb 2022 15:27:28 GMT
server
cloudflare
age
1809
x-frame-options
SAMEORIGIN, http://localhost:55446/
etag
W/"1d821b75ff4210c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
strict-transport-security
max-age=2592000
cf-ray
6e0f1c7cfb176963-FRA
expires
Mon, 21 Feb 2022 13:57:34 GMT
jquery.validate.min.js
ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/jquery.validate.min.js
Requested by
Host: login.xximo.com
URL: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.19.160 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8B65) /
Resource Hash
2e3e3b2660cbfaac5febf7a50b31d0494159989626a84102b2c3792cffe27d13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://login.xximo.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21402922
x-cache
HIT
content-length
6807
x-xss-protection
1; mode=block
last-modified
Mon, 31 Oct 2016 23:42:30 GMT
server
ECAcc (ama/8B65)
etag
"0b7a471d033d21:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
jquery.validate.unobtrusive.min.js
ajax.aspnetcdn.com/ajax/jquery.validation.unobtrusive/3.2.6/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.aspnetcdn.com/ajax/jquery.validation.unobtrusive/3.2.6/jquery.validate.unobtrusive.min.js
Requested by
Host: login.xximo.com
URL: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.19.160 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8A8F) /
Resource Hash
13243171b1f5976e74f79647f612a1d879bfa606816a204f72a833c0e89f269a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://login.xximo.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23264485
x-cache
HIT
content-length
2043
x-xss-protection
1; mode=block
last-modified
Mon, 31 Oct 2016 23:43:24 GMT
server
ECAcc (ama/8A8F)
etag
"076d491d033d21:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
OpenSans-Regular.woff2
login.xximo.com/webfonts/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login.xximo.com/webfonts/OpenSans-Regular.woff2
Requested by
Host: login.xximo.com
URL: https://login.xximo.com/css/vendors/leaseplan.css?v=MbL_-bfdls7TEH6nbn2rqCP_FXjfYc05X4o4DomLEjc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
408fe165dff48eb2f8cb3a2fcbc1dd92b94d56b4ab11813be55c776871c691cf
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Frame-Options SAMEORIGIN, http://localhost:55446/

Request headers

Referer
https://login.xximo.com/css/vendors/leaseplan.css?v=MbL_-bfdls7TEH6nbn2rqCP_FXjfYc05X4o4DomLEjc
Origin
https://login.xximo.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
1402
content-length
44648
last-modified
Mon, 14 Feb 2022 15:27:28 GMT
server
cloudflare
x-frame-options
SAMEORIGIN, http://localhost:55446/
etag
"1d821b75ff49e68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000
content-type
font/woff2
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
6e0f1c7d2b6d6963-FRA
expires
Mon, 21 Feb 2022 13:57:34 GMT
OpenSans-Bold.woff2
login.xximo.com/webfonts/ 		45 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login.xximo.com/webfonts/OpenSans-Bold.woff2
Requested by
Host: login.xximo.com
URL: https://login.xximo.com/css/vendors/leaseplan.css?v=MbL_-bfdls7TEH6nbn2rqCP_FXjfYc05X4o4DomLEjc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46b518780343f2262e168bea5146d1ff30a6253191cc61b486657c76a58fb2bb
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Frame-Options SAMEORIGIN, http://localhost:55446/

Request headers

Referer
https://login.xximo.com/css/vendors/leaseplan.css?v=MbL_-bfdls7TEH6nbn2rqCP_FXjfYc05X4o4DomLEjc
Origin
https://login.xximo.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
1402
content-length
46460
last-modified
Mon, 14 Feb 2022 15:27:28 GMT
server
cloudflare
x-frame-options
SAMEORIGIN, http://localhost:55446/
etag
"1d821b75ff4857c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000
content-type
font/woff2
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
6e0f1c7d2b716963-FRA
expires
Mon, 21 Feb 2022 13:57:34 GMT
OpenSans-SemiBold.woff2
login.xximo.com/webfonts/ 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login.xximo.com/webfonts/OpenSans-SemiBold.woff2
Requested by
Host: login.xximo.com
URL: https://login.xximo.com/css/vendors/leaseplan.css?v=MbL_-bfdls7TEH6nbn2rqCP_FXjfYc05X4o4DomLEjc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a32484e166e1337fbb0cf4f4262bb385ed9081f1ac20f9efe39e8e50490367a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Frame-Options SAMEORIGIN, http://localhost:55446/

Request headers

Referer
https://login.xximo.com/css/vendors/leaseplan.css?v=MbL_-bfdls7TEH6nbn2rqCP_FXjfYc05X4o4DomLEjc
Origin
https://login.xximo.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 21 Feb 2022 09:57:34 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
1402
content-length
46576
last-modified
Mon, 14 Feb 2022 15:27:28 GMT
server
cloudflare
x-frame-options
SAMEORIGIN, http://localhost:55446/
etag
"1d821b75ff485f0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000
content-type
font/woff2
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
6e0f1c7d2b756963-FRA
expires
Mon, 21 Feb 2022 13:57:34 GMT

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| $ function| jQuery object| bootstrap function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal function| getPassword function| validatePasswords function| updateCheckMark function| checkIfEightChar function| checkIfOneLowercase function| checkIfOneUppercase function| checkIfOneDigit function| checkIfOneSpecialChar function| togglePassword

3 Cookies

Domain/Path Name / Value
my.xximo.com/ Name: PHPSESSID
Value: u2235dsik9vsjv3nv7knrjuiq0
login.xximo.com/ Name: vendor
Value: xximo
login.xximo.com/ Name: .AspNetCore.Antiforgery.fpUXb9nf698
Value: CfDJ8La7Vg4LTLdGrJVEjVDDBDdajiss7oiorYtBb0maQX8aXUXWmp3UPiZOyxIalpJ67Krq-k3VOx5PdylCpe2s-fCoK7jBevu3p5Ec7q1VN0gipgpp_v35Qrz2fvAiftcjQ6Ww-4VvXaTnf-0TeNr-x9A

2 Console Messages

Source Level URL
Text
security error URL: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw(Line 110)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src * 'self' data: https:". Either the 'unsafe-inline' keyword, a hash ('sha256-Ngl/isK+xh6J5tlFJu3Kgnd72NerCPyxSpF7un2ibrA='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://login.xximo.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fscope%3Dssw%2520openid%26state%3D2e06c4baedb9b13cb6a5805155cf7eb1%26response_type%3Dcode%26approval_prompt%3Dauto%26redirect_uri%3Dhttps%253A%252F%252Fmy.xximo.com%252Fleaseplan-be%252Ffr%252Fconnect%252Fcheck%26client_id%3Dxximo.ssw(Line 113)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src * 'self' data: https:". Either the 'unsafe-inline' keyword, a hash ('sha256-YuVskry39Q8nejVPxWjzzpAm5VPrkvsaWvOTO5lE2q4='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'self' *.xximo.com http://localhost:55446/frame-source 'self'; sandbox allow-forms allow-same-origin allow-scripts; script-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'unsafe-inline' 'self' data: https:; base-uri 'self';
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'self' *.xximo.com http://localhost:55446/frame-source 'self'; sandbox allow-forms allow-same-origin allow-scripts; script-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'unsafe-inline' 'self' data: https:; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN, http://localhost:55446/