urlscan.io logo urlscan.io
SecurityTrails logo

customer-api.admin.prod.v1.pay-by-account.com Open in urlscan Pro
13.237.87.201  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://customer-api.admin.prod.v1.pay-by-account.com/
Effective URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Submission: On June 22 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 13.237.87.201, located in Sydney, Australia and belongs to AMAZON-02, US. The main domain is customer-api.admin.prod.v1.pay-by-account.com.
TLS certificate: Issued by Amazon on June 3rd 2022. Valid for: a year.
This is the only time customer-api.admin.prod.v1.pay-by-account.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 17 13.237.87.201 16509 (AMAZON-02)
16 2
Apex Domain
Subdomains		 Transfer
17 pay-by-account.com
customer-api.admin.prod.v1.pay-by-account.com
611 KB
16 1
Domain Requested by
17 customer-api.admin.prod.v1.pay-by-account.com 1 redirects customer-api.admin.prod.v1.pay-by-account.com
16 1

This site contains links to these domains. Also see Links.

Domain
api-platform.com
Subject Issuer Validity Valid
customer-api.pay-by-account.prod.v1.eonx-mastercard.com
Amazon		 2022-06-03 -
2023-07-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Frame ID: 8808F638C996B198D08C196E0C83E06A
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Mastercard PBA Transact API - API Platform

Page URL History Show full URLs

  1. https://customer-api.admin.prod.v1.pay-by-account.com/ HTTP 302
    https://customer-api.admin.prod.v1.pay-by-account.com/docs Page URL

Page Statistics

16
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

610 kB
Transfer

1871 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://customer-api.admin.prod.v1.pay-by-account.com/ HTTP 302
    https://customer-api.admin.prod.v1.pay-by-account.com/docs Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request docs
customer-api.admin.prod.v1.pay-by-account.com/
Redirect Chain
  • https://customer-api.admin.prod.v1.pay-by-account.com/
  • https://customer-api.admin.prod.v1.pay-by-account.com/docs
59 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
ef2c015b2164014a79e7ea9f62131b066db8b7090c5f1cb898d4b87aa3a60f76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
access-control-allow-origin
*
access-control-max-age
1728000
cache-control
no-cache, private
content-encoding
gzip
content-length
5340
content-type
text/html; charset=UTF-8
date
Wed, 22 Jun 2022 08:28:53 GMT
link
<https://customer-api.admin.prod.v1.pay-by-account.com/docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation"
referrer-policy
same-origin
server
Apache
server-timing
dtSInfo;desc="0", dtRpid;desc="1966265588"
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-oneagent-js-injection
true
x-ruxit-js-agent
true

Redirect headers

access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
access-control-allow-origin
*
access-control-max-age
1728000
cache-control
no-cache, private
content-length
945
content-type
text/html; charset=UTF-8
date
Wed, 22 Jun 2022 08:28:53 GMT
link
<https://customer-api.admin.prod.v1.pay-by-account.com/docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation"
location
https://customer-api.admin.prod.v1.pay-by-account.com/docs
referrer-policy
same-origin
server
Apache
server-timing
dtSInfo;desc="0", dtRpid;desc="789816031"
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
DENY
x-oneagent-js-injection
true
x-ruxit-js-agent
true
ruxitagentjs_ICA2Vfqru_10241220422021336.js
customer-api.admin.prod.v1.pay-by-account.com/ 		192 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/ruxitagentjs_ICA2Vfqru_10241220422021336.js
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
a1259f5128f86e379213fd78aabbc1503b419a1c22d6703fe245414bffac0b64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-length
75303
referrer-policy
same-origin
last-modified
Wed, 03 Mar 2010 07:01:40 GMT
server
Apache
x-frame-options
DENY
access-control-max-age
1728000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
expires
Thu, 22 Jun 2023 08:28:53 GMT
400.css
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/400.css
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
ae7fea2d7b76d5286e12e4ad69f7ac1ff1a1bc3dbc01f90a4645d1d92323a4da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
server-timing
dtSInfo;desc="0", dtRpid;desc="250050402"
vary
Accept-Encoding
content-length
539
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:15 GMT
server
Apache
x-frame-options
DENY
etag
"b59-5e0c0602603c0-gzip"
access-control-max-age
1728000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
700.css
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/700.css
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
b8d10871db532287def903ba9a4550415c1b3829d2e8b2852fc9b85c3d3033fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
server-timing
dtSInfo;desc="0", dtRpid;desc="-1649323337"
vary
Accept-Encoding
content-length
539
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:15 GMT
server
Apache
x-frame-options
DENY
etag
"b59-5e0c0602603c0-gzip"
access-control-max-age
1728000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
swagger-ui.css
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/swagger-ui/ 		140 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/swagger-ui/swagger-ui.css
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
7f40ecf1323f1faad1f4c6f3c3fd92478cc3135eeccb3a8861d3acad6b61f285
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
server-timing
dtSInfo;desc="0", dtRpid;desc="-1181389391"
vary
Accept-Encoding
content-length
22798
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:15 GMT
server
Apache
x-frame-options
DENY
etag
"231f2-5e0c0602603c0-gzip"
access-control-max-age
1728000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
style.css
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/style.css
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
24d001b07003bed11b01cc62ae245f3ec6365c8cda2f45f17a104e2571110332
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
server-timing
dtSInfo;desc="0", dtRpid;desc="-1801222332"
vary
Accept-Encoding
content-length
1737
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:15 GMT
server
Apache
x-frame-options
DENY
etag
"1b83-5e0c0602603c0-gzip"
access-control-max-age
1728000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
logo-header.svg
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/logo-header.svg
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
83e8c52c986d85859e622ede603ef645cb2319985612eed98e39a54b5aa64e30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:54 GMT
x-content-type-options
nosniff
access-control-max-age
1728000
server-timing
dtSInfo;desc="0", dtRpid;desc="-1329253058"
content-length
7328
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:15 GMT
server
Apache
x-frame-options
DENY
etag
"1ca0-5e0c0602603c0"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
web.png
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/web.png
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
be737a9d73f9c169ef2871f8958f08d945d47a4b20f4745f5ebacaaf7a03c53a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:54 GMT
x-content-type-options
nosniff
access-control-max-age
1728000
server-timing
dtSInfo;desc="0", dtRpid;desc="-1793731403"
content-length
21929
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:15 GMT
server
Apache
x-frame-options
DENY
etag
"55a9-5e0c0602603c0"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
content-type
image/png
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
webby.png
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/webby.png
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
d3c6ce3d7b51ac4431e8d369e4ebd90beb1da2cffedd677bfb19d5b5833b3ae9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:54 GMT
x-content-type-options
nosniff
access-control-max-age
1728000
server-timing
dtSInfo;desc="0", dtRpid;desc="-1145441159"
content-length
7261
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:15 GMT
server
Apache
x-frame-options
DENY
etag
"1c5d-5e0c0602603c0"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
content-type
image/png
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
swagger-ui-bundle.js
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/swagger-ui/ 		1 MB
327 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/swagger-ui/swagger-ui-bundle.js
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
f5f97ddb32cb277cb234c1f998c44bf9aff35c6ff4aa02037d1b9cb6daed5fec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
server-timing
dtSInfo;desc="0", dtRpid;desc="390663391"
vary
Accept-Encoding
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:15 GMT
server
Apache
x-frame-options
DENY
etag
"109411-5e0c0602603c0-gzip"
access-control-max-age
1728000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
swagger-ui-standalone-preset.js
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/swagger-ui/ 		317 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/swagger-ui/swagger-ui-standalone-preset.js
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
0f661e1b004dd7f9d3c0314cfbc3cf7312260f5776cbaecb31e5ebc409e40ae2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
server-timing
dtSInfo;desc="0", dtRpid;desc="-1198756114"
vary
Accept-Encoding
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:15 GMT
server
Apache
x-frame-options
DENY
etag
"4f2b3-5e0c0602603c0-gzip"
access-control-max-age
1728000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
init-swagger-ui.js
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/init-swagger-ui.js
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/docs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
3cd121bbb494d72d0357fb919a5d10c3bfd7041d05e45edfd34127d5c667596a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
server-timing
dtSInfo;desc="0", dtRpid;desc="1806941033"
vary
Accept-Encoding
content-length
1779
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:15 GMT
server
Apache
x-frame-options
DENY
etag
"15b7-5e0c0602603c0-gzip"
access-control-max-age
1728000
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
open-sans-latin-400-normal.woff2
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/files/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/files/open-sans-latin-400-normal.woff2
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/400.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/400.css
Origin
https://customer-api.admin.prod.v1.pay-by-account.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="1550688094", dtTao;desc="1"
content-length
16692
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:14 GMT
server
Apache
x-frame-options
DENY
etag
"4134-5e0c0602603c0:dtagent10241220422021336Ukyn"
access-control-max-age
1728000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
truncated
/ 		15 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
692881516b5727543e5d0e2afe602c1659d1b50d7af857219c33d12913167520

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		239 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb5873d70e03e1dfb1e4a734cea4ada473e8520b7fec49c7e9d387cc25ac43a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		127 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
88184aef40a6a66fdd5841732efb6bd1ec40d2cf5cc35dd2abe5ab80070d02b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
open-sans-latin-700-normal.woff2
customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/files/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/files/open-sans-latin-700-normal.woff2
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/700.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
a61d67250a5c36640e22099937af31613e68d6134439d5d4329efea0372aea79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://customer-api.admin.prod.v1.pay-by-account.com/bundles/apiplatform/fonts/open-sans/700.css
Origin
https://customer-api.admin.prod.v1.pay-by-account.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Wed, 22 Jun 2022 08:28:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="745941206", dtTao;desc="1"
content-length
16408
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 05:02:14 GMT
server
Apache
x-frame-options
DENY
etag
"4018-5e0c0602603c0:dtagent10241220422021336Ukyn"
access-control-max-age
1728000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
rb_bf46099vlu
customer-api.admin.prod.v1.pay-by-account.com/ 		116 B
647 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/rb_bf46099vlu?type=js3&sn=v_4_srv_1_sn_19BE55A9E536D76C7823CBB79168CE09_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1&svrid=1&flavor=post&vi=REVUPARPLGCQELVMHBJKMMCMMUQJRKQM-0&modifiedSince=1654821115775&rf=https%3A%2F%2Fcustomer-api.admin.prod.v1.pay-by-account.com%2Fdocs&bp=3&app=ea7c4b59f27d43eb&crc=1166202546&en=qnn78a97&end=1
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/ruxitagentjs_ICA2Vfqru_10241220422021336.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
03e7fd62f56bd6286ca79694260e7befa47c61a52aa39d402cd6f0132fd96e50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 22 Jun 2022 08:28:57 GMT
content-encoding
gzip
referrer-policy
same-origin
server
Apache
x-frame-options
DENY
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-max-age
1728000
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
content-length
129
x-content-type-options
nosniff
rb_bf46099vlu
customer-api.admin.prod.v1.pay-by-account.com/ 		116 B
647 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://customer-api.admin.prod.v1.pay-by-account.com/rb_bf46099vlu?type=js3&sn=v_4_srv_1_sn_19BE55A9E536D76C7823CBB79168CE09_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1&svrid=1&flavor=post&vi=REVUPARPLGCQELVMHBJKMMCMMUQJRKQM-0&modifiedSince=1654821115775&rf=https%3A%2F%2Fcustomer-api.admin.prod.v1.pay-by-account.com%2Fdocs&bp=3&app=ea7c4b59f27d43eb&crc=697720002&en=qnn78a97&end=1
Requested by
Host: customer-api.admin.prod.v1.pay-by-account.com
URL: https://customer-api.admin.prod.v1.pay-by-account.com/ruxitagentjs_ICA2Vfqru_10241220422021336.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.87.201 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-87-201.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
03e7fd62f56bd6286ca79694260e7befa47c61a52aa39d402cd6f0132fd96e50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://customer-api.admin.prod.v1.pay-by-account.com/docs
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 22 Jun 2022 08:28:59 GMT
content-encoding
gzip
referrer-policy
same-origin
server
Apache
x-frame-options
DENY
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PATCH, PUT
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-max-age
1728000
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Content-Range, Range, Authorization, Provider-Id, Customer-Id, X-CORRELATION-ID, X-REQUEST-ID
content-length
129
x-content-type-options
nosniff

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| dT_ object| dtrum function| setImmediate function| clearImmediate object| regeneratorRuntime function| SwaggerUIBundle object| SwaggerUIStandalonePreset object| versions

5 Cookies

Domain/Path Name / Value
.pay-by-account.com/ Name: dtCookie
Value: v_4_srv_1_sn_19BE55A9E536D76C7823CBB79168CE09_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1
.pay-by-account.com/ Name: rxVisitor
Value: 1655886534791M24PU8AH8N5G7U02H7A5IKV97JK25ABA
.pay-by-account.com/ Name: dtSa
Value: -
.pay-by-account.com/ Name: rxvt
Value: 1655888336041|1655886534793
.pay-by-account.com/ Name: dtPC
Value: 1$486534789_354h-vREVUPARPLGCQELVMHBJKMMCMMUQJRKQM-0e0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY