urlscan.io logo urlscan.io
SecurityTrails logo

id.zalo.me Open in urlscan Pro
49.213.95.230  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://netbarboxtest.site/
Effective URL: https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D128889065196...
Submission: On September 23 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 9 domains to perform 20 HTTP transactions. The main IP is 49.213.95.230, located in Viet Nam and belongs to VINAGAME-AS-VN VNG Corporation, VN. The main domain is id.zalo.me. The Cisco Umbrella rank of the primary domain is 64050.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 2nd 2024. Valid for: a year.
This is the only time id.zalo.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 188.245.107.241 24940 (HETZNER-AS)
2 2 13.32.27.67 16509 (AMAZON-02)
1 1 2001:df0:1a:1... 38244 (VINAGAME-...)
5 49.213.95.230 38244 (VINAGAME-...)
5 49.213.95.44 38244 (VINAGAME-...)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
20 7
1    188.245.107.241 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.241.107.245.188.clients.your-server.de
netbarboxtest.site
2    13.32.27.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-67.fra56.r.cloudfront.net
sso.netbarbox.com
1    2001:df0:1a:1010::1004 (Viet Nam)

ASN38244 (VINAGAME-AS-VN VNG Corporation, VN)
oauth.zaloapp.com
5    49.213.95.230 (Viet Nam)

ASN38244 (VINAGAME-AS-VN VNG Corporation, VN)
id.zalo.me
5    49.213.95.44 (Viet Nam)

ASN38244 (VINAGAME-AS-VN VNG Corporation, VN)
stc-zaloid.zdn.vn
zalo-captcha.zdn.vn
3    2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Apex Domain
Subdomains		 Transfer
5 zdn.vn
stc-zaloid.zdn.vn — Cisco Umbrella Rank: 195226
zalo-captcha.zdn.vn — Cisco Umbrella Rank: 285743
245 KB
5 zalo.me
id.zalo.me — Cisco Umbrella Rank: 64050
18 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 3
2 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 34
21 KB
2 gstatic.com
www.gstatic.com
429 KB
2 netbarbox.com
sso.netbarbox.com
1 KB
1 zaloapp.com
oauth.zaloapp.com — Cisco Umbrella Rank: 416630
1 KB
1 netbarboxtest.site
netbarboxtest.site
1 KB
0 googletagmanager.com Failed
www.googletagmanager.com Failed
20 9
Domain Requested by
5 id.zalo.me netbarboxtest.site
stc-zaloid.zdn.vn
4 stc-zaloid.zdn.vn id.zalo.me
stc-zaloid.zdn.vn
3 www.google.com id.zalo.me
www.gstatic.com
2 www.google-analytics.com id.zalo.me
www.google-analytics.com
2 www.gstatic.com www.google.com
2 sso.netbarbox.com 2 redirects
1 zalo-captcha.zdn.vn id.zalo.me
1 oauth.zaloapp.com 1 redirects
1 netbarboxtest.site
0 www.googletagmanager.com Failed www.google-analytics.com
20 10

This site contains no links.

Subject Issuer Validity Valid
netbarboxtest.site
E5		 2024-09-16 -
2024-12-15		 3 months crt.sh
*.zalo.me
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-02 -
2025-07-12		 a year crt.sh
*.zdn.vn
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-08 -
2025-07-17		 a year crt.sh
*.google.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.gstatic.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.google-analytics.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-
Frame ID: 3CB51EC08F5E78D54C7F6E92BBB8EF1D
Requests: 20 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqC0UpAAAAAGWHMScrTGNdbU5jmnu8qPWJRRUM&co=aHR0cHM6Ly9pZC56YWxvLm1lOjQ0Mw..&hl=de&v=EGbODne6buzpTnWrrBprcfAY&size=invisible&cb=7metnxj17597
Frame ID: B6211691FE1B3054F18285009EE24DB8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Đăng nhập tài khoản Zalo

Page URL History Show full URLs

  1. https://netbarboxtest.site/ Page URL
  2. http://sso.netbarbox.com/zalo/get-login HTTP 307
    https://sso.netbarbox.com/zalo/get-login HTTP 302
    https://oauth.zaloapp.com/v4/permission?app_id=1288890651960077628&redirect_uri=https%3A%2F%2Fsso.netb... HTTP 307
    http://sso.netbarbox.com/zalo/get-login HTTP 302
    https://oauth.zaloapp.com/v4/permission?app_id=1288890651960077628&redirect_uri=https%3A%2F%2Fsso.netb... HTTP 302
    https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fa... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

20
Requests

90 %
HTTPS

50 %
IPv6

9
Domains

10
Subdomains

7
IPs

3
Countries

716 kB
Transfer

1914 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://netbarboxtest.site/ Page URL
  2. http://sso.netbarbox.com/zalo/get-login HTTP 307
    https://sso.netbarbox.com/zalo/get-login HTTP 302
    https://oauth.zaloapp.com/v4/permission?app_id=1288890651960077628&redirect_uri=https%3A%2F%2Fsso.netbarbox.com%2Fzalo%2Fget-login&code_challenge=cFRwBaAoRz-HDM3pFZncEYFDP6umKlxhLitvHQWIiAU&state=-1- HTTP 307
    http://sso.netbarbox.com/zalo/get-login HTTP 302
    https://oauth.zaloapp.com/v4/permission?app_id=1288890651960077628&redirect_uri=https%3A%2F%2Fsso.netbarbox.com%2Fzalo%2Fget-login&code_challenge=loZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ&state=-1- HTTP 302
    https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1- Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
netbarboxtest.site/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://netbarboxtest.site/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.245.107.241 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.241.107.245.188.clients.your-server.de
Software
Apache/2.4.58 (Ubuntu) /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
712
Content-Type
text/html
Date
Mon, 23 Sep 2024 09:03:52 GMT
ETag
"5fc-6223806641840-gzip"
Keep-Alive
timeout=5, max=100
Last-Modified
Mon, 16 Sep 2024 08:04:41 GMT
Server
Apache/2.4.58 (Ubuntu)
Vary
Accept-Encoding
Primary Request login
id.zalo.me/account/
Redirect Chain
  • http://sso.netbarbox.com/zalo/get-login
  • https://sso.netbarbox.com/zalo/get-login
  • https://oauth.zaloapp.com/v4/permission?app_id=1288890651960077628&redirect_uri=https%3A%2F%2Fsso.netbarbox.com%2Fzalo%2Fget-login&code_challenge=cFRwBaAoRz-HDM3pFZncEYFDP6umKlxhLitvHQWIiAU&state=-1-
  • http://sso.netbarbox.com/zalo/get-login
  • https://oauth.zaloapp.com/v4/permission?app_id=1288890651960077628&redirect_uri=https%3A%2F%2Fsso.netbarbox.com%2Fzalo%2Fget-login&code_challenge=loZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ&state=-1-
  • https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-lo...
7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-
Requested by
Host: netbarboxtest.site
URL: https://netbarboxtest.site/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.213.95.230 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
za-ngx-srv /
Resource Hash
7192bf7d6ed20d718a84a77c0c63ecb03a47b8191a9d8de154cfdb5ab7a14963
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:;frame-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

Referer
https://netbarboxtest.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
3129
content-security-policy
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:;frame-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:
date
Mon, 23 Sep 2024 09:03:58 GMT
front_end_https
on
server
za-ngx-srv
strict-transport-security
max-age=86400; includeSubDomains
vary
Accept-Encoding, User-Agent
x-forwarded-proto
https

Redirect headers

access-control-allow-credentials
* true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, secret_key
access-control-allow-origin
* https://oauth.zaloapp.com
content-security-policy
upgrade-insecure-requests; default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zaloapp.com *.zalo.me stc-oauth.zdn.vn stc-sp.zadn.vn *.dropboxapi.com *.google.com *.google-analytics.com *.gstatic.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' *.zaloapp.com stc-sp.zadn.vn stc-oauth.zdn.vn fonts.googleapis.com blob:;font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' *.zalo.me stc-oauth.zdn.vn stc-sp.zadn.vn *.zaloapp.com *.zing.vn *.dropboxapi.com *.google.com *.baomoi.com *.zingtv.vn *.zingmp3.vn blob:; child-src 'self' *.zapps.vn *.baomoi.com *.zingmp3.com *.zingmp3.vn www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.zing.vn stc-sp.zadn.vn stc-oauth.zdn.vn *.zaloapp.com *.soundcloud.com blob:
content-type
text/html;charset=utf-8
date
Mon, 23 Sep 2024 09:03:56 GMT
location
https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-
server
za-ngx-srv
strict-transport-security
max-age=86400; includeSubDomains
main-5.5.4.css
stc-zaloid.zdn.vn/zaloid/client/ 		159 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stc-zaloid.zdn.vn/zaloid/client/main-5.5.4.css
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.213.95.44 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
ATS-5-57 /
Resource Hash
343d675230e9072d975adc39016981c7df03c3a96418b0c1819d74d1761da2e0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://id.zalo.me/

Response headers

content-encoding
gzip
etag
W/"6673eb31-27d41"
age
66333
access-control-allow-origin
*
content-length
30254
date
Sun, 22 Sep 2024 14:38:26 GMT
content-type
text/css
last-modified
Thu, 20 Jun 2024 08:41:21 GMT
server
ATS-5-57
enterprise.js
www.google.com/recaptcha/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js?render=6LcqC0UpAAAAAGWHMScrTGNdbU5jmnu8qPWJRRUM
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
167925d564c3438f96ce6e3ff733a61463a57dd7807a810d107d286a6815f5ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://id.zalo.me/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Mon, 23 Sep 2024 09:03:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Mon, 23 Sep 2024 09:03:58 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
api.js
www.google.com/recaptcha/ 		1 KB
967 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=explicit&hl=vi
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d0827cbda7f73342da4729c401551ba0f66da2320978877437b44425d1ef08f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://id.zalo.me/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Mon, 23 Sep 2024 09:03:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Mon, 23 Sep 2024 09:03:58 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
zcaptcha-sdk-1.0.1.js
zalo-captcha.zdn.vn/sdk/ 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zalo-captcha.zdn.vn/sdk/zcaptcha-sdk-1.0.1.js
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.213.95.44 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
ATS-5-57 /
Resource Hash
542ce96e8eab1fcea551bee2e9846115060e01f9e966cd46f8e54802418f2d18

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://id.zalo.me/

Response headers

content-encoding
gzip
etag
W/"62739689-727b"
age
66333
access-control-allow-origin
*
content-length
11116
date
Sun, 22 Sep 2024 14:38:26 GMT
content-type
application/javascript
last-modified
Thu, 05 May 2022 09:19:05 GMT
server
ATS-5-57
main-5.5.4.js
stc-zaloid.zdn.vn/zaloid/client/ 		557 KB
194 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stc-zaloid.zdn.vn/zaloid/client/main-5.5.4.js
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.213.95.44 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
ATS-5-57 /
Resource Hash
e9baf518841d2227278e773db2ee0237d13f8a79b0c79c7896bbe60a49521554

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://id.zalo.me/

Response headers

content-encoding
gzip
etag
W/"6673eb31-8b366"
age
66333
access-control-allow-origin
*
content-length
198116
date
Sun, 22 Sep 2024 14:38:27 GMT
content-type
application/javascript
last-modified
Thu, 20 Jun 2024 08:41:21 GMT
server
ATS-5-57
recaptcha__de.js
www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/ 		541 KB
214 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LcqC0UpAAAAAGWHMScrTGNdbU5jmnu8qPWJRRUM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7ad2666cfdc2495ef3849d47ea1144f4a493efffa9aeeb4448e60488aec66d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://id.zalo.me
Referer
https://id.zalo.me/

Response headers

content-encoding
gzip
age
160289
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Sun, 21 Sep 2025 12:32:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 21 Sep 2024 12:32:30 GMT
last-modified
Tue, 03 Sep 2024 02:00:38 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
219302
x-xss-protection
0
server
sffe
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://id.zalo.me/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
content-encoding
gzip
age
6237
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Mon, 23 Sep 2024 09:20:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
date
Mon, 23 Sep 2024 07:20:02 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
server
Golfe2
vary
Accept-Encoding
recaptcha__vi.js
www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/ 		541 KB
215 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__vi.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&hl=vi
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7412afb97a954cf97aab50ef848673df09c3421e31babf030a78f1ff6c8a038
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://id.zalo.me
Referer
https://id.zalo.me/

Response headers

content-encoding
gzip
age
200889
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Sun, 21 Sep 2025 01:15:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 21 Sep 2024 01:15:50 GMT
last-modified
Tue, 03 Sep 2024 02:00:38 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
219879
x-xss-protection
0
server
sffe
collect
www.google-analytics.com/j/ 		15 B
217 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1452539609&t=pageview&_s=1&dl=https%3A%2F%2Fid.zalo.me%2Faccount%2Flogin%3Fcontinue%3Dhttps%253A%252F%252Foauth.zaloapp.com%252Fv4%252Fpermission%253Fapp_id%253D1288890651960077628%2526redirect_uri%253Dhttps%25253A%25252F%25252Fsso.netbarbox.com%25252Fzalo%25252Fget-login%2526code_challenge%253DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%2526state%253D-1-&ul=de-de&de=UTF-8&dt=%C4%90%C4%83ng%20nh%E1%BA%ADp%20t%C3%A0i%20kho%E1%BA%A3n%20Zalo&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=519558322&gjid=1874103375&cid=557340901.1727082240&tid=UA-118505750-4&_gid=457221030.1727082240&_r=1&_slc=1&z=1851188997
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
ee8be5f3220c4054e3ef01c194094ddcb0303fa9bf0059486e2a1411c3f8529e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://id.zalo.me/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://id.zalo.me
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
date
Mon, 23 Sep 2024 09:04:00 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
server
Golfe2
js
www.googletagmanager.com/gtag/ 		0
0
anchor
www.google.com/recaptcha/api2/ Frame B621 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcqC0UpAAAAAGWHMScrTGNdbU5jmnu8qPWJRRUM&co=aHR0cHM6Ly9pZC56YWxvLm1lOjQ0Mw..&hl=de&v=EGbODne6buzpTnWrrBprcfAY&size=invisible&cb=7metnxj17597
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-6GR_hhuRF3CkeCndhJqXrg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://id.zalo.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-6GR_hhuRF3CkeCndhJqXrg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Mon, 23 Sep 2024 09:04:00 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
zlogo.png
stc-zaloid.zdn.vn/zaloid/client/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stc-zaloid.zdn.vn/zaloid/client/images/zlogo.png
Requested by
Host: stc-zaloid.zdn.vn
URL: https://stc-zaloid.zdn.vn/zaloid/client/main-5.5.4.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.213.95.44 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
ATS-5-57 /
Resource Hash
f1d8885b81a1dc1ce2121998b9d631296be8827d4de641886fcd888e0743a12b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://stc-zaloid.zdn.vn/zaloid/client/main-5.5.4.css

Response headers

etag
"6673eb31-12e2"
age
66333
accept-ranges
bytes
access-control-allow-origin
*
content-length
4834
date
Sun, 22 Sep 2024 14:38:27 GMT
content-type
image/png
last-modified
Thu, 20 Jun 2024 08:41:21 GMT
server
ATS-5-57
logininfo
id.zalo.me/account/ 		110 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id.zalo.me/account/logininfo
Requested by
Host: stc-zaloid.zdn.vn
URL: https://stc-zaloid.zdn.vn/zaloid/client/main-5.5.4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.213.95.230 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
za-ngx-srv /
Resource Hash
2fe7d2a6660b933c136f68ef70b295cdd21667a9f6e4a20b5dc1e8df74a2f405
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:;frame-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-

Response headers

strict-transport-security
max-age=86400; includeSubDomains
content-security-policy
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:;frame-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:
cache-control
private, no-store, no-cache, must-revalidate
x-forwarded-proto
https
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE, HEAD
front_end_https
on
expires
Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin
https://id.zalo.me
content-length
110
date
Mon, 23 Sep 2024 09:04:00 GMT
content-type
application/json;charset=utf-8
server
za-ngx-srv
verify-client
id.zalo.me/account/ 		72 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id.zalo.me/account/verify-client
Requested by
Host: stc-zaloid.zdn.vn
URL: https://stc-zaloid.zdn.vn/zaloid/client/main-5.5.4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.213.95.230 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
za-ngx-srv /
Resource Hash
634cb972745f278ba83b1a51de035bfff297b9f5a1d72a0c01312b34bda6ca04
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:;frame-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-

Response headers

strict-transport-security
max-age=86400; includeSubDomains
content-security-policy
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:;frame-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:
cache-control
private, no-store, no-cache, must-revalidate
x-forwarded-proto
https
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE, HEAD
front_end_https
on
expires
Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin
https://id.zalo.me
content-length
72
date
Mon, 23 Sep 2024 09:04:00 GMT
content-type
application/json;charset=utf-8
server
za-ngx-srv
generate
id.zalo.me/account/authen/qr/ 		8 KB
9 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id.zalo.me/account/authen/qr/generate
Requested by
Host: stc-zaloid.zdn.vn
URL: https://stc-zaloid.zdn.vn/zaloid/client/main-5.5.4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.213.95.230 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
za-ngx-srv /
Resource Hash
a70469f158a0ac3d947e387469e3dd0aab1995865c7f7b0004ab8b19807f8180
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:;frame-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-

Response headers

strict-transport-security
max-age=86400; includeSubDomains
content-security-policy
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:;frame-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:
cache-control
private, no-store, no-cache, must-revalidate
x-forwarded-proto
https
pragma
no-cache
front_end_https
on
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
7686
date
Mon, 23 Sep 2024 09:04:01 GMT
content-type
application/json;charset=utf-8
server
za-ngx-srv
favicon.png
stc-zaloid.zdn.vn/zaloid/client/images/ 		6 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://stc-zaloid.zdn.vn/zaloid/client/images/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.213.95.44 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
ATS-5-57 /
Resource Hash
15556d64388319a42ffa8a357cbdf41aebadf73b704a550df9e8f3526cdaa095

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://id.zalo.me/

Response headers

etag
"6673eb31-1857"
age
66334
accept-ranges
bytes
access-control-allow-origin
*
content-length
6231
date
Sun, 22 Sep 2024 14:38:27 GMT
content-type
image/png
last-modified
Thu, 20 Jun 2024 08:41:21 GMT
server
ATS-5-57
waiting-scan
id.zalo.me/account/authen/qr/ 		0
0
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9dbc793be9c78c77ad65041f5b43cab7290aae7bbbfeb797d853cffef2f13922

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
verify-client
id.zalo.me/account/ 		72 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id.zalo.me/account/verify-client
Requested by
Host: stc-zaloid.zdn.vn
URL: https://stc-zaloid.zdn.vn/zaloid/client/main-5.5.4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.213.95.230 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
za-ngx-srv /
Resource Hash
634cb972745f278ba83b1a51de035bfff297b9f5a1d72a0c01312b34bda6ca04
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:;frame-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://id.zalo.me/account/login?continue=https%3A%2F%2Foauth.zaloapp.com%2Fv4%2Fpermission%3Fapp_id%3D1288890651960077628%26redirect_uri%3Dhttps%253A%252F%252Fsso.netbarbox.com%252Fzalo%252Fget-login%26code_challenge%3DloZrykVia7hpiOdNzcjwi8rarZ4F3BUQrFBtR8BgjOQ%26state%3D-1-

Response headers

strict-transport-security
max-age=86400; includeSubDomains
content-security-policy
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:;frame-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com blob:
cache-control
private, no-store, no-cache, must-revalidate
x-forwarded-proto
https
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE, HEAD
front_end_https
on
expires
Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin
https://id.zalo.me
content-length
72
date
Mon, 23 Sep 2024 09:04:04 GMT
content-type
application/json;charset=utf-8
server
za-ngx-srv

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtag/js?id=G-3EM8ZPYYN3&cx=c&_slc=1
Domain
id.zalo.me
URL
https://id.zalo.me/account/authen/qr/waiting-scan

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| getAppConfig object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client string| GoogleAnalyticsObject function| ga object| ZCaptcha object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer object| recaptcha object| closure_lm_620234 object| core function| setImmediate function| clearImmediate object| regeneratorRuntime function| _ object| recaptchaComponent

7 Cookies

Domain/Path Name / Value
sso.netbarbox.com/ Name: PHPSESSID
Value: f7ah7rm6p9r4acuab9qs9spj6n
.id.zalo.me/ Name: zpdid
Value: 4X7zabVmhZKJ5vQQKV36D1mNavbHyCCo
.zalo.me/ Name: _ga
Value: GA1.2.557340901.1727082240
.zalo.me/ Name: _gid
Value: GA1.2.457221030.1727082240
.zalo.me/ Name: _gat
Value: 1
.zalo.me/ Name: _zlang
Value: vn
.id.zalo.me/ Name: zlogin_session
Value: kW4JGLyjCnIxFnDDLXTbH-Tj0q1N66L2usKTK0fOQrge9mvT1bjhMQWa3bm6M6bV8dq

1 Console Messages

Source Level URL
Text
security error URL: https://www.google-analytics.com/analytics.js(Line 23)
Message:
Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-3EM8ZPYYN3&cx=c&_slc=1' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.officialaccount.me *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

id.zalo.me
netbarboxtest.site
oauth.zaloapp.com
sso.netbarbox.com
stc-zaloid.zdn.vn
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
zalo-captcha.zdn.vn
id.zalo.me
www.googletagmanager.com
13.32.27.67
188.245.107.241
2001:4860:4802:36::178
2001:df0:1a:1010::1004
2a00:1450:4001:80b::2003
2a00:1450:4001:81d::2004
49.213.95.230
49.213.95.44
15556d64388319a42ffa8a357cbdf41aebadf73b704a550df9e8f3526cdaa095
167925d564c3438f96ce6e3ff733a61463a57dd7807a810d107d286a6815f5ea
2fe7d2a6660b933c136f68ef70b295cdd21667a9f6e4a20b5dc1e8df74a2f405
343d675230e9072d975adc39016981c7df03c3a96418b0c1819d74d1761da2e0
542ce96e8eab1fcea551bee2e9846115060e01f9e966cd46f8e54802418f2d18
634cb972745f278ba83b1a51de035bfff297b9f5a1d72a0c01312b34bda6ca04
7192bf7d6ed20d718a84a77c0c63ecb03a47b8191a9d8de154cfdb5ab7a14963
9dbc793be9c78c77ad65041f5b43cab7290aae7bbbfeb797d853cffef2f13922
a70469f158a0ac3d947e387469e3dd0aab1995865c7f7b0004ab8b19807f8180
a7ad2666cfdc2495ef3849d47ea1144f4a493efffa9aeeb4448e60488aec66d3
d0827cbda7f73342da4729c401551ba0f66da2320978877437b44425d1ef08f2
d7412afb97a954cf97aab50ef848673df09c3421e31babf030a78f1ff6c8a038
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e9baf518841d2227278e773db2ee0237d13f8a79b0c79c7896bbe60a49521554
ee8be5f3220c4054e3ef01c194094ddcb0303fa9bf0059486e2a1411c3f8529e
f1d8885b81a1dc1ce2121998b9d631296be8827d4de641886fcd888e0743a12b