urlscan.io logo urlscan.io
SecurityTrails logo

chat.zalo.me Open in urlscan Pro
49.213.114.128  Public Scan

Go To Rescan Add Verdict Report
URL: https://chat.zalo.me/
Submission: On March 20 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 49.213.114.128, located in Thanh, Viet Nam and belongs to VNNIC-AS-VN Trung tam VNNIC, VN. The main domain is chat.zalo.me.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 29th 2016. Valid for: 3 years.
This is the only time chat.zalo.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 49.213.114.128 38244 (VNNIC-AS-...)
4 118.102.6.53 38244 (VNNIC-AS-...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
8 4
Domain Requested by
4 zalo-chat-static.zadn.vn chat.zalo.me
zalo-chat-static.zadn.vn
2 apis.google.com chat.zalo.me
apis.google.com
1 content.googleapis.com apis.google.com
1 chat.zalo.me
8 4

This site contains no links.

Subject Issuer Validity Valid
*.zalo.me
DigiCert SHA2 Secure Server CA		 2016-06-29 -
2019-07-10		 3 years crt.sh
*.zadn.vn
DigiCert SHA2 Secure Server CA		 2017-03-14 -
2020-03-20		 3 years crt.sh
*.apis.google.com
Google Internet Authority G3		 2019-03-01 -
2019-05-24		 3 months crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-03-01 -
2019-05-24		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://chat.zalo.me/
Frame ID: 023434E9831E05D9FF72A567DFFB7E64
Requests: 7 HTTP requests in this frame

Frame: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.RR1Fnv77nNk.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCP8LmHRJECrSLoMF7IB9UfF8xYF0g%2Fm%3D__features__
Frame ID: 699A74BE1E1BC6B10C5536F9429E13A9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /apis\.google\.com\/js\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • env /^webpackJsonp$/i

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

2656 kB
Transfer

8444 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
chat.zalo.me/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://chat.zalo.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
49.213.114.128 Thanh, Viet Nam, ASN38244 (VNNIC-AS-VN Trung tam VNNIC, VN),
Reverse DNS
Software
nginx /
Resource Hash
417d44bd4c86a3daeb61f1b3e84af20f00d14396bdaf7afce9fee579325528a8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zadn.vn *.dropboxapi.com *.google.com www.google-analytics.com; style-src 'self' 'unsafe-inline' *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.dropboxapi.com *.google.com blob:; child-src 'self' *.zapps.vn *.baomoi.com *.zingmp3.com *.zingmp3.vn www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.zing.vn *.zdn.vn *.zadn.vn *.zaloapp.com *.soundcloud.com *.live.com blob:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Xss-Protection 1

Request headers

:method
GET
:authority
chat.zalo.me
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
server
nginx
date
Wed, 20 Mar 2019 01:17:02 GMT
content-type
text/html
content-length
1800
last-modified
Mon, 11 Mar 2019 04:37:59 GMT
vary
Accept-Encoding
etag
"5c85e627-708"
accept-ranges
bytes
strict-transport-security
max-age=31536000; includeSubdomains;
access-control-allow-credentials
true
x-xss-protection
1
content-security-policy
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zadn.vn *.dropboxapi.com *.google.com www.google-analytics.com; style-src 'self' 'unsafe-inline' *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.dropboxapi.com *.google.com blob:; child-src 'self' *.zapps.vn *.baomoi.com *.zingmp3.com *.zingmp3.vn www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.zing.vn *.zdn.vn *.zadn.vn *.zaloapp.com *.soundcloud.com *.live.com blob:
bundle.c66f27e346f344f89b2a16c1e4e34ee2.css
zalo-chat-static.zadn.vn/ 		742 KB
253 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zalo-chat-static.zadn.vn/bundle.c66f27e346f344f89b2a16c1e4e34ee2.css
Requested by
Host: chat.zalo.me
URL: https://chat.zalo.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
118.102.6.53 Thanh, Viet Nam, ASN38244 (VNNIC-AS-VN Trung tam VNNIC, VN),
Reverse DNS
ptr.vng.vn
Software
Universe /
Resource Hash
c7784966e450d021149ddc7b2f71d6284a2925bb5dfb2b6d3969cbd024c002ba

Request headers

Referer
https://chat.zalo.me/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 20 Mar 2019 01:17:03 GMT
Content-Encoding
gzip
Last-Modified
Wed, 20 Mar 2019 01:17:03 GMT
Server
Universe
Age
764562
ETag
W/"5c85e627-b99af"
X-Cache-Status
HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000,no-transform
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
259136
Expires
Tue, 18 Jun 2019 01:17:03 GMT
api.js
apis.google.com/js/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/api.js
Requested by
Host: chat.zalo.me
URL: https://chat.zalo.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:806::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
7acb35ed3a4dd84a3a4e4ae5e8e4211e7e18f2a8296685993f90551958b36862
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://chat.zalo.me/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 20 Mar 2019 01:17:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
script-src 'report-sample' 'nonce-J2MwLR/2kCUQBVWgdm+A3Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
strict-transport-security
max-age=31536000
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"77df06ecaa2a3e7d00f51e2bee292d91"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin
*
expires
Wed, 20 Mar 2019 01:17:02 GMT
main.1216322cdd8783c6f97b.js
zalo-chat-static.zadn.vn/ 		7 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://zalo-chat-static.zadn.vn/main.1216322cdd8783c6f97b.js
Requested by
Host: chat.zalo.me
URL: https://chat.zalo.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
118.102.6.53 Thanh, Viet Nam, ASN38244 (VNNIC-AS-VN Trung tam VNNIC, VN),
Reverse DNS
ptr.vng.vn
Software
Universe /
Resource Hash
1dd7bf9d550e18d8423499ef2dac4dc4b3851b455ab05999f4eec893eda8ee50

Request headers

Referer
https://chat.zalo.me/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 20 Mar 2019 01:17:03 GMT
Content-Encoding
gzip
Last-Modified
Wed, 20 Mar 2019 01:17:03 GMT
Server
Universe
Age
764562
ETag
W/"5c85e627-7014ea"
X-Cache-Status
HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000,no-transform
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
2279779
Expires
Tue, 18 Jun 2019 01:17:03 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.RR1Fnv77nNk.O/m=auth2,client/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCP8LmHRJECrSLoMF7IB9UfF8xYF0g/ 		281 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.RR1Fnv77nNk.O/m=auth2,client/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCP8LmHRJECrSLoMF7IB9UfF8xYF0g/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:806::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
87a0587b393d7259f52c95dc7a828ccbba761e0f7b3b6c27046f1d93cb8224c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://chat.zalo.me/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 19 Mar 2019 17:58:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 18 Mar 2019 17:49:51 GMT
server
sffe
age
26326
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
99616
x-xss-protection
1; mode=block
expires
Wed, 18 Mar 2020 17:58:18 GMT
vi.de0167c32398df8e7db851e0a37d69a1.json
zalo-chat-static.zadn.vn/ 		126 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://zalo-chat-static.zadn.vn/vi.de0167c32398df8e7db851e0a37d69a1.json
Requested by
Host: zalo-chat-static.zadn.vn
URL: https://zalo-chat-static.zadn.vn/main.1216322cdd8783c6f97b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
118.102.6.53 Thanh, Viet Nam, ASN38244 (VNNIC-AS-VN Trung tam VNNIC, VN),
Reverse DNS
ptr.vng.vn
Software
Universe /
Resource Hash
06eac89af521c99a7cf89eb4d031453f63f0dda33bc0f0bb928773872c2f9b6b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://chat.zalo.me/
Origin
https://chat.zalo.me

Response headers

Date
Wed, 20 Mar 2019 01:17:08 GMT
Content-Encoding
gzip
Last-Modified
Wed, 20 Mar 2019 01:17:08 GMT
Server
Universe
Age
1538871
ETag
W/"5c79ebf7-1f90e"
X-Cache-Status
HIT
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000,no-transform
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
37630
Expires
Tue, 18 Jun 2019 01:17:08 GMT
en.7be0b132b1a9e16f2a8d8e33521ef75b.json
zalo-chat-static.zadn.vn/ 		107 KB
34 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://zalo-chat-static.zadn.vn/en.7be0b132b1a9e16f2a8d8e33521ef75b.json
Requested by
Host: zalo-chat-static.zadn.vn
URL: https://zalo-chat-static.zadn.vn/main.1216322cdd8783c6f97b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
118.102.6.53 Thanh, Viet Nam, ASN38244 (VNNIC-AS-VN Trung tam VNNIC, VN),
Reverse DNS
ptr.vng.vn
Software
Universe /
Resource Hash
ef6f761e8dde53be2362746d542bbf9ae19899e852ea9dff2b278fd938080a51

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://chat.zalo.me/
Origin
https://chat.zalo.me

Response headers

Date
Wed, 20 Mar 2019 01:17:08 GMT
Content-Encoding
gzip
Last-Modified
Wed, 20 Mar 2019 01:17:08 GMT
Server
Universe
Age
1538870
ETag
W/"5c79ebf7-1abb5"
X-Cache-Status
HIT
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000,no-transform
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
33913
Expires
Tue, 18 Jun 2019 01:17:08 GMT
proxy.html
content.googleapis.com/static/ Frame 699A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.RR1Fnv77nNk.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCP8LmHRJECrSLoMF7IB9UfF8xYF0g%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.RR1Fnv77nNk.O/m=auth2,client/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCP8LmHRJECrSLoMF7IB9UfF8xYF0g/cb=gapi.loaded_0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:825::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
content.googleapis.com
:scheme
https
:path
/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.RR1Fnv77nNk.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCP8LmHRJECrSLoMF7IB9UfF8xYF0g%2Fm%3D__features__
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://chat.zalo.me/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://chat.zalo.me/

Response headers

status
200
etag
"jPPOW4jzLiz7064SsD-BPb_1-OI/vsDri9EBVJ01h5kEeKwg__kEPNo"
content-type
text/html; charset=UTF-8
expires
Wed, 20 Mar 2019 01:17:07 GMT
date
Wed, 20 Mar 2019 01:17:07 GMT
cache-control
private, max-age=86400
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
258
server
GSE
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| handleClientLoad function| initClient object| gapi object| ___jsl object| osapi object| gadgets object| shindig object| pos object| googleapis object| iframer function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| __gapi_jstiming__ function| webpackJsonp

0 Cookies

1 Console Messages

Source Level URL
Text
console-api log URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.RR1Fnv77nNk.O/m=auth2,client/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCP8LmHRJECrSLoMF7IB9UfF8xYF0g/cb=gapi.loaded_0(Line 79)
Message:
client_id and scope must both be provided to initialize OAuth.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zadn.vn *.dropboxapi.com *.google.com www.google-analytics.com; style-src 'self' 'unsafe-inline' *.zadn.vn *.zdn.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.dropboxapi.com *.google.com blob:; child-src 'self' *.zapps.vn *.baomoi.com *.zingmp3.com *.zingmp3.vn www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.zing.vn *.zdn.vn *.zadn.vn *.zaloapp.com *.soundcloud.com *.live.com blob:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Xss-Protection 1