urlscan.io logo urlscan.io
SecurityTrails logo

www.lp-pao.go.th Open in urlscan Pro
2606:4700:3036::ac43:8afe  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Submission: On October 26 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3036::ac43:8afe, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.lp-pao.go.th.
TLS certificate: Issued by WE1 on October 25th 2024. Valid for: 3 months.
This is the only time www.lp-pao.go.th was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online) Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
2 13 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
14 5
Apex Domain
Subdomains		 Transfer
13 lp-pao.go.th
www.lp-pao.go.th
71 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 683
7 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220
5 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 412
31 KB
14 4
Domain Requested by
13 www.lp-pao.go.th 2 redirects www.lp-pao.go.th
static.cloudflareinsights.com
1 static.cloudflareinsights.com www.lp-pao.go.th
1 cdnjs.cloudflare.com www.lp-pao.go.th
1 ajax.googleapis.com www.lp-pao.go.th
14 4

This site contains no links.

Subject Issuer Validity Valid
lp-pao.go.th
WE1		 2024-10-25 -
2025-01-23		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh
cloudflareinsights.com
WE1		 2024-09-03 -
2024-12-02		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Frame ID: 6E04CD370458AF2AD4F249C0A2A3789E
Requests: 17 HTTP requests in this frame

Frame: https://www.lp-pao.go.th/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/main.js
Frame ID: AAF72ED2AEEB84E22212E2A0C30A1AE3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Outlook Web App

Page URL History Show full URLs

  1. https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php Page URL
  2. https://www.lp-pao.go.th/cdn-cgi/phish-bypass?atok=nZcTg55kN3xsA4xryylDZ4FwAY1TFXaIeEROzqj4O8A-172991... HTTP 301
    https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

93 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

113 kB
Transfer

273 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php Page URL
  2. https://www.lp-pao.go.th/cdn-cgi/phish-bypass?atok=nZcTg55kN3xsA4xryylDZ4FwAY1TFXaIeEROzqj4O8A-1729913934-0.0.1.1-%2FMain60%2Fadministrator%2Fcache%2Fcom_languages%2Fconfig%2Flogin.php HTTP 301
    https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://www.lp-pao.go.th/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://www.lp-pao.go.th/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/main.js

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
login.php
www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:8afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1210db05b5784d073a4b3c469e7f633a925c3d418af70a3b6ecd018b78e96a05
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cf-ray
8d876a8838a7dbb5-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 26 Oct 2024 03:38:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wYNK5XviDH4p0qOkiFkCAotIB%2FjWfE2BCR51Evtb%2Bv8zhFveSJ%2By7%2F6ijLGkd3OyqOG%2FFTKacd6q9fNjboM%2BOPaXLZ1DGZDcNPtrnGPDwgyZUiUV8%2Fho3RgpQcWYUzTOmZOgWBLsXvfGwz3q6xZx"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
www.lp-pao.go.th/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.lp-pao.go.th/cdn-cgi/styles/cf.errors.css
Requested by
Host: www.lp-pao.go.th
URL: https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:8afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php

Response headers

vary
Accept-Encoding
cache-control
max-age=7200, public
content-encoding
gzip
etag
W/"67180f5f-5df3"
x-content-type-options
nosniff
cf-ray
8d876a8858cbdbb5-FRA
expires
Sat, 26 Oct 2024 05:38:54 GMT
date
Sat, 26 Oct 2024 03:38:54 GMT
content-type
text/css
last-modified
Tue, 22 Oct 2024 20:47:27 GMT
server
cloudflare
x-frame-options
DENY
icon-exclamation.png
www.lp-pao.go.th/cdn-cgi/images/ 		452 B
634 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.lp-pao.go.th/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: www.lp-pao.go.th
URL: https://www.lp-pao.go.th/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:8afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lp-pao.go.th/cdn-cgi/styles/cf.errors.css

Response headers

vary
Accept-Encoding
cache-control
max-age=7200, public
etag
"67180f5f-1c4"
x-content-type-options
nosniff
cf-ray
8d876a8868e7dbb5-FRA
expires
Sat, 26 Oct 2024 05:38:54 GMT
accept-ranges
bytes
content-length
452
date
Sat, 26 Oct 2024 03:38:54 GMT
content-type
image/png
last-modified
Tue, 22 Oct 2024 20:47:27 GMT
server
cloudflare
x-frame-options
DENY
favicon.ico
www.lp-pao.go.th/ 		278 B
858 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.lp-pao.go.th/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:8afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
855b4e79ac7d80ee53ef7ce53cd2411fa3c6af76bc1589dff8a72f569a006ab5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
EXPIRED
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2BKHfKQdoG1%2BBVEfwneO1bJrMVRsSMBlmo%2FN3PWUwrGehTv2twsOY35b83sEgr4WsKiNY5c267vGpfTijzqqV5%2FfXSmCqHcFWe7Tbcu%2FnED2%2BitICnTGaFe1GIpk5R1Aq39yfxYKnbs2JHXGCfq%2B"}],"group":"cf-nel","max_age":604800}
cf-ray
8d876a888900dbb5-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7280&sent=23&recv=15&lost=0&retrans=0&sent_bytes=12031&recv_bytes=5692&delivery_rate=55425&cwnd=12000&unsent_bytes=0&cid=b1e30d8f19c09c67&ts=468&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 03:38:54 GMT
content-type
text/html; charset=iso-8859-1
vary
Accept-Encoding
server
cloudflare
priority
u=1,i
Primary Request login.php
www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/
Redirect Chain
  • https://www.lp-pao.go.th/cdn-cgi/phish-bypass?atok=nZcTg55kN3xsA4xryylDZ4FwAY1TFXaIeEROzqj4O8A-1729913934-0.0.1.1-%2FMain60%2Fadministrator%2Fcache%2Fcom_languages%2Fconfig%2Flogin.php
  • https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
37 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:8afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e483a1752454c09385e89e21fe816784e0c601670da3b08293a9459c9ed5e9b

Request headers

Referer
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8d876a9e9d95dbb5-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 26 Oct 2024 03:38:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T0%2FECU8%2F2YyA2VCN3dD7OKY1s4EymzNpFjetauEKHBS1Gv82QuVI0PCPSNi6Or3zrwAzNQ7Diz9Y4CcV5732VeJxWjUbpivXs7VtT3mrdQri65PUfS57msi8j8MRoUh1VnTtHjo%2BErzG7D70U6zA"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfCacheStatus;desc="DYNAMIC" cfL4;desc="?proto=QUIC&rtt=8424&sent=28&recv=20&lost=0&retrans=0&sent_bytes=13485&recv_bytes=6963&delivery_rate=923&cwnd=12000&unsent_bytes=0&cid=b1e30d8f19c09c67&ts=3988&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding

Redirect headers

cache-control
private, no-cache
cf-ray
8d876a9e7d75dbb5-FRA
content-length
167
content-type
text/html
date
Sat, 26 Oct 2024 03:38:57 GMT
location
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: www.lp-pao.go.th
URL: https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lp-pao.go.th/

Response headers

content-encoding
gzip
age
299110
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 16:33:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 16:33:48 GMT
last-modified
Mon, 13 May 2019 14:37:17 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
30774
x-xss-protection
0
server
sffe
aes.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js
Requested by
Host: www.lp-pao.go.th
URL: https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.lp-pao.go.th
Referer
https://www.lp-pao.go.th/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03e2d-3430"
age
205548
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F2s5kUxGGs4vcgydVx0IZTVmuFM5g92Py%2FXejVCR40wndWJ3W9SPaRAX%2F5kkM0NddKrBZlZbfzWvIqNg4rz40Lstd%2F3rimSqqYteKri36HRNhVbNUPmtkCeu1EBCfXPMB5aAgcQioT6RVHYfLuCfdlE%2B"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Thu, 16 Oct 2025 03:38:58 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 26 Oct 2024 03:38:58 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 May 2020 16:09:17 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8d876aa13b8ad390-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
4256
server
cloudflare
validate.js
www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/js/validate.js
Requested by
Host: www.lp-pao.go.th
URL: https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:8afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05592e0a7c6cc9206edd62e7ccfa2ffaa2ddc4c063e89d713e7c9be43bac3ba4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"bc0-6254a0b05c8c0-gzip"
age
6828
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tl98TNPFFJn%2FqM4m1OktwkOtTt5rGUCEF%2FMl3h3Ol4b8uoa7QPp%2FV1hGPq7ztb21pWM7yo6CLt7ImPasmqFCi8UYmw3GNCu9H4%2FXKcTA3Wn5IpiAPOQ8cSywDeh4%2FGiFA5mqhUhHm3GUaxMWxpPU"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7224&sent=40&recv=26&lost=0&retrans=0&sent_bytes=25505&recv_bytes=7650&delivery_rate=1952508&cwnd=12000&unsent_bytes=0&cid=b1e30d8f19c09c67&ts=4009&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 03:38:58 GMT
content-type
application/javascript
last-modified
Fri, 25 Oct 2024 09:50:03 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d876aa128b8dbb5-FRA
accept-ranges
bytes
content-length
1099
server
cloudflare
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
segoeui-regular.ttf
www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/fonts/ 		55 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/fonts/segoeui-regular.ttf
Requested by
Host: www.lp-pao.go.th
URL: https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:8afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.lp-pao.go.th
Referer
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"ddb8-6254a0b05c8c0"
age
6827
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BuFlmGDcB06lI4wCRRFj4yu2gDEP7PavZz%2Fpmq%2F3BMHeJnKAA%2BECmngUuuI5BFCGWA4AEUkktGwhG8YpdqC2nDJpMZBhHpmjjwF2p%2FnUI%2BqaVLmCl7nBtvZjqGNUpWko0g1SIGVWLW4GUXLDBFHT"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6788&sent=51&recv=32&lost=0&retrans=0&sent_bytes=34765&recv_bytes=8357&delivery_rate=1179848&cwnd=12000&unsent_bytes=0&cid=b1e30d8f19c09c67&ts=4194&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 03:38:58 GMT
content-type
font/ttf
last-modified
Fri, 25 Oct 2024 09:50:03 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d876aa24a23dbb5-FRA
server
cloudflare
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: www.lp-pao.go.th
URL: https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.lp-pao.go.th
Referer
https://www.lp-pao.go.th/

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
8d876aa27d11d2d6-FRA
access-control-allow-origin
*
date
Sat, 26 Oct 2024 03:38:58 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
main.js
www.lp-pao.go.th/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/ Frame AAF7
Redirect Chain
  • https://www.lp-pao.go.th/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://www.lp-pao.go.th/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lp-pao.go.th/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/main.js?
Protocol
H3
Server
2606:4700:3036::ac43:8afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dad74dc663192c316cc6474c589dcade34d84151b73b152e26ce09fb924e6489
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OD4fnlXRlLPBdVCHKE%2B8wyIYvLch2x0oW7qcgy6pYkH8PPc%2BcDwc0NqrqIxqYxoIMdsOM14FB0nbUa3kyh9n%2BUPaTIUemHoJIugRRW4Ig5WYlC9%2B0w%2B%2BaQg5NZgwKk7iB9VlrHN8tMvj%2BIwmTj9K"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8d876aa2baa7dbb5-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7290&sent=87&recv=53&lost=0&retrans=0&sent_bytes=71360&recv_bytes=12843&delivery_rate=59237&cwnd=24000&unsent_bytes=0&cid=b1e30d8f19c09c67&ts=4255&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 03:38:58 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/main.js?
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=McT96du%2FI9JtXNZRkRNNODAm6Ma0qcd3mTBMrG7XFSBSCphdh272wV9ff7FhKqbtURp%2BCZ0KD6CqPvuGwuywOn5bgLF8rwBuhTOmOV3vX8kPpkAeqPkGgr6VdF%2B16jwpgxJUPDrYPjRaUgNFXUeL"}],"group":"cf-nel","max_age":604800}
cf-ray
8d876aa2aa82dbb5-FRA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
server-timing
cfL4;desc="?proto=QUIC&rtt=7211&sent=84&recv=52&lost=0&retrans=0&sent_bytes=70454&recv_bytes=12452&delivery_rate=1349543&cwnd=24000&unsent_bytes=0&cid=b1e30d8f19c09c67&ts=4241&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 03:38:58 GMT
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0
rum
www.lp-pao.go.th/cdn-cgi/ 		0
142 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.lp-pao.go.th/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:8afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type
application/json
Referer
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
POST,OPTIONS
x-content-type-options
nosniff
cf-ray
8d876aa2aa88dbb5-FRA
access-control-allow-origin
https://www.lp-pao.go.th
date
Sat, 26 Oct 2024 03:38:58 GMT
vary
Origin
server
cloudflare
x-frame-options
DENY
favicon.ico
www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/ 		8 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:8afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"1ece-6254a0b05c8c0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aLxCW5bsFzOfDnTexMzMQAMy%2Fjg9xWEfzL86OqBjq%2FzQSbE8OquyGgMniWuQuc%2FwlzCBx3kxOnQoWORFX91gmONeJ5n67YcgbaPVas%2FXxhp52Z0SEvQjJlqAYTaVpMqaAUDD%2FR0EJGcFWg7zUBKN"}],"group":"cf-nel","max_age":604800}
cf-ray
8d876aa2aa8adbb5-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7063&sent=94&recv=72&lost=0&retrans=0&sent_bytes=77116&recv_bytes=30335&delivery_rate=27298&cwnd=24000&unsent_bytes=0&cid=b1e30d8f19c09c67&ts=4651&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 26 Oct 2024 03:38:58 GMT
content-type
image/vnd.microsoft.icon
last-modified
Fri, 25 Oct 2024 09:50:03 GMT
vary
Accept-Encoding
priority
u=1,i
8d876a9e9d95dbb5
www.lp-pao.go.th/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame AAF7 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.lp-pao.go.th/cdn-cgi/challenge-platform/h/b/jsd/r/8d876a9e9d95dbb5
Requested by
Host: www.lp-pao.go.th
URL: https://www.lp-pao.go.th/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:8afe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FZBXTrJgjb2NbBtMfUGSSYrdG7pyqqVUFl4n%2Bz18XPzoGjCUBHaQBlLdxgycZ5TSVjRZaPSMOMoRdlxO3REJb02TU8u7hc8AvBCxdHUeCmzavkEPClgyIgU0RQQFV6XEpALZkdAauyCg8X5GGd94"}],"group":"cf-nel","max_age":604800}
cf-ray
8d876aa33b3ddbb5-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7027&sent=93&recv=71&lost=0&retrans=0&sent_bytes=75939&recv_bytes=30290&delivery_rate=364374&cwnd=24000&unsent_bytes=0&cid=b1e30d8f19c09c67&ts=4340&x=1", cfExtPri, cfHdrFlush;dur=0
content-length
0
date
Sat, 26 Oct 2024 03:38:58 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
priority
u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online) Generic Cloudflare (Online)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery object| CryptoJS function| verifchamp function| verifemail function| definevars function| verifall function| checkvars function| verifallinfo function| SubForm object| __cfBeacon

2 Cookies

Domain/Path Name / Value
.www.lp-pao.go.th/ Name: __cf_mw_byp
Value: nZcTg55kN3xsA4xryylDZ4FwAY1TFXaIeEROzqj4O8A-1729913934-0.0.1.1-/Main60/administrator/cache/com_languages/config/login.php
.lp-pao.go.th/ Name: cf_clearance
Value: dqjqaLsv46sNsDlSGaCUXQQzJZKwXX9ZJIQy04whfKY-1729913938-1.2.1.1-wZFZxaM6rVx3YKdLcSdyG7ffU4Nf5t09pSyxQQUhSfrOTqi7sAn2Iy2_OGXBEVCGM8YcPcTOz5rhTYl7wC8N.iG3.t72A1IZkW3gUYkLvEfXZMMe1Mx2_qvyEiA_CHvbzjVpdhMq9iNAc_AwADDSL9VvsBIt9l7RXncgL82qAqBAUm5W3V3GSB6zG5a3kbogt7r_gu_Jb3JpRQEmCzUoDPBDxvnxgRj4Qc32sbz0_ReOoXI2DjHMgbVuRCdAmylLknBNMkIi1ZNdYu68RE38qtQ230zA3pI3ew1UhI_lK1D_qt6W7DjPlLTT9vMUcO1b51Y08g18zmSWkT99HlB_AwxlzR2ggqqTn1s3bIEtf8uiHibG4y0YnlQvaLtDY2_w

3 Console Messages

Source Level URL
Text
network error URL: https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.lp-pao.go.th/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation verbose URL: https://www.lp-pao.go.th/Main60/administrator/cache/com_languages/config/login.php
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
static.cloudflareinsights.com
www.lp-pao.go.th
2606:4700:3036::ac43:8afe
2606:4700::6810:4f49
2606:4700::6811:190e
2a00:1450:4001:82a::200a
05592e0a7c6cc9206edd62e7ccfa2ffaa2ddc4c063e89d713e7c9be43bac3ba4
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
1210db05b5784d073a4b3c469e7f633a925c3d418af70a3b6ecd018b78e96a05
3e483a1752454c09385e89e21fe816784e0c601670da3b08293a9459c9ed5e9b
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a
6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
855b4e79ac7d80ee53ef7ce53cd2411fa3c6af76bc1589dff8a72f569a006ab5
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
dad74dc663192c316cc6474c589dcade34d84151b73b152e26ce09fb924e6489
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a