hilton.gripays.com Open in urlscan Pro
37.205.1.134 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://thsl.at/fd4c677aeb4347c987166d824d4bd012
Effective URL:
https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1
Submission: On September 17 via manual (September 17th 2024, 11:56:13 am UTC) from PL — Scanned from AT

Summary HTTP 136 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 136 HTTP transactions. The main IP is 37.205.1.134, located in Turkey and belongs to ECOZUM, TR. The main domain is hilton.gripays.com.
TLS certificate: Issued by Sectigo ECC Domain Validation Secure ... on May 29th 2024. Valid for: a year.

This is the only time hilton.gripays.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	37.205.4.3 37.205.4.3	211225 (ECOZUM) (ECOZUM)
2 135	37.205.1.134 37.205.1.134	211225 (ECOZUM) (ECOZUM)
2	142.250.181.238 142.250.181.238	15169 (GOOGLE) (GOOGLE)
136	3

1 37.205.4.3 (Turkey) 1 redirects

ASN211225 (ECOZUM, TR)

thsl.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

135 37.205.1.134 (Turkey) 2 redirects

ASN211225 (ECOZUM, TR)
PTR: bebekdeposu.bebekdeposu.com

hilton.gripays.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
135	gripays.com 2 redirects hilton.gripays.com	4 MB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 33	21 KB
1	thsl.at 1 redirects thsl.at	252 B
0	googletagmanager.com Failed www.googletagmanager.com Failed
136	4

	Domain	Requested by
135	hilton.gripays.com	2 redirects hilton.gripays.com
2	www.google-analytics.com	hilton.gripays.com www.google-analytics.com
1	thsl.at	1 redirects
0	www.googletagmanager.com Failed	www.google-analytics.com
136	4

This site contains no links.

Subject Issuer	Validity	Valid
hilton.gripays.com Sectigo ECC Domain Validation Secure Server CA	`2024-05-29` - `2025-06-12`	a year	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1
Frame ID: 2852CBF0EB56353476ACB5AECE6CBA6F
Requests: 136 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hilton

Page URL History Show full URLs

https://thsl.at/fd4c677aeb4347c987166d824d4bd012 HTTP 301
https://hilton.gripays.com/EmailOrder/Payment?u=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&appuid=2&key=77da8... HTTP 302
https://hilton.gripays.com/Payment/Step1?notAut=True&vId=10&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&... HTTP 302
https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Lodash (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

lodash.*\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

Ramda (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

ramda.*\.js

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

math.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

math(?:\.min)?\.js

Page Statistics

136
Requests

99 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

4155 kB
Transfer

4229 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://thsl.at/fd4c677aeb4347c987166d824d4bd012 HTTP 301
https://hilton.gripays.com/EmailOrder/Payment?u=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&appuid=2&key=77da8b22-2bc4-4546-ab58-ba3460ab03c2&c=3&ps=104&plt=1&pltf=1 HTTP 302
https://hilton.gripays.com/Payment/Step1?notAut=True&vId=10&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&currency=3&pltf=1 HTTP 302
https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

136 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request UnAuthenticatedPayment Show response
hilton.gripays.com/Payment/
Redirect Chain

https://thsl.at/fd4c677aeb4347c987166d824d4bd012
https://hilton.gripays.com/EmailOrder/Payment?u=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&appuid=2&key=77da8b22-2bc4-4546-ab58-ba3460ab03c2&c=3&ps=104&plt=1&pltf=1
https://hilton.gripays.com/Payment/Step1?notAut=True&vId=10&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&currency=3&pltf=1
https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

138 KB
138 KB

590ms
590ms

Document
text/html

37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

d7a4775e342bbb7b02fc12bf9aa56af58cdd5d36a993dbf51bb82d50df27db08

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: private, s-maxage=0
content-length: 140995
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
content-type: text/html; charset=utf-8
date: Tue, 17 Sep 2024 11:56:03 GMT
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy: no-referrer
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

Redirect headers

cache-control: private
content-length: 218
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
content-type: text/html; charset=utf-8
date: Tue, 17 Sep 2024 11:56:03 GMT
location: /Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy: no-referrer
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H2 200 language-res.js Show response
hilton.gripays.com/Home/ 299 KB
299 KB 680ms
672ms Script
application/x-javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Home/language-res.js?area=Payment&culture=en-US&v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

8662c547baef4ec2663fdc03ef14493596af5f8dc1da184ccf048aec0d856e55

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 17 Sep 2024 11:56:04 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
cache-control: private, max-age=7776000
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length: 306138
x-xss-protection: 1; mode=block
expires: Mon, 16 Dec 2024 11:56:04 GMT

GET
H2 200 language.js Show response
hilton.gripays.com/Scripts/ 713 B
840 B 687ms
680ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/language.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

90f41e91a887d1db67ba3aaf71fc17de6aa76ece7ef6fb2e4c4fa084627eeedb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "a84dde40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 713
x-xss-protection: 1; mode=block

GET
H2 200 jquery.fancybox.min.css
hilton.gripays.com/Content/css/ 14 KB
14 KB 669ms
662ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/jquery.fancybox.min.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

f6f3d53dd2240261f157695adf386a5c08014298c19f62ccf63cd162996892d0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:48 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "2781bb3cd1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 14065
x-xss-protection: 1; mode=block

GET
H2 200 jquery-ui.min.css
hilton.gripays.com/Content/jquery-ui/ 31 KB
31 KB 672ms
665ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/jquery-ui/jquery-ui.min.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

b89e5291ea57667d6d0d3e0bda2c59e441744d39d35ecd44702ecd01685bac3e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:49 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "19c383dd1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 31606
x-xss-protection: 1; mode=block

GET
H2 200 common-responsive.css
hilton.gripays.com/Content/css/ 21 KB
21 KB 717ms
709ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/common-responsive.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

c724ac391d17ebbb16838a5e66c2e7ae5b3166611db7016a6dcb374af9ed0a50

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:37:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "90e4a2a7c18da1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 21347
x-xss-protection: 1; mode=block

GET
H2 200 common-responsive-responsive.css
hilton.gripays.com/Content/css/ 7 KB
7 KB 719ms
712ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/common-responsive-responsive.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

9c11b15142d43838808a95f408b9d63acb85f8d6b1521606e0119de47ec7a6b2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "f24451b33fcd91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 6971
x-xss-protection: 1; mode=block

GET
H2 200 commratelist.css
hilton.gripays.com/Content/css/ 42 KB
42 KB 768ms
761ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/commratelist.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

9adcd7086717f1cfe6627ee2612d247910e01100da1d9f0f1b3bec8ed5385547

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:37:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "40f5a3a7c18da1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 43263
x-xss-protection: 1; mode=block

GET
H2 200 bootstrap.css
hilton.gripays.com/Content/css/bootstrap/ 128 KB
128 KB 821ms
814ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/bootstrap/bootstrap.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

06eb3a433e6797b38bd5831734377b2f1942962baf4ab92507fd3c0d710f5d19

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 02 Jan 2024 12:00:15 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "d04b713f733dda1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 131118
x-xss-protection: 1; mode=block

GET
H2 200 bootstrap-responsive.css
hilton.gripays.com/Content/css/bootstrap/ 29 KB
29 KB 1026ms
1019ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/bootstrap/bootstrap-responsive.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

868db500d2dc8040d4521de7b0424e15d284e72ef63972cbfd64813e1607a9bb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:37:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "d23a2a7c18da1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 29430
x-xss-protection: 1; mode=block

GET
H2 200 common-theme.css
hilton.gripays.com/Content/css/ 4 KB
4 KB 1028ms
1021ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/common-theme.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

58cb3f6173776d12e4fa5e243e4e5e65c8afb8134f0bbf353292108b51915c20

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "94a352b33fcd91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 4275
x-xss-protection: 1; mode=block

GET
H2 200 common-theme-responsive.css
hilton.gripays.com/Content/css/ 1 KB
2 KB 1029ms
1022ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/common-theme-responsive.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

e9d3803e8030a5c5b759f536beb04d8462994ab6f4595b57a431f2a85804c81f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:37:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "6959a3a7c18da1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1093
x-xss-protection: 1; mode=block

GET
H2 200 navyblue.css
hilton.gripays.com/Content/css/ 13 KB
13 KB 1030ms
1023ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/navyblue.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

424fe557b9be5aa689785f5d3e2d1a78e7fae003720d905c30b89999e37cd2fa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:37:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "c7a1a5a7c18da1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 13314
x-xss-protection: 1; mode=block

GET
H2 200 navyblue-responsive.css
hilton.gripays.com/Content/css/ 5 KB
5 KB 1032ms
1025ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/navyblue-responsive.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

507d8570a8030778cca498bb4d70ed0db533a5e2ddbc8a2e18c86ba144f2f8c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "453258b33fcd91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 5347
x-xss-protection: 1; mode=block

GET
H2 200 new-ui.css
hilton.gripays.com/Content/css/ 31 KB
31 KB 1031ms
1024ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/new-ui.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

18f4b82dc1d7ea86352dd794f0bbc04509456d9a499e142b0d8dbfb9aeeb15f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:37:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "a616a6a7c18da1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 32011
x-xss-protection: 1; mode=block

GET
H2 200 specific.css
hilton.gripays.com/Themes/Specific/ortak/Content/css/ 667 B
788 B 1045ms
1039ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Themes/Specific/ortak/Content/css/specific.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

c8369d9ac4c13d28abbe40bc452fe63ed6107c2aa2b461a42ca94b898b53cd2f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Thu, 18 Aug 2022 07:36:02 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "520152bd5b2d81:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 667
x-xss-protection: 1; mode=block

GET
H2 200 specific-responsive.css
hilton.gripays.com/Themes/Specific/ortak/Content/css/ 367 B
477 B 1048ms
1042ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Themes/Specific/ortak/Content/css/specific-responsive.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

f7aa40a5dda6ae6b2063a40f0414f6144b51d7028d2dcd3fdb8f7aedf1dcdb95

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 04 Aug 2021 06:02:36 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "87a9c152f688d71:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 367
x-xss-protection: 1; mode=block

GET
H2 200 jquery-1.12.4.min.js Show response
hilton.gripays.com/Scripts/ 95 KB
95 KB 1079ms
1073ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery-1.12.4.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

27d92130c0321dad5a03760fd5ac98a3d04ed4c94d88418fe6d50da1f7fc5cbe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "ba33cf40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 97168
x-xss-protection: 1; mode=block

GET
H2 200 jquery-migrate-1.4.1.min.js Show response
hilton.gripays.com/Scripts/ 10 KB
10 KB 1109ms
1103ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery-migrate-1.4.1.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

ef0968035e387c8b468f4a943a9b5998d159c9e2f1a4994c70aa86bf53a9316d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "c216d140d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 10057
x-xss-protection: 1; mode=block

GET
H2 200 jquery-ui.min.js Show response
hilton.gripays.com/Content/jquery-ui/ 248 KB
248 KB 1130ms
1124ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/jquery-ui/jquery-ui.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

e11d301e195aa2d64a348d876b7b345b2221fd3bbdbf9932e929ca5fc90db6f1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "2a5d73b33fcd91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 253700
x-xss-protection: 1; mode=block

GET
H2 200 jquery.validate.min.js Show response
hilton.gripays.com/Scripts/ 25 KB
25 KB 1249ms
1244ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.validate.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

14ae032071d8b0430d9b6fc5ad54202464d0152851a244577a454237b4a55c8b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "6a3dc40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 25376
x-xss-protection: 1; mode=block

GET
H2 200 jquery.validate.unobtrusive.min.js Show response
hilton.gripays.com/Scripts/ 4 KB
4 KB 1252ms
1246ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.validate.unobtrusive.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

935451bb510c8c44f83e6b6192c204d7ab055563210f70325877c624a452ad59

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "4551dc40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 3745
x-xss-protection: 1; mode=block

GET
H2 200 jquery.validate.bootstrap.js Show response
hilton.gripays.com/Scripts/ 2 KB
2 KB 1253ms
1247ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.validate.bootstrap.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

a9ba6fe8e85c330721bae0dd8a1ecf46c81921da5d18df908182aed1fdfc7953

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "67b5db40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 2317
x-xss-protection: 1; mode=block

GET
H2 200 jquery.blockUI-2.59.0.js Show response
hilton.gripays.com/Scripts/ 19 KB
19 KB 1260ms
1255ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.blockUI-2.59.0.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

25355473efa3a334df567e57d142e18006a295533f3ff1c3a4772d8d2ca80430

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "5d5fd340d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 19502
x-xss-protection: 1; mode=block

GET
H2 200 modernizr.custom.js Show response
hilton.gripays.com/Scripts/ 3 KB
3 KB 1288ms
1283ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/modernizr.custom.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

733452541a1c6388bb4cbff951382070c2b2fccf19133d53e9d845397980adbc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:58 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "9910cdd33fcd91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 2635
x-xss-protection: 1; mode=block

GET
H2 200 bootstrap.js Show response
hilton.gripays.com/Scripts/ 59 KB
60 KB 1295ms
1290ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/bootstrap.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

79e862809101c47e734281f0c4dabb54fd96e9dc5417ae619430f3ad2055b593

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "126cca40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 60794
x-xss-protection: 1; mode=block

GET
H2 200 knockout-3.4.2.js Show response
hilton.gripays.com/Scripts/ 59 KB
60 KB 1370ms
1366ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/knockout-3.4.2.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

494f0ab6f89e6fb8d0f3a4395207a7f06408c972cadaea17f82155dba012555f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "698add40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 60478
x-xss-protection: 1; mode=block

GET
H2 200 globalize.js Show response
hilton.gripays.com/Scripts/Globalize/ 46 KB
46 KB 1373ms
1368ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/Globalize/globalize.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

93c9b6cfe7de253bf4b2b110599bae90b5f1c56a1cf13770425840e7f62e7409

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "5d58c540d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 46840
x-xss-protection: 1; mode=block

GET
H2 200 globalize.culture.tr-TR.js Show response
hilton.gripays.com/Scripts/Globalize/cultures/ 2 KB
2 KB 1421ms
1417ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/Globalize/cultures/globalize.culture.tr-TR.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

00cf97f5a11afafaaf840f0669ced1be301d6dac855b5eda66e099cc1baa9d69

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "36fbba40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1834
x-xss-protection: 1; mode=block

GET
H2 200 OnlyNumeric.js Show response
hilton.gripays.com/Scripts/ 2 KB
2 KB 1422ms
1418ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/OnlyNumeric.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

a4ca95455f539b2def086141255e9d37845779fc1501833a98a2d026017d2e99

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "2350c640d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 2388
x-xss-protection: 1; mode=block

GET
H2 200 newsJS.js Show response
hilton.gripays.com/Scripts/ 2 KB
2 KB 1426ms
1422ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/newsJS.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

fe57363456c3514a78c4d3b711360738d94cec7b1a04f7a126d67fe09fe4c415

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "e74cfb40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1911
x-xss-protection: 1; mode=block

GET
H2 200 jQuery.print.js Show response
hilton.gripays.com/Scripts/ 6 KB
6 KB 1423ms
1419ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jQuery.print.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

256caffb1e754f339aa0a94e1829318bf2e5de1ad8b1c72a7b98b7bb16bb2daf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "d5e5ce40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 5657
x-xss-protection: 1; mode=block

GET
H2 200 PhoneX.v1.1.js Show response
hilton.gripays.com/Scripts/ 10 KB
10 KB 1424ms
1420ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/PhoneX.v1.1.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

dcadc83970d3de9f3ea293dd7cc20dab593655bd2748891082f0f846503e47fc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "1077c640d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 9836
x-xss-protection: 1; mode=block

GET
H2 200 bootbox.min.js Show response
hilton.gripays.com/Scripts/ 10 KB
10 KB 1425ms
1421ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/bootbox.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

aa65b1ef5c0d76d4edf0a811e12eb3147547f780c710d55881085753fe99a888

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "6adc940d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 9977
x-xss-protection: 1; mode=block

GET
H2 200 netah-customvalidations.js Show response
hilton.gripays.com/Scripts/ 897 B
984 B 1427ms
1423ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/netah-customvalidations.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

0bbf7c6cb6739df84ab682f2b09bd1bd9fc8266a830fa0c8f16a198b9a0b1acb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "9dc0f940d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 897
x-xss-protection: 1; mode=block

GET
H2 200 blockui-custom.css
hilton.gripays.com/scripts/payment/lib/spinner/ 847 B
965 B 1044ms
1041ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/spinner/blockui-custom.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

d245121a1bedbd687e41bcd775082281237345d3ad92bcc14cee596e0a91529b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "4d98de33fcd91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 847
x-xss-protection: 1; mode=block

GET
H2 200 blcokui-custom.js Show response
hilton.gripays.com/scripts/payment/lib/spinner/ 533 B
642 B 1427ms
1424ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/spinner/blcokui-custom.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

7c534d7b90292026eb5dec29316202c6e9c761fa817584720c4d24816d1efc47

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "5b4ade33fcd91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 533
x-xss-protection: 1; mode=block

GET
H2 200 footer-logo.css
hilton.gripays.com/Content/css/ 1 KB
1 KB 1055ms
1052ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/footer-logo.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

a30a6a8410f5f697b532ed9de6af8d58acb024340f5677e8610a3c02b0f88c83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "13c554b33fcd91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1103
x-xss-protection: 1; mode=block

GET
H2 200 moment.min.js Show response
hilton.gripays.com/scripts/payment/lib/momentjs/ 68 KB
68 KB 1428ms
1425ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/momentjs/moment.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

1c7d3fc08f3f53cb674f304de483c1a46c313c00ee57fd2caac7276dd7576ab6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "5fa39e33fcd91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 69162
x-xss-protection: 1; mode=block

GET
H2 200 moment-with-locales.min.js Show response
hilton.gripays.com/scripts/payment/lib/momentjs/ 395 KB
396 KB 1473ms
1470ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/momentjs/moment-with-locales.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

2dc975693b698afaac4bb5dea09d1a1ec3899770db23b8ebba23c43b2d4042b0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "17347e33fcd91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 404475
x-xss-protection: 1; mode=block

GET
H2 200 ea.js Show response
hilton.gripays.com/scripts/payment/lib/ramdajs/ 6 KB
6 KB 1734ms
1731ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/ramdajs/ea.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

38b55168c999f7f276452163c9265b1db06325242249f562fe8423bef725a8f7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "a086f9a8c18da1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 6512
x-xss-protection: 1; mode=block

GET
H2 200 ea.lodash.map.js Show response
hilton.gripays.com/scripts/payment/lib/ramdajs/ 2 KB
3 KB 1780ms
1777ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/ramdajs/ea.lodash.map.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

34dfd68ae9ca751373ee729e0fe072d20051dc7a0dd189a204c9de9e60568e4f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "8dd4f9a8c18da1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 2520
x-xss-protection: 1; mode=block

GET
H2 200 validator.js Show response
hilton.gripays.com/scripts/payment/ 11 KB
11 KB 1781ms
1779ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/validator.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

12baea2a1137a422b7b130a8cfb99f1faaa46f86a402e2ca3a7b39bf543e6c77

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "3ee5faa8c18da1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 11219
x-xss-protection: 1; mode=block

GET
H2 200 app.utils.js Show response
hilton.gripays.com/Scripts/payment/ 10 KB
11 KB 1783ms
1781ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/payment/app.utils.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

5108c47f4f494b35376d3f1aeafc26937cced63aac951accbba38bfd41bf0dce

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "7d7bf6a8c18da1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 10646
x-xss-protection: 1; mode=block

GET
H2 200 app.base.js Show response
hilton.gripays.com/scripts/payment/ 5 KB
5 KB 1784ms
1782ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.base.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

3064d9c413050ac9e6e6cfc471f7fcfdbd09571b0362f3d8375848c690d0e339

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "983aeaa8c18da1:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 4751
x-xss-protection: 1; mode=block

GET
H2 200 whitelogo-97160.png
hilton.gripays.com/SiteFiles/images/logo/ 4 KB
5 KB 1787ms
1785ms Image
image/png 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/SiteFiles/images/logo/whitelogo-97160.png

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

89c1bccaa2ff8e1e18b423e24655789a80f714ae6d429e0b3b01043b92398cd5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 28 Jun 2022 09:31:14 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "1d1e7dcfd18ad81:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 4549
x-xss-protection: 1; mode=block

GET
H2 200 ic_Dropdown.svg
hilton.gripays.com/Content/images/ 385 B
2 KB 1785ms
1783ms Image
image/svg+xml 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/Content/images/ic_Dropdown.svg

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

43c6e97df1e63e6450e795acf1ec292be6bdfdcb976200ef46321102ff797b1c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "7ee266b33fcd91:0"
date: Tue, 17 Sep 2024 11:56:03 GMT
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 385
x-xss-protection: 1; mode=block

GET
H2 200 newsCSS.css
hilton.gripays.com/Content/css/ 1 KB
1 KB 77ms
77ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/newsCSS.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

601621a81c3fe0d882857330fd1f57b481c4d92e70ff64f001714e47e3c5fecd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "f41b59b33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1222
x-xss-protection: 1; mode=block

GET
H2 200 jquery.treeview.css
hilton.gripays.com/Content/css/ 3 KB
3 KB 73ms
72ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/jquery.treeview.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

e7bf91b8d923128495294b30d2247689b82d4bddb25ab94bc0ec877420f4b68d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:48 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "12cfbb3cd1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 2864
x-xss-protection: 1; mode=block

GET
H2 200 step1-responsive.css
hilton.gripays.com/Content/css/ 9 KB
9 KB 81ms
72ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/step1-responsive.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

ac9197367994ea2a1e02b11576eaf5b5d6a7def74c27c678dcfe2b5e6fde1f81

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "3e05cb33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 9380
x-xss-protection: 1; mode=block

GET
H2 200 creditcardSaveArea.css
hilton.gripays.com/Content/css/ 2 KB
2 KB 77ms
68ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/creditcardSaveArea.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

c965058cc67db008974a4514039f3bee601639f20257a2ff54070215e2862ff0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:48 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "a6c8b53cd1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 2373
x-xss-protection: 1; mode=block

GET
H2 200 select2.css
hilton.gripays.com/Scripts/select2/ 20 KB
20 KB 78ms
69ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/select2/select2.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

43541cbd8b7dc2801f643fc23c1655500348515a9f86081330bf8b86a8ccb38c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:56 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "eea22941d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 20161
x-xss-protection: 1; mode=block

GET
H2 200 select2-bootstrap.css
hilton.gripays.com/Scripts/select2/ 3 KB
3 KB 81ms
73ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/select2/select2-bootstrap.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

c46337cd356ac8802aa93b305bbcf5b5967f0ba9b246d588342bb602206a4957

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:56 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "ff2d2941d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 3434
x-xss-protection: 1; mode=block

GET
H2 200 step1-responsive-responsive.css
hilton.gripays.com/Content/css/ 7 KB
7 KB 79ms
71ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/step1-responsive-responsive.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

cd5c2b3be101c3f87a5720fab187d9ec9f5a394075b73b599fc276a5a60c566f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "52b25bb33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 7020
x-xss-protection: 1; mode=block

GET
H2 200 autoNumeric-1.9.7.js Show response
hilton.gripays.com/Scripts/ 60 KB
60 KB 83ms
75ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/autoNumeric-1.9.7.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

87e0a6c214f169c58f4a209a9d0266627821181723b8bb2234b11e4274ff92b8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "70bfc840d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 61000
x-xss-protection: 1; mode=block

GET
H2 200 jquery.metadata.js Show response
hilton.gripays.com/Scripts/ 4 KB
4 KB 132ms
123ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.metadata.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

9cda244ee1ec95d87bb58e5496b36103d154a50fdc1f95c669279f9bce22b6b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "ab15d840d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 3734
x-xss-protection: 1; mode=block

GET
H2 200 jquery.maskedinput.js Show response
hilton.gripays.com/Scripts/ 10 KB
10 KB 134ms
125ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.maskedinput.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

b134fc3f777a1aeb46d45b7999e88fb655daa62f4fafe5bcaed5f70b4bb7bcef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:58 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "4faebed33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 10498
x-xss-protection: 1; mode=block

GET
H2 200 jquery.tcno.js Show response
hilton.gripays.com/Scripts/ 700 B
786 B 133ms
124ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.tcno.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

cde07fec26093cb4a231f6325dc0f1a64df6d225c3605afa9ded6ff849a58d6c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "9df2da40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 700
x-xss-protection: 1; mode=block

GET
H2 200 payment.step1.js Show response
hilton.gripays.com/Scripts/ 37 KB
37 KB 185ms
176ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/payment.step1.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

ed20821920dc7f89cd36d63426e9f1054983220d2864c3d4c6a0627299d52fbc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "4acbe7a8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 38279
x-xss-protection: 1; mode=block

GET
H2 200 IsnetIVR.js Show response
hilton.gripays.com/Scripts/ 17 KB
17 KB 281ms
272ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/IsnetIVR.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

a7a5c0d2c0094c1b6fb00c5d8edb62d5f1b2f76686cec50956265aa43aeb6243

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:58 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "af85a9d33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 17501
x-xss-protection: 1; mode=block

GET
H2 200 jquery.floatnumber.js Show response
hilton.gripays.com/Scripts/ 1 KB
1 KB 231ms
222ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.floatnumber.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

c8a0c2e28bcdc50b72e2b2381bdbdc785d060b2b5409915f6a2f43c28bacba21

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "d1d1d440d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1100
x-xss-protection: 1; mode=block

GET
H2 200 jquery.numeric.min.js Show response
hilton.gripays.com/Scripts/ 2 KB
2 KB 234ms
225ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.numeric.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

b51b9428938178652b2c6d519ca16378729c275def462c6a5008afec7a23304f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "b7a4da40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1618
x-xss-protection: 1; mode=block

GET
H2 200 jquery.fancybox.min.js Show response
hilton.gripays.com/Scripts/ 60 KB
60 KB 138ms
129ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.fancybox.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

9b987df4fdef856cfd3c56446958a05c7b48799ce385f4231b2a2ed587635d99

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "ef5cd440d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 61497
x-xss-protection: 1; mode=block

GET
H2 200 netahsilat-common.js Show response
hilton.gripays.com/Scripts/ 497 B
606 B 182ms
174ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/netahsilat-common.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

d98764cd0cee2b5e060bbabd5430564edc3e2d0714ebd529790d39ed9361714e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "a645e6a8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 497
x-xss-protection: 1; mode=block

GET
H2 200 jquery.treeview.js Show response
hilton.gripays.com/Scripts/ 8 KB
8 KB 230ms
221ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.treeview.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

2fb228822d707ae659c96a7d71edeefa2f380d10dd44e862db7e412142e77e9e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "8740db40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 8518
x-xss-protection: 1; mode=block

GET
H2 200 accounting.min.js Show response
hilton.gripays.com/Scripts/ 3 KB
3 KB 134ms
126ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/accounting.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

47d395f4ce7adf116a505aae803f5815bd0681effa91ae6dd4730306cb262e4c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "0c5c640d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 3136
x-xss-protection: 1; mode=block

GET
H2 200 contractChange.js Show response
hilton.gripays.com/Scripts/ 3 KB
3 KB 136ms
128ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/contractChange.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

12957beb8e162235ecdf1e0fd0f990733c4886905b2bb83df8dfc4554f5bb00a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "58bccb40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 3203
x-xss-protection: 1; mode=block

GET
H2 200 step1.validators.js Show response
hilton.gripays.com/Scripts/ 2 KB
2 KB 234ms
226ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/step1.validators.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

2db1055d140e5445c0c9eb8d20f45f6e8a119852b9e06db4c3a85bf5d4da2ce2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "fa6013e33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 2164
x-xss-protection: 1; mode=block

GET
H2 200 netahsilat-bind-validate.js Show response
hilton.gripays.com/Scripts/ 2 KB
2 KB 135ms
127ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/netahsilat-bind-validate.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

33339448c153f4231f0738319cef9871ccbf4ec52869d189b55f104a11daf885

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:58 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "26e4ced33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1659
x-xss-protection: 1; mode=block

GET
H2 200 jquery.whensync.js Show response
hilton.gripays.com/Scripts/ 4 KB
5 KB 183ms
175ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.whensync.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

6e5bb236440130940532f19aa3045fc8a9df60aeeb3d17ef2758b6721b74d179

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "359fdc40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 4401
x-xss-protection: 1; mode=block

GET
H2 200 jquery.payment.min.js Show response
hilton.gripays.com/Scripts/ 8 KB
9 KB 228ms
220ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.payment.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

02d3709d91b85e4a77e92d84e8179a73a8162d6a2c344d2a295585cd2c1002f5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:58 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "d381c0d33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 8679
x-xss-protection: 1; mode=block

GET
H2 200 select2.min.js Show response
hilton.gripays.com/Scripts/select2/ 65 KB
65 KB 281ms
274ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/select2/select2.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

a0cc32ab6c0b0ee25c84c0ed4a5112954444ad68687078f1a0c71846fe932544

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:56 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "d2c92941d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 66618
x-xss-protection: 1; mode=block

GET
H2 200 select2_locale_tr.js Show response
hilton.gripays.com/Scripts/select2/ 937 B
1023 B 237ms
230ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/select2/select2_locale_tr.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

1fede54613ec7bf83ba2e76afef2e8bb2eed3e67db2d018e4412ceedacff30cd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "e89d12e33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 937
x-xss-protection: 1; mode=block

GET
H2 200 jquery.slimscroll.min.js Show response
hilton.gripays.com/scripts/payment/lib/slimscroll/ 5 KB
5 KB 328ms
320ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/slimscroll/jquery.slimscroll.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

2221317b9e2d487bde03da54ba3b092cedaa5bee1418618823e8d71740f2fb3c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "81d5ce33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 4739
x-xss-protection: 1; mode=block

GET
H2 200 app.step1.definitions.js Show response
hilton.gripays.com/scripts/payment/ 1 KB
1 KB 330ms
323ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.step1.definitions.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

9624d865bd78a21bd9d9acb9a760c49bd584510fd9621abe0f90967d6e409c52

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Mon, 08 Jan 2024 06:36:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "20f5ef14fd41da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1383
x-xss-protection: 1; mode=block

GET
H2 200 mfs-client.min.js Show response
hilton.gripays.com/scripts/payment/lib/mfs/ 57 KB
58 KB 235ms
228ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/mfs/mfs-client.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

b821029a333549217d485fe9382a4ec65619e65d9e42de96547191744a989251

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "dec3f8a8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 58847
x-xss-protection: 1; mode=block

GET
H2 200 app.payment-result.js Show response
hilton.gripays.com/scripts/payment/ 1 KB
1 KB 329ms
322ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.payment-result.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

974e174ec395136acc923edfa73d162b1d02a776e1d9b1b3348529dbfa166548

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "ddd1e3d33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1267
x-xss-protection: 1; mode=block

GET
H2 200 app.paymentpage-tabs.js Show response
hilton.gripays.com/scripts/payment/ 493 B
579 B 331ms
324ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.paymentpage-tabs.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

8e82e7590d9141883eb3121ab4559d6af9d12c484e30e538861f2a713e583c13

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "d143f5a8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 493
x-xss-protection: 1; mode=block

GET
H2 200 date.format.js Show response
hilton.gripays.com/Scripts/ 4 KB
4 KB 332ms
325ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/date.format.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

00aa9bf334f2cc56c4e3485e2b8e4f0586f213c2ecdb1024281e532c4a1a94f5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "17d5cd40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 4011
x-xss-protection: 1; mode=block

GET
H2 200 netahsilat-validator.js Show response
hilton.gripays.com/Scripts/ 8 KB
8 KB 334ms
327ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/netahsilat-validator.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

6a4f3671670449241cd17f1337d1933d0bc856b3e2f40c4f230222053f1bf0f9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "49f6fa40d1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 8219
x-xss-protection: 1; mode=block

GET
H2 200 app.payment-type.js Show response
hilton.gripays.com/scripts/payment/ 7 KB
9 KB 335ms
328ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.payment-type.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

60d823dfc0a1dda00795c7084800d198ec6a751f04574962e7dc097870b12b09

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "f2cef4a8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 7632
x-xss-protection: 1; mode=block

GET
H2 200 app.comm-apply-type.js Show response
hilton.gripays.com/scripts/payment/ 2 KB
2 KB 338ms
331ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.comm-apply-type.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

5a2077414084e5c86177989c804c52f51ea128388817ef0560f4d7a7b67fa8e9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "78afeaa8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1688
x-xss-protection: 1; mode=block

GET
H2 200 money.min.js Show response
hilton.gripays.com/scripts/payment/lib/money/ 1 KB
1 KB 230ms
224ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/money/money.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

9b9bc077bc024c84b351e25ba45ac659ab2e3f3378ec2cab40613a11b9b62514

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "10dbae33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1298
x-xss-protection: 1; mode=block

GET
H2 200 app.currencies.js Show response
hilton.gripays.com/Scripts/payment/ 5 KB
5 KB 339ms
332ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/payment/app.currencies.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

b58d3417453860d41380f244ed1fdc4a8cfdd53772c1b5646b0ca2aa4f8040f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "2ac0eba8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 4940
x-xss-protection: 1; mode=block

GET
H2 200 math.js Show response
hilton.gripays.com/scripts/payment/lib/ 562 KB
563 KB 336ms
330ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/math.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

65ef8b042e1ed064e1a64c38e9614296f09253e2a4ed1ea6dde6367ac3369f4b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "209afed33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 575562
x-xss-protection: 1; mode=block

GET
H2 200 app.amount.js Show response
hilton.gripays.com/scripts/payment/ 7 KB
7 KB 1037ms
1030ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.amount.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

30d1b54b7c0b0e3df322c943af924f99d10d1ac12f259b4f2194f8c0b1e1d3ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Thu, 02 Nov 2023 11:44:09 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "9fac33e481dda1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 7544
x-xss-protection: 1; mode=block

GET
H2 200 app.sap-inquiry.js Show response
hilton.gripays.com/Scripts/payment/ 2 KB
2 KB 1038ms
1031ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/payment/app.sap-inquiry.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

6affb9d33806abcc940f3a8bc47f73105921edb9b9a22464f6ac8d653e4c7594

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "c56af5a8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 2073
x-xss-protection: 1; mode=block

GET
H2 200 app.coupon-inquiry.js Show response
hilton.gripays.com/Scripts/payment/ 3 KB
3 KB 1039ms
1033ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/payment/app.coupon-inquiry.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

619b3214901d390f7e683f4a42e042fd0d795ef72768439a35dcf7c7003f16b7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "5dfdeaa8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 2672
x-xss-protection: 1; mode=block

GET
H2 200 app.mailorder.js Show response
hilton.gripays.com/scripts/payment/ 298 B
384 B 1040ms
1034ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.mailorder.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

af2f7a39fb9c18d5d6218796adfe736650cd1118b791d83bcc800b028ebf6a83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "a41dfd33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 298
x-xss-protection: 1; mode=block

GET
H2 200 font-awesome.css
hilton.gripays.com/Content/fonts/font-awesome-4.5.0/css/ 34 KB
35 KB 1042ms
1035ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/fonts/font-awesome-4.5.0/css/font-awesome.css

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

6a8fc411147009f527b9d2e4f2955b1c15cfca90f4362067f7d5245e69d0e66f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Mon, 14 Aug 2023 08:40:33 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "80566fd8aced91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 35319
x-xss-protection: 1; mode=block

GET
H2 200 app.maximobile.js Show response
hilton.gripays.com/scripts/payment/ 1000 B
1 KB 1094ms
1088ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.maximobile.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

1456911e1a0444dea0b54bea815fe3a6fe7d3b0ff3be9035896bbdfafec3618e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "6b89e1d33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1000
x-xss-protection: 1; mode=block

GET
H2 200 icon-triangle-green.png
hilton.gripays.com/content/images/ 136 B
254 B 1095ms
1089ms Image
image/png 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/content/images/icon-triangle-green.png

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

995d52357d987efc60bbfc2d952f2d44e65cb5ad0437205a0353e5eb14f95028

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:49 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "d4c5163dd1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 136
x-xss-protection: 1; mode=block

GET
H2 200 app.installment-info.js Show response
hilton.gripays.com/Scripts/payment/ 3 KB
3 KB 1097ms
1091ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/payment/app.installment-info.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

1d754aa2c0e98bad4abbe1ba9766cd694ee072e30cb90c45ca852581724129e9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "c083dcd33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 3465
x-xss-protection: 1; mode=block

GET
H2 200 app.installment-type.js Show response
hilton.gripays.com/scripts/payment/ 9 KB
9 KB 1099ms
1093ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.installment-type.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

577de39a01c0ffe7cb2d744f59e6bd7da3f75420cf53bda18dcd6f7f129d837a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Mon, 08 Jan 2024 06:36:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "20f5ef14fd41da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 9217
x-xss-protection: 1; mode=block

GET
H2 200 app.installment-table.js Show response
hilton.gripays.com/scripts/payment/ 49 KB
49 KB 1097ms
1092ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.installment-table.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

f0eb624508ee3d61336c3d1d698bd5eb39713ad1c20d851ec97eca60c507cc11

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Mon, 08 Jan 2024 06:36:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "20f5ef14fd41da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 50052
x-xss-protection: 1; mode=block

GET
H2 200 app.custom-installments.js Show response
hilton.gripays.com/scripts/payment/ 12 KB
12 KB 1147ms
1141ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.custom-installments.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

3ae1bd1a9bbe12dcc62755a79ae5ca53d6ee44a297a0f9651113d626f81f61bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 02 Jan 2024 12:00:15 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "33b09d3f733dda1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 11977
x-xss-protection: 1; mode=block

GET
H2 200 guvenliodeme.jpg
hilton.gripays.com/Content/Images/ 22 KB
22 KB 1196ms
1190ms Image
image/jpeg 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/Content/Images/guvenliodeme.jpg

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

7477da3d04e1bdc6d49be1b95e428bdb7c89c9655790b64cfb407d6b1d206f0d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:49 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "9dc0153dd1c9d91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: image/jpeg
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 22136
x-xss-protection: 1; mode=block

GET
H2 200 card.css
hilton.gripays.com/scripts/payment/lib/cardjs/css/ 1 KB
2 KB 1199ms
1194ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/cardjs/css/card.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

09e32a5d06501f001d0a6fba7b51bb8287be4befdaa24583c90f785c0ce306b2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "2a1eecd33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1173
x-xss-protection: 1; mode=block

GET
H2 200 card.js Show response
hilton.gripays.com/scripts/payment/lib/cardjs/js/ 3 KB
3 KB 1200ms
1195ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/cardjs/js/card.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

6cb9d79323588d02c8af2bf7d03643232fd8c0ef169e2b16c15571ba838d6300

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "ec7edd33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 3465
x-xss-protection: 1; mode=block

GET
H2 200 jquery.payment.js Show response
hilton.gripays.com/scripts/payment/lib/jquery-payment/ 21 KB
21 KB 1198ms
1193ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/lib/jquery-payment/jquery.payment.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

207805dac6dabcb69fc22d35356c944c3bb953210fdeab6f40a49735c80fc132

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "c47cedd33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 21729
x-xss-protection: 1; mode=block

GET
H2 200 pgw-client.js Show response
hilton.gripays.com/scripts/payment/ 9 KB
9 KB 1817ms
1812ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/pgw-client.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

1092a0e40ae401e52acbdc900140b015c9600a0660b363e0ffbaf992a3547fc3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "6370faa8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 9221
x-xss-protection: 1; mode=block

GET
H2 200 app.payment-creditcard.js Show response
hilton.gripays.com/scripts/payment/ 26 KB
26 KB 1820ms
1815ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.payment-creditcard.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

33e7a6152cefb3fe58a27c7908d5ec1c48fd3bbc8b6a3e1e0283531314ba5799

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Mon, 08 Jan 2024 06:36:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "20f5ef14fd41da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 26461
x-xss-protection: 1; mode=block

GET
H2 200 gateway.payment.handler.js Show response
hilton.gripays.com/scripts/payment/ 8 KB
8 KB 1839ms
1834ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/gateway.payment.handler.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

5ee1f35dc31ba8b51149e79a6d8d5e82efb60e16f6f699eb70f061bcb4f790b9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Mon, 08 Jan 2024 06:36:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "2058f214fd41da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 8244
x-xss-protection: 1; mode=block

GET
H2 200 ntapplication.js Show response
hilton.gripays.com/Scripts/ 52 KB
52 KB 1840ms
1835ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/ntapplication.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

58490e0ca6f284fdccb3ba5bb3e4747de9fcda491abcbb51171f260d267db75a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "6e8e7a8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 53528
x-xss-protection: 1; mode=block

GET
H2 200 GetCaptchaForCompaign
hilton.gripays.com/Account/ 1 KB
3 KB 2042ms
2039ms Image
image/jpeg 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/Account/GetCaptchaForCompaign?captchaType=CampaignCaptcha

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

cd5bdf66c045cdda90fd340cbbf9fa165bcba72bf8bca6f65f6128370d1eec29

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length: 1476
x-xss-protection: 1; mode=block

GET
H2 200 jQuery.print.js Show response
hilton.gripays.com/scripts/ 6 KB
2 KB 1919ms
1914ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/jQuery.print.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

256caffb1e754f339aa0a94e1829318bf2e5de1ad8b1c72a7b98b7bb16bb2daf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-permitted-cross-domain-policies: none
date: Tue, 17 Sep 2024 11:56:06 GMT
content-length: 1704
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
etag: "804d6740d1c9d91:0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 app.payment-forms.js Show response
hilton.gripays.com/Scripts/payment/ 12 KB
12 KB 1941ms
1936ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/payment/app.payment-forms.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

3f5562a035df61277962cafc61195a459328534b204aff7c37f5f5689743e4ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 02 Jan 2024 12:00:15 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "a2d49f3f733dda1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 12126
x-xss-protection: 1; mode=block

GET
H2 200 GetCaptcha
hilton.gripays.com/Account/ 1 KB
2 KB 2043ms
2040ms Image
image/jpeg 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/Account/GetCaptcha?captchaType=PaymentCaptcha

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

0cfa26438d5c97c9ccb68d01c5973762617c5d42411d2de5d80cd01c49814fff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length: 1508
x-xss-protection: 1; mode=block

GET
H2 200 app.checkcurrencychange.js Show response
hilton.gripays.com/Scripts/payment/ 1 KB
1 KB 1942ms
1938ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/payment/app.checkcurrencychange.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

e37df723b0aa9e1bea675229716e545e86d11a640e1db62c305f0dfa447980dd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:58 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "fd69d7d33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1241
x-xss-protection: 1; mode=block

GET
H2 200 MasterPass_Logo.png
hilton.gripays.com/Content/images/ 21 KB
21 KB 2045ms
2041ms Image
image/png 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/Content/images/MasterPass_Logo.png

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

5cc0a8f83d6dadbefb0f8747bc30a529161fbe75c9ebce1f523e5644b6b28bf2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "339c63b33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 21463
x-xss-protection: 1; mode=block

GET
H2 200 app.masterpass-kmh.js Show response
hilton.gripays.com/Scripts/payment/ 11 KB
11 KB 1957ms
1952ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/payment/app.masterpass-kmh.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

e93d4160aa86193598fa2b04089d50aba9792eb4054f216fa417d9b5f6fd9f8b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "f50f1a8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 10820
x-xss-protection: 1; mode=block

GET
H2 200 app.step1.js Show response
hilton.gripays.com/scripts/payment/ 29 KB
29 KB 1959ms
1955ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.step1.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

b9464994731b3be0b4c8f157d190cb1c28d3df585137011a8fd52da87fb7fecb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Mon, 08 Jan 2024 06:36:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "2058f214fd41da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 29528
x-xss-protection: 1; mode=block

GET
H2 200 app.dynamic-fields.js Show response
hilton.gripays.com/scripts/payment/ 45 KB
45 KB 1992ms
1988ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.dynamic-fields.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

32ea756e300eea4de18074b3fb2b631762fd788922e4ee8a3679d67022feff0f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Fri, 27 Oct 2023 10:38:01 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "ef1eeda8c18da1:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 46276
x-xss-protection: 1; mode=block

GET
H2 200 footer.css
hilton.gripays.com/Content/css/ 1 KB
1 KB 2021ms
2017ms Stylesheet
text/css 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/css/footer.css?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

627102afe7587f5020faea4db66d8f93c98a9cbe3070a9134b03b4104885aa34

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "fd1255b33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 1071
x-xss-protection: 1; mode=block

GET
H2 200 pay-logos.png
hilton.gripays.com/Content/images/ 64 KB
64 KB 2059ms
2055ms Image
image/png 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/Content/images/pay-logos.png

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

8432db6d774ec4a8b2667b853df0528b87293659d2a6b003022ed42bbd75bbe5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "d69f70b33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 65204
x-xss-protection: 1; mode=block

GET
H2 200 app.module-initializer.js Show response
hilton.gripays.com/scripts/payment/modules/ 397 B
520 B 2023ms
2018ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/modules/app.module-initializer.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

9c0571d9d288abb9c3f3336f06b7a5816fb226d66ad81cf89693143892c68dbe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "61f110e33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 397
x-xss-protection: 1; mode=block

GET
H2 200 app.apply-bindings.js Show response
hilton.gripays.com/scripts/payment/ 87 B
173 B 2024ms
2020ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/scripts/payment/app.apply-bindings.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

89eb814dc133527ebe5e87ac848acd40a81d42fb856ebdd77c604e9dfd5c1a1b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:58 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "4159d6d33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 87
x-xss-protection: 1; mode=block

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 100ms
30ms Script
text/javascript 142.250.181.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 17 Sep 2024 11:20:02 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 2164
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 17 Sep 2024 13:20:02 GMT

GET
H2 200 new-ui-bg.png
hilton.gripays.com/Content/images/ 497 KB
498 KB 1244ms
1241ms Image
image/png 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/Content/images/new-ui-bg.png

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Content/css/new-ui.css?v=1.23.11.G.O.P.S.

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

be5867dfde187c40da20e1241122f0d369fd71ccfc021d6dbce1c9c63ba73446

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "5b7e6eb33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 509297
x-xss-protection: 1; mode=block

GET
H2 200 Axiforma_Normal.otf
hilton.gripays.com/Content/fonts/ 111 KB
112 KB 2107ms
2107ms Font
font/otf 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/fonts/Axiforma_Normal.otf

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Content/css/new-ui.css?v=1.23.11.G.O.P.S.

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

2f09fcbab4ce2267474d595b0c6f9b2d49f366becf6a783f6d445ffd6000bfa7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://hilton.gripays.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "e9e95cb33fcd91:0"
date: Tue, 17 Sep 2024 11:56:06 GMT
x-frame-options: SAMEORIGIN
content-type: font/otf
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 113904
x-xss-protection: 1; mode=block

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
223 B 38ms
37ms XHR
text/plain 142.250.181.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=789675573&t=pageview&_s=1&dl=https%3A%2F%2Fhilton.gripays.com%2FPayment%2FUnAuthenticatedPayment%3FnotAut%3DTrue%26mouid%3Db52fd1f7-b5c7-4033-8823-c7f8caf3b2b7%26pltf%3D1&ul=de-at&de=UTF-8&dt=Hilton&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBACEABBAAAACAAI~&jid=345762444&gjid=282570839&cid=1338146321.1726574167&tid=UA-106214439-1&_gid=2057799090.1726574167&_r=1&_slc=1&z=514203337

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

e2b8eb44cdf7b70aa4f0059c0e19f13d7edbc1c48393f2bbfd8f3047b4fcd317

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 Sep 2024 11:56:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://hilton.gripays.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET js
www.googletagmanager.com/gtag/ 0
0

GET
H2 200 jQuery.print.js Show response
hilton.gripays.com/Scripts/ 6 KB
0 0ms
0ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jQuery.print.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

256caffb1e754f339aa0a94e1829318bf2e5de1ad8b1c72a7b98b7bb16bb2daf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
date: Tue, 17 Sep 2024 11:56:03 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "d5e5ce40d1c9d91:0"
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 5657
x-xss-protection: 1; mode=block

GET
H2 200 jquery.validate.min.js Show response
hilton.gripays.com/Scripts/ 25 KB
0 0ms
0ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/jquery.validate.min.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

14ae032071d8b0430d9b6fc5ad54202464d0152851a244577a454237b4a55c8b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
date: Tue, 17 Sep 2024 11:56:03 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "6a3dc40d1c9d91:0"
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 25376
x-xss-protection: 1; mode=block

GET
H2 200 date.format.js Show response
hilton.gripays.com/Scripts/ 4 KB
0 0ms
0ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/date.format.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

00aa9bf334f2cc56c4e3485e2b8e4f0586f213c2ecdb1024281e532c4a1a94f5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
date: Tue, 17 Sep 2024 11:56:06 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "17d5cd40d1c9d91:0"
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 4011
x-xss-protection: 1; mode=block

GET
H2 200 netahsilat-validator.js Show response
hilton.gripays.com/Scripts/ 8 KB
0 0ms
0ms Script
application/javascript 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Scripts/netahsilat-validator.js?v=1.23.11.G.O.P.S.

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

6a4f3671670449241cd17f1337d1933d0bc856b3e2f40c4f230222053f1bf0f9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
date: Tue, 17 Sep 2024 11:56:06 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:55 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "49f6fa40d1c9d91:0"
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 8219
x-xss-protection: 1; mode=block

GET
H2 200 guvenliodeme.jpg
hilton.gripays.com/Content/Images/ 22 KB
0 41ms
41ms Image
image/jpeg 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/Content/Images/guvenliodeme.jpg

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

7477da3d04e1bdc6d49be1b95e428bdb7c89c9655790b64cfb407d6b1d206f0d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
date: Tue, 17 Sep 2024 11:56:06 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 08 Aug 2023 08:20:49 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "9dc0153dd1c9d91:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 22136
x-xss-protection: 1; mode=block

GET
H2 200 kart.png
hilton.gripays.com/Content/themes/base/images/apilogo/diger/ 5 KB
5 KB 168ms
168ms Image
image/png 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/Content/themes/base/images/apilogo/diger/kart.png

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

40eac317dc8e79581f6320c053f096a32bafa864c5979157bd31394e81c7f26b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "705576b33fcd91:0"
date: Tue, 17 Sep 2024 11:56:08 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 5105
x-xss-protection: 1; mode=block

GET
H2 200 Axiforma_Bold.otf
hilton.gripays.com/Content/fonts/ 113 KB
113 KB 634ms
634ms Font
font/otf 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Content/fonts/Axiforma_Bold.otf

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Content/css/new-ui.css?v=1.23.11.G.O.P.S.

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

0caaaa25dc7d5cee5698e28638a07159eb38b2d1900ed26a053e88a08b23ddc4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://hilton.gripays.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:54 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "e9c5cb33fcd91:0"
date: Tue, 17 Sep 2024 11:56:08 GMT
x-frame-options: SAMEORIGIN
content-type: font/otf
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 115280
x-xss-protection: 1; mode=block

GET
H2 200 cards.png
hilton.gripays.com/scripts/payment/lib/cardjs/img/ 68 KB
68 KB 827ms
827ms Image
image/png 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hilton.gripays.com/scripts/payment/lib/cardjs/img/cards.png

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/scripts/payment/lib/cardjs/css/card.css?v=1.23.11.G.O.P.S.

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

765646d2f3d97abecdaa203c1a0be1ca9cfc9d471ed94fd858fa08c463c7e1a3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Wed, 11 Oct 2023 11:06:59 GMT
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
etag: "1baecd33fcd91:0"
date: Tue, 17 Sep 2024 11:56:08 GMT
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes
content-length: 69721
x-xss-protection: 1; mode=block

GET
H2 200 GetBonusList Show response
hilton.gripays.com/Payment/ 92 B
183 B 795ms
795ms XHR
application/json 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Payment/GetBonusList?installment=1&vendorVPosId=3&vPosApiId=10&CampaingCaptcha=&IsActiveCampaignInquiry=false

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Scripts/jquery-1.12.4.min.js?v=1.23.11.G.O.P.S.

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

539241d4bd8e2e5fad682ad78d98d968e7abccfbdf3097c0877804aeabe9355d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
date: Tue, 17 Sep 2024 11:56:08 GMT
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length: 92
x-xss-protection: 1; mode=block

POST
H2 200 displayForVPosApi Show response
hilton.gripays.com/formDefinition/ 0
57 B 794ms
792ms XHR
text/plain 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/formDefinition/displayForVPosApi

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Scripts/jquery-1.12.4.min.js?v=1.23.11.G.O.P.S.

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: text/html, */*; q=0.01
Referer
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
date: Tue, 17 Sep 2024 11:56:08 GMT
x-frame-options: SAMEORIGIN
cache-control: private
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length: 0
x-xss-protection: 1; mode=block

POST
H2 200 / Show response
hilton.gripays.com/payment/installments/ 4 KB
4 KB 686ms
684ms XHR
application/json 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/payment/installments/

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Scripts/jquery-1.12.4.min.js?v=1.23.11.G.O.P.S.

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

3bb8d33af6d0c910f850b5f5372200651d3dde78ce73bc58e707349779bf72d8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
date: Tue, 17 Sep 2024 11:56:08 GMT
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length: 4150
x-xss-protection: 1; mode=block

GET
H2 404 favicon.ico
hilton.gripays.com/ 1 KB
1 KB 79ms
78ms Other
text/html 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/favicon.ico

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
date: Tue, 17 Sep 2024 11:56:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length: 1245
x-xss-protection: 1; mode=block

GET
H2 200 GetBonusList Show response
hilton.gripays.com/Payment/ 92 B
157 B 679ms
678ms XHR
application/json 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/Payment/GetBonusList?installment=1&vendorVPosId=3&vPosApiId=10&CampaingCaptcha=&IsActiveCampaignInquiry=false

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Scripts/jquery-1.12.4.min.js?v=1.23.11.G.O.P.S.

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

539241d4bd8e2e5fad682ad78d98d968e7abccfbdf3097c0877804aeabe9355d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
date: Tue, 17 Sep 2024 11:56:10 GMT
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length: 92
x-xss-protection: 1; mode=block

POST
H2 200 displayForVPosApi Show response
hilton.gripays.com/formDefinition/ 0
55 B 151ms
150ms XHR
text/plain 37.205.1.134
ECOZUM

General

Check archive.org

Show headers Download Go to

Full URL

https://hilton.gripays.com/formDefinition/displayForVPosApi

Requested by

Host: hilton.gripays.com
URL: https://hilton.gripays.com/Scripts/jquery-1.12.4.min.js?v=1.23.11.G.O.P.S.

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

37.205.1.134 , Turkey, ASN211225 (ECOZUM, TR),

Reverse DNS

bebekdeposu.bebekdeposu.com

Software

Microsoft-IIS/10.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: text/html, */*; q=0.01
Referer
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.google.com *.gstatic.com.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com *.jsdelivr.net *.zohocdn.com *.zoho.com *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com; img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com; connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ; frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com;
x-content-type-options: nosniff
referrer-policy: no-referrer
server: Microsoft-IIS/10.0
x-permitted-cross-domain-policies: none
date: Tue, 17 Sep 2024 11:56:08 GMT
x-frame-options: SAMEORIGIN
cache-control: private
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
content-length: 0
x-xss-protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-71ECC5L23M&cx=c&_slc=1

Verdicts & Comments Add Verdict or Comment

215 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hilton.gripays.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: qeq1ltnqk55mdt5uvorghwep
hilton.gripays.com/	1970-01-21 09:12:14	Name: language Value: en-US
.gripays.com/	1970-01-21 09:12:14	Name: _ga Value: GA1.2.1338146321.1726574167
.gripays.com/	1970-01-20 23:37:40	Name: _gid Value: GA1.2.2057799090.1726574167
.gripays.com/	1970-01-20 23:36:14	Name: _gat Value: 1

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.google-analytics.com/analytics.js(Line 23) Message: Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-71ECC5L23M&cx=c&_slc=1' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com *.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
recommendation	warning	URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1 Message: [DOM] Found 2 elements with non-unique id #UsePoint: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	verbose	URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1 Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://hilton.gripays.com/Payment/UnAuthenticatedPayment?notAut=True&mouid=b52fd1f7-b5c7-4033-8823-c7f8caf3b2b7&pltf=1 Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://hilton.gripays.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .google.com .gstatic.com.com .google-analytics.com .doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .zohostatic.com .jsdelivr.net .zohocdn.com .zoho.com .google-analytics.com .paynet.com.tr .bkmexpress.com.tr .masterpassturkiye.com .ecozum.com .google.com .gstatic.com; style-src 'self' 'unsafe-inline' .zohocdn.com .zohostatic.com .ecozum.com; img-src 'self' data: .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .bkmexpress.com.tr .ecozum.com .google-analytics.com stats.g.doubleclick.net .google.com .google.com.tr .masterpassturkiye.com .ecozum.com .ecozum.com.tr ecozum.com.tr; font-src 'self' .zohocdn.com .zohostatic.com .zoho.com .zohopublic.com .ecozum.com .gstatic.com; connect-src 'self' .zoho.com wss://.zohopublic.com .zohopublic.com .google-analytics.com stats.g.doubleclick.net .masterpassturkiye.com .ecozum.com ; frame-src 'self' .zohopublic.com .bkmexpress.com.tr .ecozum.com .google.com; frame-ancestors 'self' .bkmexpress.com.tr .ecozum.com; child-src 'self' .ecozum.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hilton.gripays.com
thsl.at
www.google-analytics.com
www.googletagmanager.com
www.googletagmanager.com
142.250.181.238
37.205.1.134
37.205.4.3
00aa9bf334f2cc56c4e3485e2b8e4f0586f213c2ecdb1024281e532c4a1a94f5
00cf97f5a11afafaaf840f0669ced1be301d6dac855b5eda66e099cc1baa9d69
02d3709d91b85e4a77e92d84e8179a73a8162d6a2c344d2a295585cd2c1002f5
06eb3a433e6797b38bd5831734377b2f1942962baf4ab92507fd3c0d710f5d19
09e32a5d06501f001d0a6fba7b51bb8287be4befdaa24583c90f785c0ce306b2
0bbf7c6cb6739df84ab682f2b09bd1bd9fc8266a830fa0c8f16a198b9a0b1acb
0caaaa25dc7d5cee5698e28638a07159eb38b2d1900ed26a053e88a08b23ddc4
0cfa26438d5c97c9ccb68d01c5973762617c5d42411d2de5d80cd01c49814fff
1092a0e40ae401e52acbdc900140b015c9600a0660b363e0ffbaf992a3547fc3
12957beb8e162235ecdf1e0fd0f990733c4886905b2bb83df8dfc4554f5bb00a
12baea2a1137a422b7b130a8cfb99f1faaa46f86a402e2ca3a7b39bf543e6c77
1456911e1a0444dea0b54bea815fe3a6fe7d3b0ff3be9035896bbdfafec3618e
14ae032071d8b0430d9b6fc5ad54202464d0152851a244577a454237b4a55c8b
18f4b82dc1d7ea86352dd794f0bbc04509456d9a499e142b0d8dbfb9aeeb15f3
1c7d3fc08f3f53cb674f304de483c1a46c313c00ee57fd2caac7276dd7576ab6
1d754aa2c0e98bad4abbe1ba9766cd694ee072e30cb90c45ca852581724129e9
1fede54613ec7bf83ba2e76afef2e8bb2eed3e67db2d018e4412ceedacff30cd
207805dac6dabcb69fc22d35356c944c3bb953210fdeab6f40a49735c80fc132
2221317b9e2d487bde03da54ba3b092cedaa5bee1418618823e8d71740f2fb3c
25355473efa3a334df567e57d142e18006a295533f3ff1c3a4772d8d2ca80430
256caffb1e754f339aa0a94e1829318bf2e5de1ad8b1c72a7b98b7bb16bb2daf
27d92130c0321dad5a03760fd5ac98a3d04ed4c94d88418fe6d50da1f7fc5cbe
2db1055d140e5445c0c9eb8d20f45f6e8a119852b9e06db4c3a85bf5d4da2ce2
2dc975693b698afaac4bb5dea09d1a1ec3899770db23b8ebba23c43b2d4042b0
2f09fcbab4ce2267474d595b0c6f9b2d49f366becf6a783f6d445ffd6000bfa7
2fb228822d707ae659c96a7d71edeefa2f380d10dd44e862db7e412142e77e9e
3064d9c413050ac9e6e6cfc471f7fcfdbd09571b0362f3d8375848c690d0e339
30d1b54b7c0b0e3df322c943af924f99d10d1ac12f259b4f2194f8c0b1e1d3ff
32ea756e300eea4de18074b3fb2b631762fd788922e4ee8a3679d67022feff0f
33339448c153f4231f0738319cef9871ccbf4ec52869d189b55f104a11daf885
33e7a6152cefb3fe58a27c7908d5ec1c48fd3bbc8b6a3e1e0283531314ba5799
34dfd68ae9ca751373ee729e0fe072d20051dc7a0dd189a204c9de9e60568e4f
38b55168c999f7f276452163c9265b1db06325242249f562fe8423bef725a8f7
3ae1bd1a9bbe12dcc62755a79ae5ca53d6ee44a297a0f9651113d626f81f61bd
3bb8d33af6d0c910f850b5f5372200651d3dde78ce73bc58e707349779bf72d8
3f5562a035df61277962cafc61195a459328534b204aff7c37f5f5689743e4ba
40eac317dc8e79581f6320c053f096a32bafa864c5979157bd31394e81c7f26b
424fe557b9be5aa689785f5d3e2d1a78e7fae003720d905c30b89999e37cd2fa
43541cbd8b7dc2801f643fc23c1655500348515a9f86081330bf8b86a8ccb38c
43c6e97df1e63e6450e795acf1ec292be6bdfdcb976200ef46321102ff797b1c
47d395f4ce7adf116a505aae803f5815bd0681effa91ae6dd4730306cb262e4c
494f0ab6f89e6fb8d0f3a4395207a7f06408c972cadaea17f82155dba012555f
507d8570a8030778cca498bb4d70ed0db533a5e2ddbc8a2e18c86ba144f2f8c1
5108c47f4f494b35376d3f1aeafc26937cced63aac951accbba38bfd41bf0dce
539241d4bd8e2e5fad682ad78d98d968e7abccfbdf3097c0877804aeabe9355d
577de39a01c0ffe7cb2d744f59e6bd7da3f75420cf53bda18dcd6f7f129d837a
58490e0ca6f284fdccb3ba5bb3e4747de9fcda491abcbb51171f260d267db75a
58cb3f6173776d12e4fa5e243e4e5e65c8afb8134f0bbf353292108b51915c20
5a2077414084e5c86177989c804c52f51ea128388817ef0560f4d7a7b67fa8e9
5cc0a8f83d6dadbefb0f8747bc30a529161fbe75c9ebce1f523e5644b6b28bf2
5ee1f35dc31ba8b51149e79a6d8d5e82efb60e16f6f699eb70f061bcb4f790b9
601621a81c3fe0d882857330fd1f57b481c4d92e70ff64f001714e47e3c5fecd
60d823dfc0a1dda00795c7084800d198ec6a751f04574962e7dc097870b12b09
619b3214901d390f7e683f4a42e042fd0d795ef72768439a35dcf7c7003f16b7
627102afe7587f5020faea4db66d8f93c98a9cbe3070a9134b03b4104885aa34
65ef8b042e1ed064e1a64c38e9614296f09253e2a4ed1ea6dde6367ac3369f4b
6a4f3671670449241cd17f1337d1933d0bc856b3e2f40c4f230222053f1bf0f9
6a8fc411147009f527b9d2e4f2955b1c15cfca90f4362067f7d5245e69d0e66f
6affb9d33806abcc940f3a8bc47f73105921edb9b9a22464f6ac8d653e4c7594
6cb9d79323588d02c8af2bf7d03643232fd8c0ef169e2b16c15571ba838d6300
6e5bb236440130940532f19aa3045fc8a9df60aeeb3d17ef2758b6721b74d179
733452541a1c6388bb4cbff951382070c2b2fccf19133d53e9d845397980adbc
7477da3d04e1bdc6d49be1b95e428bdb7c89c9655790b64cfb407d6b1d206f0d
765646d2f3d97abecdaa203c1a0be1ca9cfc9d471ed94fd858fa08c463c7e1a3
79e862809101c47e734281f0c4dabb54fd96e9dc5417ae619430f3ad2055b593
7c534d7b90292026eb5dec29316202c6e9c761fa817584720c4d24816d1efc47
8432db6d774ec4a8b2667b853df0528b87293659d2a6b003022ed42bbd75bbe5
8662c547baef4ec2663fdc03ef14493596af5f8dc1da184ccf048aec0d856e55
868db500d2dc8040d4521de7b0424e15d284e72ef63972cbfd64813e1607a9bb
87e0a6c214f169c58f4a209a9d0266627821181723b8bb2234b11e4274ff92b8
89c1bccaa2ff8e1e18b423e24655789a80f714ae6d429e0b3b01043b92398cd5
89eb814dc133527ebe5e87ac848acd40a81d42fb856ebdd77c604e9dfd5c1a1b
8e82e7590d9141883eb3121ab4559d6af9d12c484e30e538861f2a713e583c13
90f41e91a887d1db67ba3aaf71fc17de6aa76ece7ef6fb2e4c4fa084627eeedb
935451bb510c8c44f83e6b6192c204d7ab055563210f70325877c624a452ad59
93c9b6cfe7de253bf4b2b110599bae90b5f1c56a1cf13770425840e7f62e7409
9624d865bd78a21bd9d9acb9a760c49bd584510fd9621abe0f90967d6e409c52
974e174ec395136acc923edfa73d162b1d02a776e1d9b1b3348529dbfa166548
995d52357d987efc60bbfc2d952f2d44e65cb5ad0437205a0353e5eb14f95028
9adcd7086717f1cfe6627ee2612d247910e01100da1d9f0f1b3bec8ed5385547
9b987df4fdef856cfd3c56446958a05c7b48799ce385f4231b2a2ed587635d99
9b9bc077bc024c84b351e25ba45ac659ab2e3f3378ec2cab40613a11b9b62514
9c0571d9d288abb9c3f3336f06b7a5816fb226d66ad81cf89693143892c68dbe
9c11b15142d43838808a95f408b9d63acb85f8d6b1521606e0119de47ec7a6b2
9cda244ee1ec95d87bb58e5496b36103d154a50fdc1f95c669279f9bce22b6b3
a0cc32ab6c0b0ee25c84c0ed4a5112954444ad68687078f1a0c71846fe932544
a30a6a8410f5f697b532ed9de6af8d58acb024340f5677e8610a3c02b0f88c83
a4ca95455f539b2def086141255e9d37845779fc1501833a98a2d026017d2e99
a7a5c0d2c0094c1b6fb00c5d8edb62d5f1b2f76686cec50956265aa43aeb6243
a9ba6fe8e85c330721bae0dd8a1ecf46c81921da5d18df908182aed1fdfc7953
aa65b1ef5c0d76d4edf0a811e12eb3147547f780c710d55881085753fe99a888
ac9197367994ea2a1e02b11576eaf5b5d6a7def74c27c678dcfe2b5e6fde1f81
af2f7a39fb9c18d5d6218796adfe736650cd1118b791d83bcc800b028ebf6a83
b134fc3f777a1aeb46d45b7999e88fb655daa62f4fafe5bcaed5f70b4bb7bcef
b51b9428938178652b2c6d519ca16378729c275def462c6a5008afec7a23304f
b58d3417453860d41380f244ed1fdc4a8cfdd53772c1b5646b0ca2aa4f8040f3
b821029a333549217d485fe9382a4ec65619e65d9e42de96547191744a989251
b89e5291ea57667d6d0d3e0bda2c59e441744d39d35ecd44702ecd01685bac3e
b9464994731b3be0b4c8f157d190cb1c28d3df585137011a8fd52da87fb7fecb
be5867dfde187c40da20e1241122f0d369fd71ccfc021d6dbce1c9c63ba73446
c46337cd356ac8802aa93b305bbcf5b5967f0ba9b246d588342bb602206a4957
c724ac391d17ebbb16838a5e66c2e7ae5b3166611db7016a6dcb374af9ed0a50
c8369d9ac4c13d28abbe40bc452fe63ed6107c2aa2b461a42ca94b898b53cd2f
c8a0c2e28bcdc50b72e2b2381bdbdc785d060b2b5409915f6a2f43c28bacba21
c965058cc67db008974a4514039f3bee601639f20257a2ff54070215e2862ff0
cd5bdf66c045cdda90fd340cbbf9fa165bcba72bf8bca6f65f6128370d1eec29
cd5c2b3be101c3f87a5720fab187d9ec9f5a394075b73b599fc276a5a60c566f
cde07fec26093cb4a231f6325dc0f1a64df6d225c3605afa9ded6ff849a58d6c
d245121a1bedbd687e41bcd775082281237345d3ad92bcc14cee596e0a91529b
d7a4775e342bbb7b02fc12bf9aa56af58cdd5d36a993dbf51bb82d50df27db08
d98764cd0cee2b5e060bbabd5430564edc3e2d0714ebd529790d39ed9361714e
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
dcadc83970d3de9f3ea293dd7cc20dab593655bd2748891082f0f846503e47fc
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e11d301e195aa2d64a348d876b7b345b2221fd3bbdbf9932e929ca5fc90db6f1
e2b8eb44cdf7b70aa4f0059c0e19f13d7edbc1c48393f2bbfd8f3047b4fcd317
e37df723b0aa9e1bea675229716e545e86d11a640e1db62c305f0dfa447980dd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7bf91b8d923128495294b30d2247689b82d4bddb25ab94bc0ec877420f4b68d
e93d4160aa86193598fa2b04089d50aba9792eb4054f216fa417d9b5f6fd9f8b
e9d3803e8030a5c5b759f536beb04d8462994ab6f4595b57a431f2a85804c81f
ed20821920dc7f89cd36d63426e9f1054983220d2864c3d4c6a0627299d52fbc
ef0968035e387c8b468f4a943a9b5998d159c9e2f1a4994c70aa86bf53a9316d
f0eb624508ee3d61336c3d1d698bd5eb39713ad1c20d851ec97eca60c507cc11
f6f3d53dd2240261f157695adf386a5c08014298c19f62ccf63cd162996892d0
f7aa40a5dda6ae6b2063a40f0414f6144b51d7028d2dcd3fdb8f7aedf1dcdb95
fe57363456c3514a78c4d3b711360738d94cec7b1a04f7a126d67fe09fe4c415

hilton.gripays.com Open in urlscan Pro 37.205.1.134 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

136 Requests

99 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

4155 kBTransfer

4229 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

136 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hilton.gripays.com Open in urlscan Pro
37.205.1.134 Public Scan

Screenshot
Live screenshot

Full Image

136
Requests

99 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

4155 kB
Transfer

4229 kB
Size

5
Cookies

136 HTTP transactions
0 data transactions