urlscan.io logo urlscan.io
SecurityTrails logo

backoffice.opalpayment.com Open in urlscan Pro
20.43.132.128  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://backoffice.opalpayment.com/
Effective URL: https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
Submission: On April 18 via automatic, source certstream-suspicious — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 20.43.132.128, located in Singapore and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is backoffice.opalpayment.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 13th 2023. Valid for: a year.
This is the only time backoffice.opalpayment.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 8 20.43.132.128 8075 (MICROSOFT...)
1 2620:1ec:bdf::71 8068 (MICROSOFT...)
2 168.63.242.221 8075 (MICROSOFT...)
9 3
Apex Domain
Subdomains		 Transfer
8 opalpayment.com
backoffice.opalpayment.com
110 KB
3 azure.com
js.monitor.azure.com — Cisco Umbrella Rank: 3331
southeastasia-0.in.applicationinsights.azure.com — Cisco Umbrella Rank: 582345
45 KB
9 2
Domain Requested by
8 backoffice.opalpayment.com 2 redirects backoffice.opalpayment.com
2 southeastasia-0.in.applicationinsights.azure.com js.monitor.azure.com
1 js.monitor.azure.com backoffice.opalpayment.com
9 3

This site contains no links.

Subject Issuer Validity Valid
*.opalpayment.com
Go Daddy Secure Certificate Authority - G2		 2023-02-13 -
2024-03-16		 a year crt.sh
js.monitor.azure.com
Microsoft Azure TLS Issuing CA 01		 2023-03-23 -
2024-03-17		 a year crt.sh
in.applicationinsights.azure.com
Microsoft Azure TLS Issuing CA 05		 2023-02-17 -
2024-02-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
Frame ID: CD1AE6D3FF6813B37AAD4C14A8B0C990
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Opal Payment - Backoffice

Page URL History Show full URLs

  1. https://backoffice.opalpayment.com/ HTTP 302
    https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

89 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

154 kB
Transfer

438 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://backoffice.opalpayment.com/ HTTP 302
    https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://backoffice.opalpayment.com/theme/logo.png HTTP 302
  • https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2Ftheme%2Flogo.png

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login
backoffice.opalpayment.com/Auth/
Redirect Chain
  • https://backoffice.opalpayment.com/
  • https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.43.132.128 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b648d5265a31b3f6e37e38de01531046c233ec9bd1ef32bf5d91ceee7807cf26
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 18 Apr 2023 23:45:18 GMT
pragma
no-cache
request-context
appId=cid-v1:e3cffe73-be9d-4ed2-af59-01f3bcc1d5bc
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-rate-limit-limit
1s
x-rate-limit-remaining
49
x-rate-limit-reset
2023-04-18T23:45:20.0636066Z
x-xss-protection
1; mode=block

Redirect headers

accept-ranges
bytes
cache-control
no-store
content-length
3068
content-type
text/html
date
Tue, 18 Apr 2023 23:45:18 GMT
etag
"1d96147bb794cfc"
last-modified
Tue, 28 Mar 2023 07:34:30 GMT
location
https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
pragma
no-cache
request-context
appId=cid-v1:e3cffe73-be9d-4ed2-af59-01f3bcc1d5bc
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN DENY
x-rate-limit-limit
1s
x-rate-limit-remaining
49
x-rate-limit-reset
2023-04-18T23:45:20.0551792Z
x-xss-protection
1; mode=block
bootstrap.min.css
backoffice.opalpayment.com/lib/bootstrap/dist/css/ 		156 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://backoffice.opalpayment.com/lib/bootstrap/dist/css/bootstrap.min.css
Requested by
Host: backoffice.opalpayment.com
URL: https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.43.132.128 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a05cdabcdcf214838d88cb5f2d6b5f7dbd3efb5d83c59da8b9544666dd1454ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 23:45:18 GMT
content-encoding
gzip
x-rate-limit-limit
1s
x-content-type-options
nosniff
last-modified
Thu, 30 Mar 2023 07:00:22 GMT
x-rate-limit-remaining
49
etag
"1d962d54b9aa81b"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
x-rate-limit-reset
2023-04-18T23:45:20.0784134Z
accept-ranges
bytes
x-xss-protection
1; mode=block
request-context
appId=cid-v1:e3cffe73-be9d-4ed2-af59-01f3bcc1d5bc
site.css
backoffice.opalpayment.com/css/ 		604 B
498 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://backoffice.opalpayment.com/css/site.css
Requested by
Host: backoffice.opalpayment.com
URL: https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.43.132.128 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
52e038c34d27e98745f477b3e72351ae63f15b830ac47bb7cac86079654232b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 23:45:18 GMT
content-encoding
gzip
x-rate-limit-limit
1s
x-content-type-options
nosniff
last-modified
Thu, 30 Mar 2023 07:00:22 GMT
x-rate-limit-remaining
49
etag
"1d962d54b98c55c"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
x-rate-limit-reset
2023-04-18T23:45:20.0791517Z
accept-ranges
bytes
x-xss-protection
1; mode=block
request-context
appId=cid-v1:e3cffe73-be9d-4ed2-af59-01f3bcc1d5bc
jquery.slim.min.js
backoffice.opalpayment.com/lib/jquery/dist/ 		71 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://backoffice.opalpayment.com/lib/jquery/dist/jquery.slim.min.js
Requested by
Host: backoffice.opalpayment.com
URL: https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.43.132.128 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
325bac0cb2483f519180bace7e5510b6c8723f44f04ff4475ec235c161a7421b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 23:45:18 GMT
content-encoding
gzip
x-rate-limit-limit
1s
x-content-type-options
nosniff
last-modified
Thu, 30 Mar 2023 07:00:22 GMT
x-rate-limit-remaining
49
etag
"1d962d54b99ddcd"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
x-rate-limit-reset
2023-04-18T23:45:20.0820907Z
accept-ranges
bytes
x-xss-protection
1; mode=block
request-context
appId=cid-v1:e3cffe73-be9d-4ed2-af59-01f3bcc1d5bc
bootstrap.bundle.min.js
backoffice.opalpayment.com/lib/bootstrap/dist/js/ 		79 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://backoffice.opalpayment.com/lib/bootstrap/dist/js/bootstrap.bundle.min.js
Requested by
Host: backoffice.opalpayment.com
URL: https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.43.132.128 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 23:45:18 GMT
content-encoding
gzip
x-rate-limit-limit
1s
x-content-type-options
nosniff
last-modified
Thu, 30 Mar 2023 07:00:22 GMT
x-rate-limit-remaining
49
etag
"1d962d54b99fc3a"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
x-rate-limit-reset
2023-04-18T23:45:20.0807507Z
accept-ranges
bytes
x-xss-protection
1; mode=block
request-context
appId=cid-v1:e3cffe73-be9d-4ed2-af59-01f3bcc1d5bc
ai.2.min.js
js.monitor.azure.com/scripts/b/ 		118 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.monitor.azure.com/scripts/b/ai.2.min.js
Requested by
Host: backoffice.opalpayment.com
URL: https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::71 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7e6eb5a9a8a048fbc98c8f37e104b59fdd19a077ece48b1ed11e6d4a54f93d38

Request headers

Referer
https://backoffice.opalpayment.com/
Origin
https://backoffice.opalpayment.com
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 23:45:18 GMT
content-encoding
br
x-azure-ref-originshield
0ZyY/ZAAAAADeuqGF10OzQIMAliizgJLLU0lOMjIxMDgwNzE4MDIzAGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
content-md5
unyOJ/DZA0HScX9iyq6ldA==
x-cache
TCP_HIT
x-ms-meta-aijssdksrc
[cdn]/scripts/b/ai.2.8.11.min.js
last-modified
Wed, 15 Mar 2023 18:34:46 GMT
x-ms-meta-aijssdkver
2.8.11
etag
0x8DB2583F3E2030A
x-azure-ref
0jys/ZAAAAADwPH44LcFiRKi7nQCU/sYWU0lOMzBFREdFMDIxMgBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
e847b9df-001e-009a-574c-7271e9000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,x-ms-meta-aijssdksrc,x-ms-meta-aijssdkver,x-ms-meta-lastmodified,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable, no-transform
x-ms-version
2009-09-19
Login
backoffice.opalpayment.com/Auth/
Redirect Chain
  • https://backoffice.opalpayment.com/theme/logo.png
  • https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2Ftheme%2Flogo.png
7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2Ftheme%2Flogo.png
Requested by
Host: backoffice.opalpayment.com
URL: https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
Protocol
H2
Server
20.43.132.128 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 18 Apr 2023 23:45:18 GMT
content-encoding
gzip
x-rate-limit-limit
1s
x-content-type-options
nosniff
x-rate-limit-remaining
48
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store
x-rate-limit-reset
2023-04-18T23:45:20.0636066Z
x-xss-protection
1; mode=block
request-context
appId=cid-v1:e3cffe73-be9d-4ed2-af59-01f3bcc1d5bc

Redirect headers

date
Tue, 18 Apr 2023 23:45:18 GMT
x-rate-limit-limit
1s
x-content-type-options
nosniff
x-rate-limit-remaining
49
content-length
3068
x-xss-protection
1; mode=block
request-context
appId=cid-v1:e3cffe73-be9d-4ed2-af59-01f3bcc1d5bc
pragma
no-cache
last-modified
Tue, 28 Mar 2023 07:34:30 GMT
etag
"1d96147bb794cfc"
x-frame-options
DENY
content-type
text/html
location
https://backoffice.opalpayment.com/Auth/Login?ReturnUrl=%2Ftheme%2Flogo.png
cache-control
no-store
x-rate-limit-reset
2023-04-18T23:45:20.1136682Z
accept-ranges
bytes
track
southeastasia-0.in.applicationinsights.azure.com//v2/ 		49 B
233 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://southeastasia-0.in.applicationinsights.azure.com//v2/track
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.63.242.221 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2f06451e2da9bcec5593f0e5f8be5aaf93a584def5560838666f6ddcc0f90a19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://backoffice.opalpayment.com/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-type
application/json

Response headers

x-ms-session-id
B0679248-BF0A-4973-9266-0318E7B51F00
strict-transport-security
max-age=31536000
date
Tue, 18 Apr 2023 23:45:19 GMT
x-content-type-options
nosniff
access-control-max-age
3600
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context
content-length
49
track
southeastasia-0.in.applicationinsights.azure.com//v2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://southeastasia-0.in.applicationinsights.azure.com//v2/track
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.63.242.221 , Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://backoffice.opalpayment.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
content-length
0
date
Tue, 18 Apr 2023 23:45:19 GMT
x-content-type-options
nosniff

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| appInsights function| $ function| jQuery object| bootstrap object| e function| n object| Microsoft object| __dynProto$Gbl

6 Cookies

Domain/Path Name / Value
backoffice.opalpayment.com/ Name: .AspNetCore.Antiforgery.08ajqyv6Tp8
Value: CfDJ8O5mLTyP_jtOo7Awl7ryPGDfimdWcEHxDLFWmzz-C2Tpd5i4REbsuzETIARBErFOk0JngokYiPFDO2npe7rHwxoNT2Mo_XyNu4zVnPE_dieRcexORIS-5H_6nYNypZ0q46L-GvaEI5ywYNwhZPOFar4
.backoffice.opalpayment.com/ Name: ARRAffinity
Value: b4fef3836a2d74e910ebb018f67082e96c3d30fc5812393bdc8708a4858891b6
.backoffice.opalpayment.com/ Name: ARRAffinitySameSite
Value: b4fef3836a2d74e910ebb018f67082e96c3d30fc5812393bdc8708a4858891b6
backoffice.opalpayment.com/ Name: XSRF-TOKEN
Value: CfDJ8O5mLTyP_jtOo7Awl7ryPGDW7l3phRNLp2khY_0ekbhgn_xqTBIU5QyKpA0MCleOZPuF_uCNwBYlYGBfn8GvYgYdzDSVTPVG3jbx0LRoJocYtRcia4L9mCjO1TLzIhXmORKcI03phhYA8GmI6YYYwH4
backoffice.opalpayment.com/ Name: ai_user
Value: U1XDUCchM5+VALmc5G521e|2023-04-18T23:45:19.734Z
backoffice.opalpayment.com/ Name: ai_session
Value: 6reEr7szdQVg8mfe+k67gq|1681861519838|1681861519838

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block