urlscan.io logo urlscan.io
SecurityTrails logo

reckon-ui-payments-dev.amartha.id Open in urlscan Pro
34.101.252.223  Public Scan

Go To Rescan Add Verdict Report
URL: https://reckon-ui-payments-dev.amartha.id/
Submission: On November 10 via automatic, source certstream-suspicious — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 8 HTTP transactions. The main IP is 34.101.252.223, located in Jakarta, Indonesia and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is reckon-ui-payments-dev.amartha.id.
TLS certificate: Issued by R11 on November 10th 2024. Valid for: 3 months.
This is the only time reckon-ui-payments-dev.amartha.id was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 34.101.252.223 396982 (GOOGLE-CL...)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
8 2
Apex Domain
Subdomains		 Transfer
8 amartha.id
reckon-ui-payments-dev.amartha.id
sso.amartha.id
270 KB
8 1
Domain Requested by
5 reckon-ui-payments-dev.amartha.id reckon-ui-payments-dev.amartha.id
3 sso.amartha.id reckon-ui-payments-dev.amartha.id
sso.amartha.id
8 2

This site contains no links.

Subject Issuer Validity Valid
reckon-ui-payments-dev.amartha.id
R11		 2024-11-10 -
2025-02-08		 3 months crt.sh
*.amartha.id
RapidSSL TLS RSA CA G1		 2024-05-16 -
2025-05-16		 a year crt.sh

This page contains 3 frames:

Primary Page: https://reckon-ui-payments-dev.amartha.id/
Frame ID: A0FF2DB9224A3FF4617365C8EB3CB6D5
Requests: 5 HTTP requests in this frame

Frame: https://sso.amartha.id/realms/nextgenmis/protocol/openid-connect/3p-cookies/step1.html
Frame ID: 37E514140F2F77AF102D4228407B38E4
Requests: 1 HTTP requests in this frame

Frame: https://sso.amartha.id/realms/nextgenmis/protocol/openid-connect/login-status-iframe.html
Frame ID: 510B6814351302AB19E0390F8FBDF9AD
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

go-reckon

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

2
Subdomains

2
IPs

2
Countries

270 kB
Transfer

972 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
reckon-ui-payments-dev.amartha.id/ 		475 B
708 B 		Document
General
Check archive.org
Download Go to
Full URL
https://reckon-ui-payments-dev.amartha.id/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.101.252.223 Jakarta, Indonesia, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
223.252.101.34.bc.googleusercontent.com
Software
/
Resource Hash
7e7afa5215f80fc82d1d688a82f828d92e2f257693b4f9bdbd7e64091ac35db5
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-disposition
inline; filename="index.html"
content-length
475
content-type
text/html; charset=utf-8
date
Sun, 10 Nov 2024 12:57:51 GMT
etag
"5758b5a23af73644c7450d91864723639e0ebca2"
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
index-CnaDyXqS.js
reckon-ui-payments-dev.amartha.id/assets/ 		748 KB
229 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://reckon-ui-payments-dev.amartha.id/assets/index-CnaDyXqS.js
Requested by
Host: reckon-ui-payments-dev.amartha.id
URL: https://reckon-ui-payments-dev.amartha.id/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.101.252.223 Jakarta, Indonesia, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
223.252.101.34.bc.googleusercontent.com
Software
/
Resource Hash
ffd1d195412d9ba054ade82e5a559c01a921164d5daea9cb87294ee2dc3a5e38
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://reckon-ui-payments-dev.amartha.id
Referer
https://reckon-ui-payments-dev.amartha.id/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
etag
"a57b4adec8d478855bcca2b2ff7015ae60be3888"
accept-ranges
bytes
date
Sun, 10 Nov 2024 12:57:51 GMT
content-type
application/javascript; charset=utf-8
content-disposition
inline; filename="index-CnaDyXqS.js"
vary
Accept-Encoding
index-s5d12KdY.css
reckon-ui-payments-dev.amartha.id/assets/ 		206 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://reckon-ui-payments-dev.amartha.id/assets/index-s5d12KdY.css
Requested by
Host: reckon-ui-payments-dev.amartha.id
URL: https://reckon-ui-payments-dev.amartha.id/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.101.252.223 Jakarta, Indonesia, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
223.252.101.34.bc.googleusercontent.com
Software
/
Resource Hash
0bab6c326d5d39c4473b39d92b4d3da4206bd8fd3c01aacca02a71292fc96f87
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://reckon-ui-payments-dev.amartha.id
Referer
https://reckon-ui-payments-dev.amartha.id/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
etag
"19dada616cc57f0c48bc7caabef68fb96c50405b"
accept-ranges
bytes
date
Sun, 10 Nov 2024 12:57:51 GMT
content-type
text/css; charset=utf-8
content-disposition
inline; filename="index-s5d12KdY.css"
vary
Accept-Encoding
logo.png
reckon-ui-payments-dev.amartha.id/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://reckon-ui-payments-dev.amartha.id/logo.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.101.252.223 Jakarta, Indonesia, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
223.252.101.34.bc.googleusercontent.com
Software
/
Resource Hash
31c7e13998fbeb5db7924496819330d807cf9a2239400be63ca67f42c5a9c6da
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://reckon-ui-payments-dev.amartha.id/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
10819
date
Sun, 10 Nov 2024 12:57:52 GMT
etag
"8dc497ce7590b1fc7d2a480e286c379126076616"
content-type
image/png
content-disposition
inline; filename="logo.png"
step1.html
sso.amartha.id/realms/nextgenmis/protocol/openid-connect/3p-cookies/ Frame 37E5 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.amartha.id/realms/nextgenmis/protocol/openid-connect/3p-cookies/step1.html
Requested by
Host: reckon-ui-payments-dev.amartha.id
URL: https://reckon-ui-payments-dev.amartha.id/assets/index-CnaDyXqS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:711 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d663bb27ffd436448054de71f95009215a6d04f26e21448caae57a0fbafd6ec5
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' *.amartha.id; style-src *.amartha.id; img-src *.amartha.id; default-src 'self' *.amartha.id; form-action apartner.app://* *.amartha.id; prefetch-src *.amartha.id;
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://reckon-ui-payments-dev.amartha.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, must-revalidate, no-transform, no-store
cf-cache-status
DYNAMIC
cf-ray
8e0635f9db4c5208-LAX
content-length
2273
content-security-policy
frame-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' *.amartha.id; style-src *.amartha.id; img-src *.amartha.id; default-src 'self' *.amartha.id; form-action apartner.app://* *.amartha.id; prefetch-src *.amartha.id;
content-type
text/html;charset=utf-8
date
Sun, 10 Nov 2024 12:57:53 GMT
p3p
CP="This is not a P3P policy!"
referrer-policy
no-referrer
server
cloudflare
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
x-robots-tag
none
x-xss-protection
1; mode=block
vite.svg
reckon-ui-payments-dev.amartha.id/ 		1 KB
1020 B 		Other
General
Check archive.org
Download Go to
Full URL
https://reckon-ui-payments-dev.amartha.id/vite.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.101.252.223 Jakarta, Indonesia, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
223.252.101.34.bc.googleusercontent.com
Software
/
Resource Hash
4a748afd443918bb16591c834c401dae33e87861ab5dbad0811c3a3b4a9214fb
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://reckon-ui-payments-dev.amartha.id/

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
etag
"8e55969db6e56d34cb9f1edfb43a89ba0ca54cc4"
accept-ranges
bytes
date
Sun, 10 Nov 2024 12:57:52 GMT
content-type
image/svg+xml
content-disposition
inline; filename="vite.svg"
vary
Accept-Encoding
login-status-iframe.html
sso.amartha.id/realms/nextgenmis/protocol/openid-connect/ Frame 510B 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.amartha.id/realms/nextgenmis/protocol/openid-connect/login-status-iframe.html
Requested by
Host: reckon-ui-payments-dev.amartha.id
URL: https://reckon-ui-payments-dev.amartha.id/assets/index-CnaDyXqS.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:711 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97b3a2e6395838b40e3397fad5e96657412fa9e1ffefbc81f0029e476df499a6
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' *.amartha.id; style-src *.amartha.id; img-src *.amartha.id; default-src 'self' *.amartha.id; form-action apartner.app://* *.amartha.id; prefetch-src *.amartha.id;
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://reckon-ui-payments-dev.amartha.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, must-revalidate, no-transform, no-store
cf-cache-status
DYNAMIC
cf-ray
8e0635feaf605208-LAX
content-length
2637
content-security-policy
frame-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' *.amartha.id; style-src *.amartha.id; img-src *.amartha.id; default-src 'self' *.amartha.id; form-action apartner.app://* *.amartha.id; prefetch-src *.amartha.id;
content-type
text/html;charset=utf-8
date
Sun, 10 Nov 2024 12:57:53 GMT
p3p
CP="This is not a P3P policy!"
referrer-policy
no-referrer
server
cloudflare
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
x-robots-tag
none
x-xss-protection
1; mode=block
init
sso.amartha.id/realms/nextgenmis/protocol/openid-connect/login-status-iframe.html/ Frame 510B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sso.amartha.id/realms/nextgenmis/protocol/openid-connect/login-status-iframe.html/init?client_id=recon&origin=https%3A%2F%2Freckon-ui-payments-dev.amartha.id
Requested by
Host: sso.amartha.id
URL: https://sso.amartha.id/realms/nextgenmis/protocol/openid-connect/login-status-iframe.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:711 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
referrer-policy
no-referrer
cf-ray
8e063600a8fb5208-LAX
content-length
0
date
Sun, 10 Nov 2024 12:57:54 GMT
x-xss-protection
1; mode=block
server
cloudflare

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| __reactRouterVersion

0 Cookies

3 Console Messages

Source Level URL
Text
security error URL: https://sso.amartha.id/realms/nextgenmis/protocol/openid-connect/3p-cookies/step1.html
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
security error URL: https://sso.amartha.id/realms/nextgenmis/protocol/openid-connect/login-status-iframe.html
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
network error URL: https://sso.amartha.id/realms/nextgenmis/protocol/openid-connect/login-status-iframe.html/init?client_id=recon&origin=https%3A%2F%2Freckon-ui-payments-dev.amartha.id
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains