Submitted URL: http://sp.zalo.me/
Effective URL: https://id.zalo.me/account?continue=https://chat.zalo.me
Submission: On June 17 via manual from IN

Summary

This website contacted 8 IPs in 3 countries across 7 domains to perform 16 HTTP transactions. The main IP is 49.213.114.131, located in Viet Nam and belongs to VINAGAME-AS-VN VNG Corporation, VN. The main domain is id.zalo.me.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on September 16th 2019. Valid for: 2 years.
This is the only time id.zalo.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 49.213.114.132 38244 (VINAGAME-...)
1 4 49.213.114.131 38244 (VINAGAME-...)
4 120.138.69.12 38244 (VINAGAME-...)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 120.138.69.5 38244 (VINAGAME-...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 49.213.114.149 38244 (VINAGAME-...)
16 8
Domain Requested by
4 stc.sp.zdn.vn id.zalo.me
4 id.zalo.me 1 redirects stc.sp.zdn.vn
3 www.google.com id.zalo.me
www.gstatic.com
2 www.google-analytics.com id.zalo.me
1 za.zalo.me stc.za.zaloapp.com
1 maxcdn.bootstrapcdn.com stc.sp.zdn.vn
1 www.gstatic.com www.google.com
1 stc.za.zaloapp.com id.zalo.me
1 sp.zalo.me 1 redirects
16 9

This site contains links to these domains. Also see Links.

Domain
zalo.me
mp3.zing.vn
tv.zing.vn
zing.vn
baomoi.com
Subject Issuer Validity Valid
*.zalo.me
DigiCert SHA2 Secure Server CA
2019-09-16 -
2021-07-24
2 years crt.sh
*.zdn.vn
DigiCert SHA2 Secure Server CA
2019-07-04 -
2021-09-01
2 years crt.sh
www.google.com
GTS CA 1O1
2020-05-26 -
2020-08-18
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-05-26 -
2020-08-18
3 months crt.sh
*.zaloapp.com
DigiCert SHA2 Secure Server CA
2019-12-10 -
2022-01-19
2 years crt.sh
*.gstatic.com
GTS CA 1O1
2020-05-26 -
2020-08-18
3 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA
2019-09-14 -
2020-10-13
a year crt.sh

This page contains 2 frames:

Primary Page: https://id.zalo.me/account?continue=https://chat.zalo.me
Frame ID: 294A30FB006A72C395F779A1FE3ABA9F
Requests: 15 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lec6KEUAAAAAM6uytRwkKAzSNMvv7AhMWthwsmf&co=aHR0cHM6Ly9pZC56YWxvLm1lOjQ0Mw..&hl=vi&v=oqtdXEs9TE9ZUAIhXNz5JBt_&size=invisible&cb=uc5doyc013al
Frame ID: 481DD2CDBED44D8C2DD70CAE5B502A52
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://sp.zalo.me/ HTTP 302
    https://id.zalo.me/ HTTP 302
    https://id.zalo.me/account?continue=https://chat.zalo.me Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

16
Requests

100 %
HTTPS

44 %
IPv6

7
Domains

9
Subdomains

8
IPs

3
Countries

407 kB
Transfer

1048 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sp.zalo.me/ HTTP 302
    https://id.zalo.me/ HTTP 302
    https://id.zalo.me/account?continue=https://chat.zalo.me Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request account
id.zalo.me/
Redirect Chain
  • http://sp.zalo.me/
  • https://id.zalo.me/
  • https://id.zalo.me/account?continue=https://chat.zalo.me
7 KB
3 KB
Document
General
Full URL
https://id.zalo.me/account?continue=https://chat.zalo.me
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
49.213.114.131 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
za-ngx-srv /
Resource Hash
e84d02c2149763541551abfcb87e0dd29dd6e0c67293597c5274379a388995e9
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

:method
GET
:authority
id.zalo.me
:scheme
https
:path
/account?continue=https://chat.zalo.me
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
zpdid=41FybrppeZWUUVIJKfwdF11uyPOnDpG
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Wed, 17 Jun 2020 18:08:34 GMT
content-length
2733
set-cookie
_zlang=;Path=/;Domain=zalo.me;Expires=Thu, 18-Jun-2020 18:08:34 GMT;Max-Age=86400 _zlang=vn;Path=/;Domain=zalo.me;Expires=Thu, 18-Jun-2020 18:08:34 GMT;Max-Age=86400 _zlang=;Path=/;Domain=zalo.me;Expires=Thu, 18-Jun-2020 18:08:34 GMT;Max-Age=86400 _zlang=vn;Path=/;Domain=zalo.me;Expires=Thu, 18-Jun-2020 18:08:34 GMT;Max-Age=86400 _zlang=;Path=/;Domain=zalo.me;Expires=Thu, 18-Jun-2020 18:08:34 GMT;Max-Age=86400 _zlang=vn;Path=/;Domain=zalo.me;Expires=Thu, 18-Jun-2020 18:08:34 GMT;Max-Age=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT
vary
Accept-Encoding, User-Agent
content-encoding
gzip
server
za-ngx-srv
x-forwarded-proto
https
front_end_https
on
strict-transport-security
max-age=86400; includeSubDomains

Redirect headers

status
302
date
Wed, 17 Jun 2020 18:08:34 GMT
location
https://id.zalo.me/account?continue=https://chat.zalo.me
set-cookie
zpdid=41FybrppeZWUUVIJKfwdF11uyPOnDpG; Path=/; Max-Age=157680000; Domain=id.zalo.me; HttpOnly; Secure; SameSite=Strict
server
za-ngx-srv
x-forwarded-proto
https
front_end_https
on
strict-transport-security
max-age=86400; includeSubDomains
main-5.1.6.css
stc.sp.zdn.vn/zaloid/client/
159 KB
30 KB
Stylesheet
General
Full URL
https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.css
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account?continue=https://chat.zalo.me
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
120.138.69.12 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
ptr.vng.vn
Software
ZDN /
Resource Hash
2a97b024f23c2435319b426925d3b79a08d8e2749bd278f1bebc1012bd265d20

Request headers

Referer
https://id.zalo.me/account?continue=https://chat.zalo.me
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Jun 2020 18:08:35 GMT
content-encoding
gzip
last-modified
Fri, 15 May 2020 08:47:58 GMT
server
ZDN
age
2883052
etag
W/"5ebe573e-27b97"
x-cache-status
HIT
status
200
content-type
text/css
access-control-allow-origin
*
content-length
30313
api.js
www.google.com/recaptcha/
676 B
538 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?render=explicit&hl=vi
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account?continue=https://chat.zalo.me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
8a66c569f33315953f574296943a21b5a9e2995684564ddd36f29cfa4911d6ee
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://id.zalo.me/account?continue=https://chat.zalo.me
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Jun 2020 18:08:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
447
x-xss-protection
1; mode=block
expires
Wed, 17 Jun 2020 18:08:34 GMT
api.js
www.google.com/recaptcha/
708 B
544 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?render=6Lec6KEUAAAAAM6uytRwkKAzSNMvv7AhMWthwsmf&hl=vi
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account?continue=https://chat.zalo.me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d2eb1c9c5b3fb3079a442e3d7aa347077b5807d452be625b2a43a9e39ec9dc8a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://id.zalo.me/account?continue=https://chat.zalo.me
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Jun 2020 18:08:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
476
x-xss-protection
1; mode=block
expires
Wed, 17 Jun 2020 18:08:34 GMT
main-5.1.6.js
stc.sp.zdn.vn/zaloid/client/
393 KB
134 KB
Script
General
Full URL
https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account?continue=https://chat.zalo.me
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
120.138.69.12 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
ptr.vng.vn
Software
ZDN /
Resource Hash
2305fed2316a56e2fbefd7fb985ef2039d2627750ef3d8cc30ef81843f28a68f

Request headers

Referer
https://id.zalo.me/account?continue=https://chat.zalo.me
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Jun 2020 18:08:35 GMT
content-encoding
gzip
last-modified
Mon, 15 Jun 2020 07:38:21 GMT
server
ZDN
age
209060
etag
W/"5ee7256d-624d4"
x-cache-status
HIT
status
200
content-type
application/javascript
access-control-allow-origin
*
content-length
136537
analytics.js
www.google-analytics.com/
45 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account?continue=https://chat.zalo.me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://id.zalo.me/account?continue=https://chat.zalo.me
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
5337
date
Wed, 17 Jun 2020 16:39:38 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Wed, 17 Jun 2020 18:39:38 GMT
za.js
stc.za.zaloapp.com/v3/
40 KB
14 KB
Script
General
Full URL
https://stc.za.zaloapp.com/v3/za.js?18430
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account?continue=https://chat.zalo.me
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
120.138.69.5 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
ptr.vng.vn
Software
nginx /
Resource Hash
277c5203248d7b0588421e17dcf709d4e7112b7d240f012ca94a59c6733dc3af
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

Referer
https://id.zalo.me/account?continue=https://chat.zalo.me
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Jun 2020 18:08:36 GMT
content-encoding
gzip
last-modified
Fri, 15 May 2020 03:24:16 GMT
server
nginx
age
7519
etag
W/"5ebe0b60-a00c"
strict-transport-security
max-age=86400; includeSubDomains
content-type
application/javascript
status
200
cache-control
max-age=300
access-control-allow-origin
*
content-length
14116
expires
Wed, 17 Jun 2020 18:13:36 GMT
recaptcha__vi.js
www.gstatic.com/recaptcha/releases/oqtdXEs9TE9ZUAIhXNz5JBt_/
324 KB
126 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/oqtdXEs9TE9ZUAIhXNz5JBt_/recaptcha__vi.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&hl=vi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b588cd7195c24ce918f330181491b0baf80f77dafa2acd107f63afd2caf4fdd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://id.zalo.me/account?continue=https://chat.zalo.me
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 15 Jun 2020 17:02:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 15 Jun 2020 04:05:48 GMT
server
sffe
age
176791
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128944
x-xss-protection
0
expires
Tue, 15 Jun 2021 17:02:04 GMT
collect
www.google-analytics.com/r/
35 B
99 B
Image
General
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j83&a=324006470&t=pageview&_s=1&dl=https%3A%2F%2Fid.zalo.me%2Faccount%3Fcontinue%3Dhttps%3A%2F%2Fchat.zalo.me&ul=en-us&de=UTF-8&dt=%C4%90%C4%83ng%20nh%E1%BA%ADp%20b%E1%BA%B1ng%20t%C3%A0i%20kho%E1%BA%A3n%20Zalo&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=784781417&gjid=727981614&cid=911610139.1592417316&tid=UA-118505750-4&_gid=132448854.1592417316&_r=1&z=16807492
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account?continue=https://chat.zalo.me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://id.zalo.me/account?continue=https://chat.zalo.me
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Jun 2020 18:08:35 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
anchor
www.google.com/recaptcha/api2/ Frame 481D
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lec6KEUAAAAAM6uytRwkKAzSNMvv7AhMWthwsmf&co=aHR0cHM6Ly9pZC56YWxvLm1lOjQ0Mw..&hl=vi&v=oqtdXEs9TE9ZUAIhXNz5JBt_&size=invisible&cb=uc5doyc013al
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/oqtdXEs9TE9ZUAIhXNz5JBt_/recaptcha__vi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-NPjZe0j8irtUbPBZZm8q0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6Lec6KEUAAAAAM6uytRwkKAzSNMvv7AhMWthwsmf&co=aHR0cHM6Ly9pZC56YWxvLm1lOjQ0Mw..&hl=vi&v=oqtdXEs9TE9ZUAIhXNz5JBt_&size=invisible&cb=uc5doyc013al
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://id.zalo.me/account?continue=https://chat.zalo.me
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://id.zalo.me/account?continue=https://chat.zalo.me

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 17 Jun 2020 18:08:35 GMT
content-security-policy
script-src 'report-sample' 'nonce-NPjZe0j8irtUbPBZZm8q0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
9522
server
GSE
alt-svc
h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
logininfo
id.zalo.me/login/
131 B
623 B
Fetch
General
Full URL
https://id.zalo.me/login/logininfo
Requested by
Host: stc.sp.zdn.vn
URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
49.213.114.131 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
za-ngx-srv /
Resource Hash
41bb1d569e1cc6030b96abd00598e438869c5ea5437849641dcddc7b3b840331
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

Referer
https://id.zalo.me/account?continue=https://chat.zalo.me
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Jun 2020 18:08:36 GMT
content-encoding
gzip
vary
Accept-Encoding, User-Agent
status
200
x-forwarded-proto
https
content-length
132
pragma
no-cache
server
za-ngx-srv
front_end_https
on
strict-transport-security
max-age=86400; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://id.zalo.me
cache-control
private, no-store, no-cache, must-revalidate
access-control-allow-credentials
true
expires
Thu, 01 Jan 1970 00:00:00 GMT
logo.png
stc.sp.zdn.vn/zaloid/client/images/
5 KB
5 KB
Image
General
Full URL
https://stc.sp.zdn.vn/zaloid/client/images/logo.png
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account?continue=https://chat.zalo.me
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
120.138.69.12 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
ptr.vng.vn
Software
ZDN /
Resource Hash
f1d8885b81a1dc1ce2121998b9d631296be8827d4de641886fcd888e0743a12b

Request headers

Referer
https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Jun 2020 18:08:36 GMT
last-modified
Fri, 03 Apr 2020 07:39:23 GMT
server
ZDN
age
6515952
etag
"5e86e82b-12e2"
x-cache-status
HIT
content-type
image/png
status
200
accept-ranges
bytes
access-control-allow-origin
*
content-length
4834
logos.png
stc.sp.zdn.vn/zaloid/client/images/
3 KB
3 KB
Image
General
Full URL
https://stc.sp.zdn.vn/zaloid/client/images/logos.png
Requested by
Host: id.zalo.me
URL: https://id.zalo.me/account?continue=https://chat.zalo.me
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
120.138.69.12 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
ptr.vng.vn
Software
ZDN /
Resource Hash
fb44d73e7c17d9ec7b523834dcbaf2945a03fa76ba644fa5f6336e796a01649e

Request headers

Referer
https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Jun 2020 18:08:36 GMT
last-modified
Fri, 11 Oct 2019 03:55:53 GMT
server
ZDN
age
4061293
etag
"5d9ffd49-cdd"
x-cache-status
HIT
content-type
image/png
status
200
accept-ranges
bytes
access-control-allow-origin
*
content-length
3293
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/
70 KB
70 KB
Font
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by
Host: stc.sp.zdn.vn
URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.css
Origin
https://id.zalo.me

Response headers

date
Wed, 17 Jun 2020 18:08:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:36:18 GMT
status
200
etag
"1544639778"
vary
Accept-Encoding
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
71903
verify-client
id.zalo.me/account/
72 B
518 B
Fetch
General
Full URL
https://id.zalo.me/account/verify-client
Requested by
Host: stc.sp.zdn.vn
URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
49.213.114.131 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
za-ngx-srv /
Resource Hash
634cb972745f278ba83b1a51de035bfff297b9f5a1d72a0c01312b34bda6ca04
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

Accept
application/json, application/xml, text/plain, text/html, *.*
Referer
https://id.zalo.me/account?continue=https://chat.zalo.me
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

pragma
no-cache
date
Wed, 17 Jun 2020 18:08:36 GMT
server
za-ngx-srv
status
200
front_end_https
on
strict-transport-security
max-age=86400; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://id.zalo.me
cache-control
private, no-store, no-cache, must-revalidate
access-control-allow-credentials
true
x-forwarded-proto
https
content-length
72
expires
Thu, 01 Jan 1970 00:00:00 GMT
_zaf.gif
za.zalo.me/v3/w/
117 B
689 B
XHR
General
Full URL
https://za.zalo.me/v3/w/_zaf.gif
Requested by
Host: stc.za.zaloapp.com
URL: https://stc.za.zaloapp.com/v3/za.js?18430
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
49.213.114.149 , Viet Nam, ASN38244 (VINAGAME-AS-VN VNG Corporation, VN),
Reverse DNS
Software
za-ngx-srv /
Resource Hash
4573a5c9e01e57c25c1e475d1851a496158acaec80603d27d22b7b24187f004d
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubdomains;

Request headers

Referer
https://id.zalo.me/account?continue=https://chat.zalo.me
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 Jun 2020 18:08:37 GMT
server
za-ngx-srv
status
200
strict-transport-security
max-age=86400; includeSubdomains;
content-type
application/json; charset=utf-8
access-control-allow-origin
https://id.zalo.me
access-control-allow-credentials
true
content-length
117
expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| continueUrl string| apiDomain boolean| isActiveReCaptcha object| url object| recaptchaOptions string| GoogleAnalyticsObject function| ga object| _zap object| ZA_q object| ZA object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client string| zprj object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| recaptcha object| closure_lm_168364 object| __core-js_shared__ object| core function| setImmediate function| clearImmediate string| _za_version boolean| D boolean| N boolean| W boolean| z_tpv_ boolean| z_cfb_

6 Cookies

Domain/Path Name / Value
.zalo.me/ Name: __zi
Value: 4000.nwoknu.1592417316617.55453807
.zalo.me/ Name: _gid
Value: GA1.2.132448854.1592417316
.id.zalo.me/ Name: zpdid
Value: 41FybrppeZWUUVIJKfwdF11uyPOnDpG
.zalo.me/ Name: _gat
Value: 1
.zalo.me/ Name: _ga
Value: GA1.2.911610139.1592417316
.zalo.me/ Name: _zlang
Value: vn

47 Console Messages

Source Level URL
Text
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: ==== App ====
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
checkedInfo false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Is trust client false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Using Recaptcha V2
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: Header
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: Logo
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: Footer
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: ==== App ====
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
checkedInfo false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Is trust client false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Using Recaptcha V2
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: ==== App ====
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
checkedInfo false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Is trust client false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Using Recaptcha V2
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: ==== App ====
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
checkedInfo false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Is trust client false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Using Recaptcha V2
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: ==== App ====
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
checkedInfo true
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Is trust client false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Using Recaptcha V2
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: Header
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: LoginPassPage
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: LoginPassForm
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: Flag Selector
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: Button
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: ==== App ====
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
checkedInfo true
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Is trust client false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Using Recaptcha V2
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: Header
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: LoginPassPage
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: LoginPassForm
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: ==== App ====
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
checkedInfo true
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Is trust client false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Using Recaptcha V2
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: LoginPassPage
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: LoginPassForm
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: ==== App ====
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
checkedInfo true
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Is trust client false
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Using Recaptcha V2
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: LoginPassPage
console-api log URL: https://stc.sp.zdn.vn/zaloid/client/main-5.1.6.js(Line 59)
Message:
Render: LoginPassForm

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=86400; includeSubDomains