dev.services.dutapay.co.id Open in urlscan Pro
182.23.108.162  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response dev.services.dutapay.co.id/	2 KB 1 KB	608ms 201ms	Document text/html	182.23.108.162 LINTASARTA-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://dev.services.dutapay.co.id/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 182.23.108.162 Jakarta, Indonesia, ASN4800 (LINTASARTA-AS-AP Network Access Provider and Internet Service Provider, ID), Reverse DNS Software / Resource Hash fdd08c7ebed924b98f9551fec6a0a41043558e3cbdea8754b99b46fa841eaad2 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :method GET :authority dev.services.dutapay.co.id :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers cache-control private content-type text/html; charset=utf-8 content-encoding gzip vary Accept-Encoding x-xss-protection 1; mode=block strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-security-policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; x-frame-options SAMEORIGIN date Thu, 04 Feb 2021 02:02:54 GMT content-length 1213
GET H2	200	css dev.services.dutapay.co.id/Content/	95 KB 22 KB	390ms 389ms	Stylesheet text/css	182.23.108.162 LINTASARTA-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://dev.services.dutapay.co.id/Content/css?v=iu6llGOD56rODijpqlCOQvcSBFSCrub6Txc2FAwkPi41 Requested by Host: dev.services.dutapay.co.id URL: https://dev.services.dutapay.co.id/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 182.23.108.162 Jakarta, Indonesia, ASN4800 (LINTASARTA-AS-AP Network Access Provider and Internet Service Provider, ID), Reverse DNS Software / Resource Hash 2ec54aaa69d2703511ce10bf8e9bea7b5a17a69018f809f9dceb5ea0a2bfec98 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://dev.services.dutapay.co.id/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff last-modified Thu, 04 Feb 2021 02:02:55 GMT date Thu, 04 Feb 2021 02:02:54 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 cache-control public content-security-policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; vary User-Agent,Accept-Encoding content-length 22670 x-xss-protection 1; mode=block expires Fri, 04 Feb 2022 02:02:55 GMT
GET H2	200	modernizr Show response dev.services.dutapay.co.id/bundles/	11 KB 5 KB	206ms 205ms	Script text/javascript	182.23.108.162 LINTASARTA-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://dev.services.dutapay.co.id/bundles/modernizr?v=wBEWDufH_8Md-Pbioxomt90vm6tJN2Pyy9u9zHtWsPo1 Requested by Host: dev.services.dutapay.co.id URL: https://dev.services.dutapay.co.id/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 182.23.108.162 Jakarta, Indonesia, ASN4800 (LINTASARTA-AS-AP Network Access Provider and Internet Service Provider, ID), Reverse DNS Software / Resource Hash 0ec4e0295f86b2142b8996e03d4195888843b50d1954d7e248341da032b7ebba Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://dev.services.dutapay.co.id/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff last-modified Thu, 04 Feb 2021 02:02:55 GMT date Thu, 04 Feb 2021 02:02:54 GMT x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control public content-security-policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; vary User-Agent,Accept-Encoding content-length 5229 x-xss-protection 1; mode=block expires Fri, 04 Feb 2022 02:02:55 GMT
GET H2	200	logo-dutapay.png dev.services.dutapay.co.id/Content/Images/Shared/	8 KB 8 KB	540ms 540ms	Image image/png	182.23.108.162 LINTASARTA-AS-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://dev.services.dutapay.co.id/Content/Images/Shared/logo-dutapay.png Requested by Host: dev.services.dutapay.co.id URL: https://dev.services.dutapay.co.id/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 182.23.108.162 Jakarta, Indonesia, ASN4800 (LINTASARTA-AS-AP Network Access Provider and Internet Service Provider, ID), Reverse DNS Software / Resource Hash 4891cb7380cd797634916a536b82da4c5edfd87ea9d7d226b4ec0a1c7c1f67f7 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://dev.services.dutapay.co.id/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff last-modified Wed, 19 Jul 2017 09:29:10 GMT server etag "45735c7a710d31:0" x-frame-options SAMEORIGIN content-type image/png date Thu, 04 Feb 2021 02:02:54 GMT content-security-policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; accept-ranges bytes content-length 8559 x-xss-protection 1; mode=block
GET H/1.1	200 OK	getseal Show response seal.websecurity.norton.com/	13 B 217 B	253ms 159ms	Script text/javascript	23.37.44.187 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://seal.websecurity.norton.com/getseal?host_name=services.dutapay.co.id&size=L&use_flash=NO&use_transparent=No&lang=en Requested by Host: dev.services.dutapay.co.id URL: https://dev.services.dutapay.co.id/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.37.44.187 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-37-44-187.deploy.static.akamaitechnologies.com Software nginx/1.14.0 / Resource Hash bb807cd3b9903a753407ec9d82c403490bad87e9b707458b7d0e7f165277cd2c Request headers Referer https://dev.services.dutapay.co.id/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 04 Feb 2021 02:04:17 GMT Cache-Control must-revalidate, max-age=0 Server nginx/1.14.0 Connection keep-alive ETag Content-Length 13 Content-Type text/javascript
GET H2	200	tuv_qr.jpg dev.services.dutapay.co.id/Content/Images/Shared/	1 MB 1 MB	360ms 360ms	Image image/jpeg	182.23.108.162 LINTASARTA-AS-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://dev.services.dutapay.co.id/Content/Images/Shared/tuv_qr.jpg Requested by Host: dev.services.dutapay.co.id URL: https://dev.services.dutapay.co.id/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 182.23.108.162 Jakarta, Indonesia, ASN4800 (LINTASARTA-AS-AP Network Access Provider and Internet Service Provider, ID), Reverse DNS Software / Resource Hash 8c4e44e51c071c7196fadc16ba791d669ebd2eeeb7c31850f40fb12b1279679a Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://dev.services.dutapay.co.id/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff last-modified Thu, 16 Aug 2018 07:42:10 GMT server etag "1b709da33435d41:0" x-frame-options SAMEORIGIN content-type image/jpeg date Thu, 04 Feb 2021 02:02:54 GMT content-security-policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; accept-ranges bytes content-length 1095192 x-xss-protection 1; mode=block
GET H2	200	jquery Show response dev.services.dutapay.co.id/bundles/	91 KB 41 KB	208ms 207ms	Script text/javascript	182.23.108.162 LINTASARTA-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://dev.services.dutapay.co.id/bundles/jquery?v=FVs3ACwOLIVInrAl5sdzR2jrCDmVOWFbZMY6g6Q0ulE1 Requested by Host: dev.services.dutapay.co.id URL: https://dev.services.dutapay.co.id/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 182.23.108.162 Jakarta, Indonesia, ASN4800 (LINTASARTA-AS-AP Network Access Provider and Internet Service Provider, ID), Reverse DNS Software / Resource Hash 8e36a92b48ce8c4a823f7703ae2b1d91a96baf49a3c5c20fa0441df4c20bb3ec Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://dev.services.dutapay.co.id/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff last-modified Thu, 04 Feb 2021 02:02:55 GMT date Thu, 04 Feb 2021 02:02:54 GMT x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control public content-security-policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; vary User-Agent,Accept-Encoding content-length 42177 x-xss-protection 1; mode=block expires Fri, 04 Feb 2022 02:02:55 GMT
GET H2	200	bootstrap Show response dev.services.dutapay.co.id/bundles/	30 KB 11 KB	357ms 356ms	Script text/javascript	182.23.108.162 LINTASARTA-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://dev.services.dutapay.co.id/bundles/bootstrap?v=2Fz3B0iizV2NnnamQFrx-NbYJNTFeBJ2GM05SilbtQU1 Requested by Host: dev.services.dutapay.co.id URL: https://dev.services.dutapay.co.id/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 182.23.108.162 Jakarta, Indonesia, ASN4800 (LINTASARTA-AS-AP Network Access Provider and Internet Service Provider, ID), Reverse DNS Software / Resource Hash 0c477768d9d0fad3f16c9a5a43644a5d0b8556181940a8646c7901e6dc2a8279 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://dev.services.dutapay.co.id/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-content-type-options nosniff last-modified Thu, 04 Feb 2021 02:02:55 GMT date Thu, 04 Feb 2021 02:02:54 GMT x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control public content-security-policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; vary User-Agent,Accept-Encoding content-length 11226 x-xss-protection 1; mode=block expires Fri, 04 Feb 2022 02:02:55 GMT

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| html5 object| Modernizr function| $ function| jQuery object| jQuery1102030745502673176617 object| respond

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dev.services.dutapay.co.id
seal.websecurity.norton.com
182.23.108.162
23.37.44.187
0c477768d9d0fad3f16c9a5a43644a5d0b8556181940a8646c7901e6dc2a8279
0ec4e0295f86b2142b8996e03d4195888843b50d1954d7e248341da032b7ebba
2ec54aaa69d2703511ce10bf8e9bea7b5a17a69018f809f9dceb5ea0a2bfec98
4891cb7380cd797634916a536b82da4c5edfd87ea9d7d226b4ec0a1c7c1f67f7
8c4e44e51c071c7196fadc16ba791d669ebd2eeeb7c31850f40fb12b1279679a
8e36a92b48ce8c4a823f7703ae2b1d91a96baf49a3c5c20fa0441df4c20bb3ec
bb807cd3b9903a753407ec9d82c403490bad87e9b707458b7d0e7f165277cd2c
fdd08c7ebed924b98f9551fec6a0a41043558e3cbdea8754b99b46fa841eaad2