urlscan.io logo urlscan.io
SecurityTrails logo

abag.dapay.info Open in urlscan Pro
118.99.30.208  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://abag.dapay.info/
Effective URL: https://abag.dapay.info/index.php?route=account/login
Submission: On February 03 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 118.99.30.208, located in Central, Hong Kong and belongs to FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK. The main domain is abag.dapay.info.
TLS certificate: Issued by R3 on February 3rd 2021. Valid for: 3 months.
This is the only time abag.dapay.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 118.99.30.208 38186 (FTG-AS-AP...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
9 3
Apex Domain
Subdomains		 Transfer
8 dapay.info
abag.dapay.info
293 KB
1 gstatic.com
fonts.gstatic.com
98 KB
1 googleapis.com
fonts.googleapis.com
466 B
9 3
Domain Requested by
8 abag.dapay.info 1 redirects abag.dapay.info
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com abag.dapay.info
9 3

This site contains no links.

Subject Issuer Validity Valid
abag.dapay.info
R3		 2021-02-03 -
2021-05-04		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-01-05 -
2021-03-30		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2021-01-19 -
2021-04-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://abag.dapay.info/index.php?route=account/login
Frame ID: 9D2710275E5633D21FFA63A6F797E29F
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://abag.dapay.info/ HTTP 302
    https://abag.dapay.info/index.php?route=account/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

9
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

391 kB
Transfer

506 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://abag.dapay.info/ HTTP 302
    https://abag.dapay.info/index.php?route=account/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set index.php
abag.dapay.info/
Redirect Chain
  • https://abag.dapay.info/
  • https://abag.dapay.info/index.php?route=account/login
3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://abag.dapay.info/index.php?route=account/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
118.99.30.208 Central, Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software
nginx /
Resource Hash
4730fc57a6c864a2c7efd9d98dfc02476b49f0773060abe49ed66a27a0a4510c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
abag.dapay.info
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
OCSESSID=d686a1d94d20d271d3a85e5812; language=zh-cn; currency=rmb
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Wed, 03 Feb 2021 09:12:56 GMT
Content-Type
text/html; charset=utf-8
Connection
close
Vary
Accept-Encoding
Set-Cookie
OCSESSID=d686a1d94d20d271d3a85e5812; path=/
X-XSS-Protection
1; mode=block
X-Frame-Options
SAMEORIGIN
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Wed, 03 Feb 2021 09:12:55 GMT
Content-Type
text/html; charset=UTF-8
Connection
close
Set-Cookie
OCSESSID=d686a1d94d20d271d3a85e5812; path=/ language=zh-cn; expires=Fri, 05-Mar-2021 09:12:55 GMT; Max-Age=2592000; path=/; domain=abag.dapay.info currency=rmb; expires=Fri, 05-Mar-2021 09:12:55 GMT; Max-Age=2592000; path=/; domain=abag.dapay.info
Location
https://abag.dapay.info/index.php?route=account/login
X-XSS-Protection
1; mode=block
X-Frame-Options
SAMEORIGIN
icon
fonts.googleapis.com/ 		574 B
466 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: abag.dapay.info
URL: https://abag.dapay.info/index.php?route=account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
79badf5d90265492a34381241a85b38131c6400dd115aae01b3299ec5d11b3f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://abag.dapay.info/index.php?route=account/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 03 Feb 2021 09:12:56 GMT
server
ESF
date
Wed, 03 Feb 2021 09:12:56 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 03 Feb 2021 09:12:56 GMT
materialize.min.css
abag.dapay.info/catalog/view/javascript/materialize/css/ 		139 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://abag.dapay.info/catalog/view/javascript/materialize/css/materialize.min.css
Requested by
Host: abag.dapay.info
URL: https://abag.dapay.info/index.php?route=account/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
118.99.30.208 Central, Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software
nginx /
Resource Hash
3b079a3ff21ceabb15fa5cac7f24b887e2cceac470b8eddeb9361fafa335db88
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://abag.dapay.info/index.php?route=account/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 09:12:57 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Sun, 09 Sep 2018 13:53:48 GMT
Server
nginx
ETag
W/"5b9525ec-22a11"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Connection
close
X-XSS-Protection
1; mode=block
styles.css
abag.dapay.info/catalog/view/javascript/materialize/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://abag.dapay.info/catalog/view/javascript/materialize/css/styles.css?v=9
Requested by
Host: abag.dapay.info
URL: https://abag.dapay.info/index.php?route=account/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
118.99.30.208 Central, Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software
nginx /
Resource Hash
c862c1aaba2feb92aa7dd6d6731be517ad1e75d939d6e469a2d8c3f069c3f411
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://abag.dapay.info/index.php?route=account/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 09:12:57 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Tue, 27 Oct 2020 06:04:48 GMT
Server
nginx
ETag
W/"5f97b880-6bd"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Connection
close
X-XSS-Protection
1; mode=block
prism.css
abag.dapay.info/catalog/view/javascript/materialize/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://abag.dapay.info/catalog/view/javascript/materialize/css/prism.css
Requested by
Host: abag.dapay.info
URL: https://abag.dapay.info/index.php?route=account/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
118.99.30.208 Central, Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software
nginx /
Resource Hash
c6b3158a248820ce8a422077086782ba8c959b387b7aed17cc2a7307e5bd4a06
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://abag.dapay.info/index.php?route=account/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 09:12:57 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Tue, 13 Oct 2020 07:32:44 GMT
Server
nginx
ETag
W/"5f85581c-9b0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Connection
close
X-XSS-Protection
1; mode=block
jquery-2.1.1.min.js
abag.dapay.info/catalog/view/javascript/jquery/ 		82 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://abag.dapay.info/catalog/view/javascript/jquery/jquery-2.1.1.min.js
Requested by
Host: abag.dapay.info
URL: https://abag.dapay.info/index.php?route=account/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
118.99.30.208 Central, Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software
nginx /
Resource Hash
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://abag.dapay.info/index.php?route=account/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 09:12:57 GMT
Last-Modified
Tue, 16 Jun 2020 05:38:32 GMT
Server
nginx
ETag
"5ee85ad8-14915"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
84245
X-XSS-Protection
1; mode=block
materialize.min.js
abag.dapay.info/catalog/view/javascript/materialize/js/ 		177 KB
177 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://abag.dapay.info/catalog/view/javascript/materialize/js/materialize.min.js
Requested by
Host: abag.dapay.info
URL: https://abag.dapay.info/index.php?route=account/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
118.99.30.208 Central, Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software
nginx /
Resource Hash
f5a59995b708bcd4a76f805669462514d1b294d7935942ffc9f7d6ff70db93fa
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://abag.dapay.info/index.php?route=account/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 09:12:57 GMT
Last-Modified
Sun, 09 Sep 2018 13:53:48 GMT
Server
nginx
ETag
"5b9525ec-2c37a"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
181114
X-XSS-Protection
1; mode=block
materializedatetimepicker.js
abag.dapay.info/catalog/view/javascript/materialize/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://abag.dapay.info/catalog/view/javascript/materialize/js/materializedatetimepicker.js
Requested by
Host: abag.dapay.info
URL: https://abag.dapay.info/index.php?route=account/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
118.99.30.208 Central, Hong Kong, ASN38186 (FTG-AS-AP Forewin Telecom Group Limited, ISP at, HK),
Reverse DNS
Software
nginx /
Resource Hash
501a2fcf6453ed317ff5b1232e832f806c704d787427f44f6c8e7e68f6eaab35
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://abag.dapay.info/index.php?route=account/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Feb 2021 09:12:57 GMT
Last-Modified
Tue, 13 Oct 2020 07:55:38 GMT
Server
nginx
ETag
"5f855d7a-f42"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=60
Content-Length
3906
X-XSS-Protection
1; mode=block
flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
fonts.gstatic.com/s/materialicons/v76/ 		98 KB
98 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v76/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
49ed6881b7532f6fd5a5714d27dc4beb4354ae8f54132cd77340dd1b149e4c98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://abag.dapay.info
Referer
https://fonts.googleapis.com/icon?family=Material+Icons
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Feb 2021 00:43:28 GMT
x-content-type-options
nosniff
last-modified
Tue, 02 Feb 2021 00:27:36 GMT
server
sffe
age
116970
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
99932
x-xss-protection
0
expires
Wed, 02 Feb 2022 00:43:28 GMT

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| _get function| _createClass function| _possibleConstructorReturn function| _inherits function| _classCallCheck function| Component function| docHandleKeydown function| docHandleKeyup function| docHandleFocus function| docHandleBlur function| getTime object| $jscomp object| $jscomp$this function| cash object| M object| Waves object| MaterialDateTimePicker

3 Cookies

Domain/Path Name / Value
.abag.dapay.info/ Name: currency
Value: rmb
.abag.dapay.info/ Name: language
Value: zh-cn
abag.dapay.info/ Name: OCSESSID
Value: d686a1d94d20d271d3a85e5812

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block