urlscan.io logo urlscan.io
SecurityTrails logo

inconto.pentest.inconto.com Open in urlscan Pro
84.247.13.125  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://inconto.pentest.inconto.com/
Effective URL: https://inconto.pentest.inconto.com/logon/logon.asp
Submission: On June 13 via automatic, source certstream-suspicious — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 84.247.13.125, located in Netherlands and belongs to TRANSIP-AS Amsterdam, the Netherlands, NL. The main domain is inconto.pentest.inconto.com.
TLS certificate: Issued by R3 on June 13th 2022. Valid for: 3 months.
This is the only time inconto.pentest.inconto.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 20 84.247.13.125 20857 (TRANSIP-A...)
19 1
Apex Domain
Subdomains		 Transfer
20 inconto.com
inconto.pentest.inconto.com
1 MB
19 1
Domain Requested by
20 inconto.pentest.inconto.com 1 redirects inconto.pentest.inconto.com
19 1

This site contains links to these domains. Also see Links.

Domain
www.inconto.com
Subject Issuer Validity Valid
inconto.pentest.inconto.com
R3		 2022-06-13 -
2022-09-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://inconto.pentest.inconto.com/logon/logon.asp
Frame ID: 78E1DFAFECEFE76E1D49525F7D6FF7D9
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Inloggen - INCONTO 2020/4

Page URL History Show full URLs

  1. https://inconto.pentest.inconto.com/ HTTP 302
    https://inconto.pentest.inconto.com/logon/logon.asp Page URL

Detected technologies

Overall confidence: 75%
Detected patterns
  • /Chart(?:\.bundle)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1027 kB
Transfer

1025 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://inconto.pentest.inconto.com/ HTTP 302
    https://inconto.pentest.inconto.com/logon/logon.asp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request logon.asp
inconto.pentest.inconto.com/logon/
Redirect Chain
  • https://inconto.pentest.inconto.com/
  • https://inconto.pentest.inconto.com/logon/logon.asp?
8 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
b989bcc69052be211592c4a81f71b15445c932dc267f244c19752b8e74bd8684
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

cache-control
private
content-length
8418
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
content-type
text/html; Charset=UTF-8
date
Mon, 13 Jun 2022 10:24:24 GMT
referrer-policy
same-origin
server
INCONTO
strict-transport-security
max-age=15552001;includeSubDomains;preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

cache-control
private
content-length
138
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
content-type
text/html; Charset=UTF-8
date
Mon, 13 Jun 2022 10:24:24 GMT
location
/logon/logon.asp?
referrer-policy
same-origin
server
INCONTO
strict-transport-security
max-age=15552001;includeSubDomains;preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
bootstrap-datepicker.min.css
inconto.pentest.inconto.com/Styles/ 		15 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/Styles/bootstrap-datepicker.min.css?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
24305c9d8795d7d275e22b0677712d9ec0902b4e5df0f733279f9fbc4bc126f2
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Sat, 28 Apr 2018 13:11:52 GMT
server
INCONTO
etag
"01c2879f2ded31:0"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
15731
x-content-type-options
nosniff
login.min.css
inconto.pentest.inconto.com/styles/new/ 		143 KB
144 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/styles/new/login.min.css?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
defed4b739c84235b929a1454ef501e84453c9041743154f38ce84d5d3d2da28
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Thu, 17 Sep 2020 12:01:38 GMT
server
INCONTO
etag
"07da4cea8cd61:0"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
146807
x-content-type-options
nosniff
jquery.min.js
inconto.pentest.inconto.com/JavaScripts/ 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/jquery.min.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Wed, 24 Mar 2021 09:11:54 GMT
server
INCONTO
etag
"142fe4bb8d20d71:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
89501
x-content-type-options
nosniff
bootstrap.min.js
inconto.pentest.inconto.com/JavaScripts/ 		36 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/bootstrap.min.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Sat, 28 Apr 2018 13:11:52 GMT
server
INCONTO
etag
"01c2879f2ded31:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
37051
x-content-type-options
nosniff
jquery-ui.min.js
inconto.pentest.inconto.com/JavaScripts/ 		55 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/jquery-ui.min.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
5d756c72e0c8bef48cf3dbc30d9b0c632a1c2f029d4f771599380ee1368d9c06
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Thu, 24 Jan 2019 12:34:24 GMT
server
INCONTO
etag
"0c83023e1b3d41:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
55897
x-content-type-options
nosniff
jquery.validate.min.js
inconto.pentest.inconto.com/JavaScripts/ 		24 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/jquery.validate.min.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
4c0cc637858d6503cba9262f8be75740c29e853605a153a7bde46a6e2e367eb0
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Wed, 24 Mar 2021 09:11:54 GMT
server
INCONTO
etag
"287de4bb8d20d71:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
24430
x-content-type-options
nosniff
bootstrap-datepicker.min.js
inconto.pentest.inconto.com/JavaScripts/ 		33 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/bootstrap-datepicker.min.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
b56e4bcc40bb423846d02880bf196c78c4ecdaa252eeedc344f6ae0e3149df3a
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Sat, 28 Apr 2018 13:11:52 GMT
server
INCONTO
etag
"01c2879f2ded31:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
33599
x-content-type-options
nosniff
INO.js
inconto.pentest.inconto.com/JavaScripts/ 		232 KB
232 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/INO.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
5ee4a51e0cc14e469467bb8db3221122614304288b5aa2a544241e6c4d50e708
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Tue, 18 May 2021 13:04:42 GMT
server
INCONTO
etag
"051dc5de64bd71:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
237530
x-content-type-options
nosniff
legacy.js
inconto.pentest.inconto.com/JavaScripts/ 		50 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/legacy.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
3ee802d89c88b5c60e8384b42d51ce779f9272c3a2a10ddc31640e60bdc6ec83
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Tue, 18 May 2021 13:04:42 GMT
server
INCONTO
etag
"051dc5de64bd71:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
51369
x-content-type-options
nosniff
SearchScripts.js
inconto.pentest.inconto.com/JavaScripts/ 		27 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/SearchScripts.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
dadc547bf04726ca053b47ebd651fe57e83c0905f92d00a310504dc5828b7c1b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Wed, 24 Mar 2021 09:11:54 GMT
server
INCONTO
etag
"c9ede6bb8d20d71:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
27346
x-content-type-options
nosniff
event_hooks.js
inconto.pentest.inconto.com/JavaScripts/ 		25 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/event_hooks.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
8860c9a4a06314bacb152ee3b8408edd8634e6cd00bb63c15cb028ddeccd5e5f
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Wed, 24 Mar 2021 09:11:54 GMT
server
INCONTO
etag
"e46be3bb8d20d71:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
25190
x-content-type-options
nosniff
KeyListener-1.0.min.js
inconto.pentest.inconto.com/JavaScripts/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/KeyListener-1.0.min.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
3689fe312ba622d36f029f9f63aaa84aee904090b71d7ee68113511b5e377083
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Wed, 24 Mar 2021 09:11:54 GMT
server
INCONTO
etag
"3dcbe4bb8d20d71:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
2613
x-content-type-options
nosniff
hilitor.js
inconto.pentest.inconto.com/JavaScripts/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/hilitor.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
06515881710d41d8a3a3bbc24c247ba44d96eecf099b0d2d5b2986de17dec5ba
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Sat, 28 Apr 2018 13:11:52 GMT
server
INCONTO
etag
"01c2879f2ded31:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
3029
x-content-type-options
nosniff
Chart.min.js
inconto.pentest.inconto.com/JavaScripts/Chart.js/ 		154 KB
154 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/Chart.js/Chart.min.js?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
506c2fc94147e90aa7d0f4b2415c38ab7bc85f4c15d6688a4eb69c349cc058f7
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Sat, 28 Apr 2018 13:11:50 GMT
server
INCONTO
etag
"0eff677f2ded31:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
157415
x-content-type-options
nosniff
UserSettings.asp
inconto.pentest.inconto.com/JavaScripts/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/JavaScripts/UserSettings.asp?ver=2020_4_502
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
2ce097fbfdcf5bccb80764c961d0cf69f54b697c2c31b80abb051b4bf00d17b4
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
server
INCONTO
date
Mon, 13 Jun 2022 10:24:24 GMT
x-frame-options
SAMEORIGIN
content-type
text/javascript; Charset=UTF-8
cache-control
private
strict-transport-security
max-age=15552001;includeSubDomains;preload
content-length
8482
x-content-type-options
nosniff
loginlogo.png
inconto.pentest.inconto.com/Client/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://inconto.pentest.inconto.com/Client/loginlogo.png
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/logon/logon.asp?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
728a42945d236828277fe3275155c12d8962a69412f2ee72af6c615fb7a6c920
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/logon/logon.asp?
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Tue, 16 Jul 2019 13:35:38 GMT
server
INCONTO
etag
"071875adb3bd51:0"
x-frame-options
SAMEORIGIN
content-type
image/png
date
Mon, 13 Jun 2022 10:24:24 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
46205
x-content-type-options
nosniff
icon32x32grey.png
inconto.pentest.inconto.com/Icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://inconto.pentest.inconto.com/Icons/icon32x32grey.png
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/styles/new/login.min.css?ver=2020_4_502
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
316fd5a2983f09d1157a736f8cd49f82573821f90ce1e99d7d7de8dd8fe6afab
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://inconto.pentest.inconto.com/styles/new/login.min.css?ver=2020_4_502
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Tue, 04 Dec 2018 12:05:52 GMT
server
INCONTO
etag
"010b1b3c98bd41:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=604800
date
Mon, 13 Jun 2022 10:24:25 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
1624
x-content-type-options
nosniff
fontawesome-webfont.woff2
inconto.pentest.inconto.com/fonts/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://inconto.pentest.inconto.com/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: inconto.pentest.inconto.com
URL: https://inconto.pentest.inconto.com/styles/new/login.min.css?ver=2020_4_502
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
84.247.13.125 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
84-247-13-125.colo.transip.net
Software
INCONTO /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://inconto.pentest.inconto.com/styles/new/login.min.css?ver=2020_4_502
Origin
https://inconto.pentest.inconto.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
referrer-policy
same-origin
last-modified
Sat, 28 Apr 2018 13:11:52 GMT
server
INCONTO
etag
"01c2879f2ded31:0"
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
date
Mon, 13 Jun 2022 10:24:25 GMT
strict-transport-security
max-age=15552001;includeSubDomains;preload
accept-ranges
bytes
content-length
77160
x-content-type-options
nosniff

Verdicts & Comments Add Verdict or Comment

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery object| INO function| addLineText function| fnRecalculateColumnWidths function| fnHideColumn function| fnNumber_SystemValueToDisplayValue function| fnNumber_DisplayValueToSystemValue function| fnNumber_DisplayValueToIntIfPossible function| insertRow function| fnControleerGetal function| fnCheckNumber function| subZetInput function| subMaakDecimaalOp function| fnOpmaakDecimaal function| maxLengthFunction function| iEscape function| fnUploadFile function| fnDeleteFile function| fnDeleteFileExtra function| doDeleteFile function| fnCreateEditableFieldWithPopup function| fnQuerystringToObject function| fnPopupEditDiv function| showPropertyPreferences function| closePropertyPreferences function| fnClosePopupEditDiv function| fnCreateTableBody function| fnCreateTree function| fnCreateTreeItems function| fnCreateMultiLevelArray object| aKnoppen function| fnHiliteAlertButton function| fnDeHiliteAlertButton function| fnAlert function| fnBericht function| fnClickButton function| subOnclickAlertBox function| fnDisableFrame function| subOnclick function| fnZoekParentNode function| fnOpmaakDatum function| setCancelBubble function| DoSimpleAjaxCall function| fnGenericAsyncCall function| fnGetTranslations function| fnGetJSONFromSql object| ENTITIES_REGEXP object| ENTITIES_MAP function| ENT_entityToChar function| ENT_htmlDecode function| maakHelpInfoDiv function| verwijderHelpInfoDiv function| rgb2hex function| fnDisableButton function| addParameterToSearchCatalogString function| fnExecFunction object| Base64 function| getEntityNameById function| FastSearch function| fnMakeFastSearch function| initKeyListener function| setButtonBar function| imgError function| KeyListener object| oKeyListener function| Hilitor function| Color function| Chart

1 Cookies

Domain/Path Name / Value
inconto.pentest.inconto.com/ Name: ASPSESSIONIDAGCRBQQB
Value: MLHNCEIDJBDEKDDDFCNAAJOH

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'
Strict-Transport-Security max-age=15552001;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN