urlscan.io logo urlscan.io
SecurityTrails logo

asset.nacc.go.th Open in urlscan Pro
110.164.176.105  Public Scan

Go To Rescan Add Verdict Report
URL: https://asset.nacc.go.th/ods-app
Submission Tags: falconsandbox
Submission: On February 24 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 110.164.176.105, located in Pathum Thani, Thailand and belongs to TTBP-AS-AP Triple T Broadband Public Company Limited, TH. The main domain is asset.nacc.go.th.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 8th 2022. Valid for: a year.
This is the only time asset.nacc.go.th was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 110.164.176.105 45758 (TTBP-AS-A...)
8 1
Apex Domain
Subdomains		 Transfer
8 nacc.go.th
asset.nacc.go.th
8 MB
8 1
Domain Requested by
8 asset.nacc.go.th asset.nacc.go.th
8 1

This site contains links to these domains. Also see Links.

Domain
www.nacc.go.th
Subject Issuer Validity Valid
*.nacc.go.th
Sectigo RSA Domain Validation Secure Server CA		 2022-06-08 -
2023-06-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://asset.nacc.go.th/ods-app
Frame ID: 842540CD5A8E731EB4EDE84634188381
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Online Declaration System (ODS)

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

7855 kB
Transfer

7848 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ods-app
asset.nacc.go.th/ 		41 KB
43 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://asset.nacc.go.th/ods-app
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.164.176.105 Pathum Thani, Thailand, ASN45758 (TTBP-AS-AP Triple T Broadband Public Company Limited, TH),
Reverse DNS
mx-ll-110.164.176-105.static.3bb.co.th
Software
/
Resource Hash
304ad0206fd39a8c8da8f417c2454bb7d3e13bed51aaacd6ab499efe312a9b6a
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, must-revalidate
Connection
keep-alive
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
Content-Type
text/html; charset=UTF-8
Date
Fri, 24 Feb 2023 03:08:30 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
expires
-1
pragma
no-cache
app.css
asset.nacc.go.th/ods-asset/css/ 		2 MB
2 MB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://asset.nacc.go.th/ods-asset/css/app.css?id=ce68b8c921705a1e7e7ca154987d6d8c
Requested by
Host: asset.nacc.go.th
URL: https://asset.nacc.go.th/ods-app
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.164.176.105 Pathum Thani, Thailand, ASN45758 (TTBP-AS-AP Triple T Broadband Public Company Limited, TH),
Reverse DNS
mx-ll-110.164.176-105.static.3bb.co.th
Software
/
Resource Hash
e562aaf92fa2c907428d848b1852f1f3c0e10d584cf374604761e794f1a0bf77
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://asset.nacc.go.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Fri, 24 Feb 2023 03:08:30 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Last-Modified
Fri, 30 Sep 2022 20:50:36 GMT
Strict-Transport-Security
max-age=31536000
ETag
"6337569c-1bf918"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1833240
X-XSS-Protection
1; mode=block
custom.css
asset.nacc.go.th/ods-asset/css/ 		6 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://asset.nacc.go.th/ods-asset/css/custom.css
Requested by
Host: asset.nacc.go.th
URL: https://asset.nacc.go.th/ods-app
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.164.176.105 Pathum Thani, Thailand, ASN45758 (TTBP-AS-AP Triple T Broadband Public Company Limited, TH),
Reverse DNS
mx-ll-110.164.176-105.static.3bb.co.th
Software
/
Resource Hash
d58a5c553a3eca75cb25d9971d12ba1f6aa471d1faad8b51c48d93bd3ced4c87
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://asset.nacc.go.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Fri, 24 Feb 2023 03:08:31 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Last-Modified
Mon, 21 Nov 2022 17:58:41 GMT
Strict-Transport-Security
max-age=31536000
ETag
"637bbc51-19d9"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6617
X-XSS-Protection
1; mode=block
app.js
asset.nacc.go.th/ods-asset/js/ 		6 MB
6 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://asset.nacc.go.th/ods-asset/js/app.js?id=82bd37045e3ee267ac176ff0636a42bb
Requested by
Host: asset.nacc.go.th
URL: https://asset.nacc.go.th/ods-app
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.164.176.105 Pathum Thani, Thailand, ASN45758 (TTBP-AS-AP Triple T Broadband Public Company Limited, TH),
Reverse DNS
mx-ll-110.164.176-105.static.3bb.co.th
Software
/
Resource Hash
5cab7e17bb1bbc200b1d310c87cbf8f17f6d5e264804aa154719536daa0d3925
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://asset.nacc.go.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Fri, 24 Feb 2023 03:08:31 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Last-Modified
Mon, 05 Dec 2022 16:59:28 GMT
Strict-Transport-Security
max-age=31536000
ETag
"638e2370-5bf1d5"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6025685
X-XSS-Protection
1; mode=block
reload-captcha
asset.nacc.go.th/ods-app/ 		76 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://asset.nacc.go.th/ods-app/reload-captcha
Requested by
Host: asset.nacc.go.th
URL: https://asset.nacc.go.th/ods-asset/js/app.js?id=82bd37045e3ee267ac176ff0636a42bb
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.164.176.105 Pathum Thani, Thailand, ASN45758 (TTBP-AS-AP Triple T Broadband Public Company Limited, TH),
Reverse DNS
mx-ll-110.164.176-105.static.3bb.co.th
Software
/
Resource Hash
8062fd10ed86e3a71417a78aaeeb1fea61beec24e46e0f84b844229beb7e092b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://asset.nacc.go.th/
X-XSRF-TOKEN
eyJpdiI6InR5Q3hPZ29mVnRvbVcvWTJZMkdCMUE9PSIsInZhbHVlIjoiZGdXQ1NqNXZsbFY4R0NOZmlRald3WEFvN1NMc3JUSHNXaytJblZZbHIrdTMyYXZzVEFjZU4rVXZYalE1WlFGdGl2Vk9Yc01oTU9uUGxFOFcyc3VzTW1RK3FyLytTL2piS2g3MlpZdGJZTDIweDRnTDhrcW9hSEZUS0hWN1ZYc1AiLCJtYWMiOiI1NTMzNDk1NWRlYzA3Y2RjZjc1YjQ1NDMxNGNjYTVkYzkxYzExYzRhYTgyOWViZDFkYzQ1MTVhYTVjZTIwOGJlIiwidGFnIjoiIn0=
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
Date
Fri, 24 Feb 2023 03:08:40 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Cache-Control
private, must-revalidate
Connection
keep-alive
X-XSS-Protection
1; mode=block
expires
-1
Sarabun-Regular.ttf
asset.nacc.go.th/ods-asset/fonts/Sarabun/ 		81 KB
82 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://asset.nacc.go.th/ods-asset/fonts/Sarabun/Sarabun-Regular.ttf
Requested by
Host: asset.nacc.go.th
URL: https://asset.nacc.go.th/ods-asset/css/custom.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.164.176.105 Pathum Thani, Thailand, ASN45758 (TTBP-AS-AP Triple T Broadband Public Company Limited, TH),
Reverse DNS
mx-ll-110.164.176-105.static.3bb.co.th
Software
/
Resource Hash
2b067a15dbdf1d9f1732e457fe279676793710eb718e83a7cf25d76580265bca
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://asset.nacc.go.th/
Origin
https://asset.nacc.go.th
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Fri, 24 Feb 2023 03:08:40 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Last-Modified
Fri, 30 Sep 2022 20:50:41 GMT
Strict-Transport-Security
max-age=31536000
ETag
"633756a1-14448"
X-Frame-Options
SAMEORIGIN
Content-Type
application/octet-stream
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
83016
X-XSS-Protection
1; mode=block
nacc.png
asset.nacc.go.th/ods-asset/media/logos/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://asset.nacc.go.th/ods-asset/media/logos/nacc.png
Requested by
Host: asset.nacc.go.th
URL: https://asset.nacc.go.th/ods-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.164.176.105 Pathum Thani, Thailand, ASN45758 (TTBP-AS-AP Triple T Broadband Public Company Limited, TH),
Reverse DNS
mx-ll-110.164.176-105.static.3bb.co.th
Software
/
Resource Hash
1c0851408ad3457f6d4164a748363a5b9bad8e2cd868fda280da5c6048f27e3e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://asset.nacc.go.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Fri, 24 Feb 2023 03:08:40 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Last-Modified
Fri, 30 Sep 2022 20:51:50 GMT
Strict-Transport-Security
max-age=31536000
ETag
"633756e6-8f9d"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
36765
X-XSS-Protection
1; mode=block
default
asset.nacc.go.th/ods-app/captcha/ 		8 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://asset.nacc.go.th/ods-app/captcha/default?RIILvKwI
Requested by
Host: asset.nacc.go.th
URL: https://asset.nacc.go.th/ods-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.164.176.105 Pathum Thani, Thailand, ASN45758 (TTBP-AS-AP Triple T Broadband Public Company Limited, TH),
Reverse DNS
mx-ll-110.164.176-105.static.3bb.co.th
Software
/
Resource Hash
edefeb5ec425203f2d986e0718f2f984219b01cb0ddcc591eb3b1c3402d7d63f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://asset.nacc.go.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma
no-cache
Date
Fri, 24 Feb 2023 03:08:40 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
private, must-revalidate
Connection
keep-alive
Content-Length
8668
X-XSS-Protection
1; mode=block
expires
-1

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| route object| webpackChunk object| TreemapSquared function| SVG function| addResizeListener function| removeResizeListener object| Apex function| ApexCharts object| KTUtilElementDataStore number| KTUtilElementDataStoreID object| KTUtilDelegatedEventHandlers object| KTUtil function| KTCard object| KTCookie function| KTDialog function| KTHeader function| KTImageInput function| KTMenu function| KTOffcanvas function| KTScrolltop function| KTToggle function| KTWizard object| KTLayoutAside object| KTLayoutContent object| KTLayoutFooter object| KTLayoutStickyCard object| KTLayoutStretchedCard object| KTLayoutSubheader object| KTLayoutChat object| KTLayoutExamples object| KTLayoutQuickActions object| KTLayoutQuickCartPanel object| KTLayoutQuickNotifications object| KTLayoutQuickPanel object| KTLayoutQuickSearch object| KTLayoutQuickUser object| KTLayoutScrolltop function| KTLayoutSearch function| _ function| Popper function| jQuery function| $ function| axios function| PerfectScrollbar function| ClipboardJS function| JSEncrypt

2 Cookies

Domain/Path Name / Value
asset.nacc.go.th/ Name: XSRF-TOKEN
Value: eyJpdiI6Im5IWGppOG1HRXhRQ3dVZWNzV3lGQmc9PSIsInZhbHVlIjoiVDNKZlZyRlorSXpnMS9FUkZMeWUwZXVsWHY0azJxVDY2SWk2QXhVTWZqaHN2TGxWZStNZWRuWFFEYm5NdTFZMytWU1JuckpNdEVkRFYrM1lpWi9xMHp5aVRaS0Z5VW03UlByVWlkemQ1a1grQnErN0VYQjBFT2ozUXlFSklScEQiLCJtYWMiOiJjYTAwNzBjNzM5ZTJkYTQ5MTgxZGRiMTdjNWU5ZWE2MDRkNjY4YWU4ZTlhZjFiNmM2YzFkZDA1NjJlZjBkNGRhIiwidGFnIjoiIn0%3D
asset.nacc.go.th/ Name: online_declaration_system_ods_session
Value: eyJpdiI6IkNQRjY0VlJJMnZEaDFyZGMrajA4UFE9PSIsInZhbHVlIjoiUDQ0cHBCMEkwNmc4YmkvdDllMkR5dUhyd1d2L1ZoWnJmWm1TNFh0dHlId2ZnRzZpTmIxTFRZQTMwNjV4K3VRTjFDNTl1RGlIdW9CQUtMU1Npbzh3RzE1UC9jZFArdUNLU3ZJRVNQNXZZRjNtZ2lCamRIRHhISVYrMFJIc0VDUkEiLCJtYWMiOiI3NWE1NzIxMDQ3OGRlZTIxYWU5NzY0YzE1NGY0MzQ0YzNhMzg0YmM5NjQxOTAwMzNhNjdmOGMyNDEwNzM5MTJjIiwidGFnIjoiIn0%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; base-uri 'self';worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block