urlscan.io logo urlscan.io
SecurityTrails logo

edc.pentest.zalamea.ph Open in urlscan Pro
178.128.27.54  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://edc.pentest.zalamea.ph/
Effective URL: https://edc.pentest.zalamea.ph/
Submission: On February 21 via manual from US — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 19 HTTP transactions. The main IP is 178.128.27.54, located in Singapore and belongs to DIGITALOCEAN-ASN, US. The main domain is edc.pentest.zalamea.ph.
TLS certificate: Issued by R3 on January 31st 2023. Valid for: 3 months.
This is the only time edc.pentest.zalamea.ph was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
14 178.128.27.54 14061 (DIGITALOC...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
19 5
14    178.128.27.54 (Singapore)

ASN14061 (DIGITALOCEAN-ASN, US)
edc.pentest.zalamea.ph
2    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2404:6800:4003:c06::63 (Singapore)

ASN15169 (GOOGLE, US)
www.google.com
1    2404:6800:4003:c1a::61 (Singapore)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2404:6800:4003:c04::5e (Singapore)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
14 zalamea.ph
edc.pentest.zalamea.ph
770 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 196
8 KB
1 gstatic.com
www.gstatic.com
164 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 50
45 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
880 B
19 5
Domain Requested by
14 edc.pentest.zalamea.ph edc.pentest.zalamea.ph
2 cdnjs.cloudflare.com edc.pentest.zalamea.ph
1 www.gstatic.com www.google.com
1 www.googletagmanager.com edc.pentest.zalamea.ph
1 www.google.com edc.pentest.zalamea.ph
19 5

This site contains links to these domains. Also see Links.

Domain
www.cookiesandyou.com
Subject Issuer Validity Valid
pentest.zalamea.ph
R3		 2023-01-31 -
2023-05-01		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-02-01 -
2023-04-26		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-02-01 -
2023-04-26		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-02-01 -
2023-04-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://edc.pentest.zalamea.ph/
Frame ID: FFFCB8D2ADB9CB3C61C20108C911AA12
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Individual Retirement Account - Fund Application

Page URL History Show full URLs

  1. http://edc.pentest.zalamea.ph/ HTTP 307
    https://edc.pentest.zalamea.ph/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • cookieconsent\.min\.js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

19
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

988 kB
Transfer

3537 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://edc.pentest.zalamea.ph/ HTTP 307
    https://edc.pentest.zalamea.ph/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
edc.pentest.zalamea.ph/
Redirect Chain
  • http://edc.pentest.zalamea.ph/
  • https://edc.pentest.zalamea.ph/
4 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://edc.pentest.zalamea.ph/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
08b1ff608fa4ccabd7efc39ead9b61dd6da20825208236bc333842e6f3942a88
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.googleapis.com https://*.okta.com; font-src 'self' https://*.gstatic.com; child-src 'self' https://www.google.com; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'strict-dynamic' https: 'nonce-MDgwMTNiZjYxMTJmN2E2Mg==' 'nonce-MjVkYTFhZTgwNjIzN2EzNg==' 'nonce-ODk2MjI0ZTY1YzRlZDNiMw==' 'nonce-OGFiYjIwOTQ5ZDZhNWIyMA==' 'nonce-OWY1ZWEyMGVhMTkzZWZiNg==' 'nonce-OTA4MzBlNGY3M2VhMzEwNQ==' 'nonce-YjkyMDcxODBkZjNkZmNmMw==' 'nonce-OTAyZTI5OTVmZjVkMmE1YQ==' 'nonce-MzNhMTg3YTA2ZTAwMTVmOA==' 'nonce-Y2NmYTNiNWU4ZGY3YTcyYQ==' https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.googleapis.com https://*.okta.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'strict-dynamic' https: https://*.zendesk.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://*.googleapis.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

Cache-Control
max-age=0, must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1873
Content-Security-Policy
default-src 'self'; connect-src 'self' https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.googleapis.com https://*.okta.com; font-src 'self' https://*.gstatic.com; child-src 'self' https://www.google.com; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'strict-dynamic' https: 'nonce-MDgwMTNiZjYxMTJmN2E2Mg==' 'nonce-MjVkYTFhZTgwNjIzN2EzNg==' 'nonce-ODk2MjI0ZTY1YzRlZDNiMw==' 'nonce-OGFiYjIwOTQ5ZDZhNWIyMA==' 'nonce-OWY1ZWEyMGVhMTkzZWZiNg==' 'nonce-OTA4MzBlNGY3M2VhMzEwNQ==' 'nonce-YjkyMDcxODBkZjNkZmNmMw==' 'nonce-OTAyZTI5OTVmZjVkMmE1YQ==' 'nonce-MzNhMTg3YTA2ZTAwMTVmOA==' 'nonce-Y2NmYTNiNWU4ZGY3YTcyYQ==' https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.googleapis.com https://*.okta.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'strict-dynamic' https: https://*.zendesk.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://*.googleapis.com
Content-Type
text/html; charset=UTF-8
Date
Tue, 21 Feb 2023 15:07:45 GMT
Expires
01 Jan 1970 00:00:00 GMT
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Keep-Alive
timeout=5, max=100
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=*, encrypted-media=(self), execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=*, usb=(self), web-share=(self), xr-spatial-tracking=(self)
Pragma
no-cache
Referrer-Policy
no-referrer
Server
zira
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Vary
Accept-Encoding,User-Agent
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://edc.pentest.zalamea.ph/
Non-Authoritative-Reason
HSTS
all.css
edc.pentest.zalamea.ph/build/cache/css/ 		399 KB
65 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://edc.pentest.zalamea.ph/build/cache/css/all.css?id=720737279e1997dde501e327e3d7ca71
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
f197da8c020a274afb1c3cb1bbdc50b74c6e5c0941d14ac39f468129e090ad58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=604800, public, must-revalidate
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Expires
01 Jan 2112 00:00:00 GMT
vendor.js
edc.pentest.zalamea.ph/build/cache/javascript/ 		2 MB
409 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edc.pentest.zalamea.ph/build/cache/javascript/vendor.js?id=b67b62103470c4993e5deef8e0bc4ce2
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
8b30fdd055f8711e9020dfc4e01195515aea9213140126748ab5007e2e8f7c2c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=604800, public, must-revalidate
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
01 Jan 2112 00:00:00 GMT
textAngular.min.js
edc.pentest.zalamea.ph/cache/javascript/ 		222 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edc.pentest.zalamea.ph/cache/javascript/textAngular.min.js
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
aa97747239805b254b38e896232c49e18d07b946c261bcf8756db7ad0b0db8ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=604800, public, must-revalidate
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
01 Jan 2112 00:00:00 GMT
app.js
edc.pentest.zalamea.ph/build/cache/javascript/ 		106 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edc.pentest.zalamea.ph/build/cache/javascript/app.js?id=19a0c329e34ac8cbcbc369fa2d253211
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
59bbe0f775183c84a662f414e1075354170b81d2a5c82e901e753db86656a3a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
25485
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=604800, public, must-revalidate
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
01 Jan 2112 00:00:00 GMT
cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent/3.1.1/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent/3.1.1/cookieconsent.min.css
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1527917
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1055
last-modified
Mon, 25 May 2020 12:38:28 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5ecbbc44-135e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2AbMUHGh2t3OF6bDNz3tolnjhYLjmnyaU5lC98znwqdi%2BfSa05FOIF9pHOSkGALHKyvqHmgbMCCVWkMSW7gNPzXqyC5SMcGUNvQuyCmtbmINIJzShIa8AjxiCKfigqdmCetMiDFY2tI3Qq%2FYRML6jZk5"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
79d064bbab5c472d-SIN
expires
Sun, 11 Feb 2024 15:07:45 GMT
cookieconsent.min.js
cdnjs.cloudflare.com/ajax/libs/cookieconsent/3.1.1/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent/3.1.1/cookieconsent.min.js
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
578455
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5908
last-modified
Mon, 25 May 2020 12:38:28 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5ecbbc44-50d5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRsJZy5Qk7bq%2Fq89l8%2Fz59LPstf9RBrP6Yv8tV%2B1x44Zbbn5qEuVct8j61g7I0UIRn3ocYlqcsyF31k66PN2gf2pu6noWHz8JIo55wjcJIChMVz1QsFhnOfe%2Fs8bT%2F6Lv4DJFRlory%2BKeon58Yo4ru%2B4"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
79d064bbbb5f472d-SIN
expires
Sun, 11 Feb 2024 15:07:45 GMT
api.js
www.google.com/recaptcha/ 		855 B
880 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=explicit
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c06::63 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7faefee6c0991072dca659a13be138fe3d7254f7b927d06924983a948795dd4b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
560
x-xss-protection
1; mode=block
expires
Tue, 21 Feb 2023 15:07:45 GMT
gtm.js
www.googletagmanager.com/ 		116 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T9PTZ3R
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c1a::61 , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6446e6c0325220da87f5eb6a4850f364dbcd609fc07a852b647816ae51e46849
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 15:07:46 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
45828
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 21 Feb 2023 15:07:46 GMT
recaptcha__zh_cn.js
www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/ 		413 KB
164 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/recaptcha__zh_cn.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c04::5e , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d9661637d04f1359d79d7b60aad331e5f5d5a353d03dc4f86c61ee2e7cc07ded
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://edc.pentest.zalamea.ph
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Mon, 20 Feb 2023 11:36:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
99078
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
167730
x-xss-protection
0
last-modified
Mon, 13 Feb 2023 05:01:25 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 20 Feb 2024 11:36:28 GMT
fontawesome-webfont.woff2
edc.pentest.zalamea.ph/build/cache/fonts/ 		63 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://edc.pentest.zalamea.ph/build/cache/fonts/fontawesome-webfont.woff2?v=4.4.0
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/build/cache/css/all.css?id=720737279e1997dde501e327e3d7ca71
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
1628fa0825d2d77d656a988b30d807cdbe314cb1bd4c1a202c44baa0f974e586
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://edc.pentest.zalamea.ph
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
User-Agent
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
64464
X-XSS-Protection
1; mode=block
Lato-Reg-webfont.woff
edc.pentest.zalamea.ph/build/cache/fonts/lato/ 		19 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://edc.pentest.zalamea.ph/build/cache/fonts/lato/Lato-Reg-webfont.woff
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/build/cache/css/all.css?id=720737279e1997dde501e327e3d7ca71
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
55eba456cf5c52c357eebfcb0af9e7b8f25d18c789700eba64b036089cb8902e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://edc.pentest.zalamea.ph
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
19260
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
User-Agent
Content-Type
application/font-woff
Cache-Control
max-age=604800, public, must-revalidate
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Expires
01 Jan 2112 00:00:00 GMT
login.html
edc.pentest.zalamea.ph/components/views/login/ 		12 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://edc.pentest.zalamea.ph/components/views/login/login.html
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/build/cache/javascript/vendor.js?id=b67b62103470c4993e5deef8e0bc4ce2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
8e8e36a6b210e6f2765880a51ebcd6513815fa50a0ecfe9d832fca0021eb9575
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
X-Requested-With
XMLHttpRequest
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
2235
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
Accept-Encoding,User-Agent
Content-Type
text/html
Cache-Control
max-age=0, no-cache, no-store, must-revalidate
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Expires
Wed, 18 April 1984 02:00:00 GMT
loader1.gif
edc.pentest.zalamea.ph/build/cache/images/loaders/ 		595 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edc.pentest.zalamea.ph/build/cache/images/loaders/loader1.gif
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
bbf87b370cdf805f2a7b68477ba2e833b8a415e0a4ffff30e7361f5bc63894f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
595
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
User-Agent
Content-Type
image/gif
Cache-Control
max-age=604800, public, must-revalidate
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Expires
01 Jan 2112 00:00:00 GMT
zalamea-omnibus.png
edc.pentest.zalamea.ph/build/cache/images/ 		87 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edc.pentest.zalamea.ph/build/cache/images/zalamea-omnibus.png
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
a6b49591736cec8ea158d1a6af936a2c4570850932695d02be046d7ac48d6320
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
88757
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
User-Agent
Content-Type
image/png
Cache-Control
max-age=604800, public, must-revalidate
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Expires
01 Jan 2112 00:00:00 GMT
ping
edc.pentest.zalamea.ph/rest/v1/api/me/ 		5 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://edc.pentest.zalamea.ph/rest/v1/api/me/ping
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/build/cache/javascript/vendor.js?id=b67b62103470c4993e5deef8e0bc4ce2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.googleapis.com https://*.okta.com; font-src 'self' https://*.gstatic.com; child-src 'self' https://www.google.com; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'strict-dynamic' https: 'nonce-OWY1ZWEyMGVhMTkzZWZiNg==' https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.googleapis.com https://*.okta.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'strict-dynamic' https: https://*.zendesk.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://*.googleapis.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
X-Requested-With
XMLHttpRequest
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; connect-src 'self' https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.googleapis.com https://*.okta.com; font-src 'self' https://*.gstatic.com; child-src 'self' https://www.google.com; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'strict-dynamic' https: 'nonce-OWY1ZWEyMGVhMTkzZWZiNg==' https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.googleapis.com https://*.okta.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'strict-dynamic' https: https://*.zendesk.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://*.googleapis.com
X-CSRF-TOKEN
RpMH4iE84TLU0PqByu5BZdm9hqdVuFAHHC48t72t
Connection
Keep-Alive
Content-Length
5
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Server
zira
X-Frame-Options
DENY
X-RateLimit-Remaining
59
Content-Type
application/json
Vary
User-Agent
Cache-Control
max-age=0, must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=*, encrypted-media=(self), execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=*, usb=(self), web-share=(self), xr-spatial-tracking=(self)
X-RateLimit-Limit
60
Keep-Alive
timeout=5, max=98
Expires
01 Jan 1970 00:00:00 GMT
user.png
edc.pentest.zalamea.ph/build/cache/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edc.pentest.zalamea.ph/build/cache/images/user.png
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/build/cache/css/all.css?id=720737279e1997dde501e327e3d7ca71
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
09bbf9c144222134ee6d4f28b25d4b846f8c099d72c4360c7998bfd89715eb45
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
1106
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
User-Agent
Content-Type
image/png
Cache-Control
max-age=604800, public, must-revalidate
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Expires
01 Jan 2112 00:00:00 GMT
locked.png
edc.pentest.zalamea.ph/build/cache/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edc.pentest.zalamea.ph/build/cache/images/locked.png
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/build/cache/css/all.css?id=720737279e1997dde501e327e3d7ca71
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
5d49f096f9957f3b969cdf922469092b26550ec5cfe9c78a86515460c4230cd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
1132
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
User-Agent
Content-Type
image/png
Cache-Control
max-age=604800, public, must-revalidate
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Expires
01 Jan 2112 00:00:00 GMT
Lato-Bol-webfont.woff
edc.pentest.zalamea.ph/build/cache/fonts/lato/ 		19 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://edc.pentest.zalamea.ph/build/cache/fonts/lato/Lato-Bol-webfont.woff
Requested by
Host: edc.pentest.zalamea.ph
URL: https://edc.pentest.zalamea.ph/build/cache/css/all.css?id=720737279e1997dde501e327e3d7ca71
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.27.54 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
zira /
Resource Hash
f37b461d3256147b743d073616e44413b5caceac0839e1145bca119d08eea9d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://edc.pentest.zalamea.ph
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Tue, 21 Feb 2023 15:07:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
19432
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Thu, 02 Feb 2023 10:53:07 GMT
Server
zira
X-Frame-Options
DENY
Vary
User-Agent
Content-Type
application/font-woff
Cache-Control
max-age=604800, public, must-revalidate
Feature-Policy
autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; usb 'none'; sync-xhr 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Expires
01 Jan 2112 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange object| $jscomp function| $jscomp$lookupPolyfilledValue object| CryptoJS object| acj function| $ function| jQuery function| DataTable object| html5 object| Modernizr function| yepnope function| retinajs function| _ object| Morris function| eve function| Raphael object| angular function| moment function| currency object| rangy string| textAngular object| App object| dataLayer undefined| __r_token undefined| __hdn_gsso undefined| __hdn_osso boolean| __hdn_hvt string| __hdn_sbdm string| __hdn_bdm undefined| __hdn_picker undefined| __hdn_adsso string| __hdn_signin string| __hdn_forgot_pwd undefined| __hdn_emp_number undefined| __hdn_email string| __okta_base_url string| sub object| cookieconsent object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| google_tag_manager object| recaptcha

1 Cookies

Domain/Path Name / Value
.pentest.zalamea.ph/ Name: ls-pentest
Value: eyJpdiI6IlRGaTFScHNtWTA2MmdieDFsVCtuQUE9PSIsInZhbHVlIjoiY0M0SldPVWswWG1FcGFTOEZnUSs2dGZqQ1VtZnlvTVI3bzVSTEh2ajU2TWVUdjIyRW1RWU1aZ1Y4V0Irbzk4STlQWEJKNjV5Mm5rRnRMaTczdWZwXC9RPT0iLCJtYWMiOiJiZmMwMTQ2MzQ1OWRhZTBiODNjNGMxNDA3YzJiYzRkODZiNmQwNGUyYTlkNjc0ZWQ5ZTYxNzAyNDRlNTNlYTRkIn0%3D

9 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security warning
Message:
Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: autoplay, camera, geolocation, microphone, midi, payment, picture-in-picture, usb, sync-xhr. Values defined in Permissions-Policy header will be used.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.googleapis.com https://*.okta.com; font-src 'self' https://*.gstatic.com; child-src 'self' https://www.google.com; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'strict-dynamic' https: 'nonce-MDgwMTNiZjYxMTJmN2E2Mg==' 'nonce-MjVkYTFhZTgwNjIzN2EzNg==' 'nonce-ODk2MjI0ZTY1YzRlZDNiMw==' 'nonce-OGFiYjIwOTQ5ZDZhNWIyMA==' 'nonce-OWY1ZWEyMGVhMTkzZWZiNg==' 'nonce-OTA4MzBlNGY3M2VhMzEwNQ==' 'nonce-YjkyMDcxODBkZjNkZmNmMw==' 'nonce-OTAyZTI5OTVmZjVkMmE1YQ==' 'nonce-MzNhMTg3YTA2ZTAwMTVmOA==' 'nonce-Y2NmYTNiNWU4ZGY3YTcyYQ==' https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.googleapis.com https://*.okta.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'strict-dynamic' https: https://*.zendesk.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://*.googleapis.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
edc.pentest.zalamea.ph
www.google.com
www.googletagmanager.com
www.gstatic.com
178.128.27.54
2404:6800:4003:c04::5e
2404:6800:4003:c06::63
2404:6800:4003:c1a::61
2606:4700::6811:190e
08b1ff608fa4ccabd7efc39ead9b61dd6da20825208236bc333842e6f3942a88
09bbf9c144222134ee6d4f28b25d4b846f8c099d72c4360c7998bfd89715eb45
1628fa0825d2d77d656a988b30d807cdbe314cb1bd4c1a202c44baa0f974e586
55eba456cf5c52c357eebfcb0af9e7b8f25d18c789700eba64b036089cb8902e
59bbe0f775183c84a662f414e1075354170b81d2a5c82e901e753db86656a3a4
5d49f096f9957f3b969cdf922469092b26550ec5cfe9c78a86515460c4230cd7
6446e6c0325220da87f5eb6a4850f364dbcd609fc07a852b647816ae51e46849
7faefee6c0991072dca659a13be138fe3d7254f7b927d06924983a948795dd4b
8b30fdd055f8711e9020dfc4e01195515aea9213140126748ab5007e2e8f7c2c
8e8e36a6b210e6f2765880a51ebcd6513815fa50a0ecfe9d832fca0021eb9575
a6b49591736cec8ea158d1a6af936a2c4570850932695d02be046d7ac48d6320
aa97747239805b254b38e896232c49e18d07b946c261bcf8756db7ad0b0db8ec
bbf87b370cdf805f2a7b68477ba2e833b8a415e0a4ffff30e7361f5bc63894f1
cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4
d9661637d04f1359d79d7b60aad331e5f5d5a353d03dc4f86c61ee2e7cc07ded
e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24
f197da8c020a274afb1c3cb1bbdc50b74c6e5c0941d14ac39f468129e090ad58
f37b461d3256147b743d073616e44413b5caceac0839e1145bca119d08eea9d9
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa