urlscan.io logo urlscan.io
SecurityTrails logo

qa-pay-authorize.menu2order.com Open in urlscan Pro
40.71.11.178  Public Scan

Go To Rescan Add Verdict Report
URL: https://qa-pay-authorize.menu2order.com/
Submission: On December 06 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 5 countries across 6 domains to perform 18 HTTP transactions. The main IP is 40.71.11.178, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is qa-pay-authorize.menu2order.com.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on August 5th 2021. Valid for: 6 months.
This is the only time qa-pay-authorize.menu2order.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 40.71.11.178 8075 (MICROSOFT...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
6 198.241.207.102 2559 (VISANET)
1 2 104.18.25.161 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
18 6
8    40.71.11.178 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
qa-pay-authorize.menu2order.com
1    2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
6    198.241.207.102 (Singapore)

ASN2559 (VISANET, US)
accept.authorize.net
2    104.18.25.161 (None, )

ASN13335 (CLOUDFLARENET, US)
assets.secure.checkout.visa.com
1    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
8 qa-pay-authorize.menu2order.com qa-pay-authorize.menu2order.com
6 accept.authorize.net qa-pay-authorize.menu2order.com
accept.authorize.net
2 assets.secure.checkout.visa.com 1 redirects accept.authorize.net
1 www.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com accept.authorize.net
1 code.jquery.com qa-pay-authorize.menu2order.com
18 6

This site contains no links.

Subject Issuer Validity Valid
qa-pay-authorize.menu2order.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-08-05 -
2022-02-04		 6 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
*.authorize.net
Entrust Certification Authority - L1K		 2021-02-02 -
2022-03-01		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://qa-pay-authorize.menu2order.com/
Frame ID: 4EA4D4D654AD69444F4688E1152F62A4
Requests: 8 HTTP requests in this frame

Frame: https://accept.authorize.net/payment/payment
Frame ID: 761A6943107DDE7A1A67C68FB5E4091F
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PaymentPage

Page Statistics

18
Requests

94 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

6
IPs

5
Countries

1545 kB
Transfer

1976 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://assets.secure.checkout.visa.com/checkout-widget/resources/js/integration/v1/sdk.js HTTP 302
  • https://assets.secure.checkout.visa.com/checkout-widget/resources/js/integration/v1/sdk.js?refererUrl=accept.authorize.net

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
qa-pay-authorize.menu2order.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qa-pay-authorize.menu2order.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.71.11.178 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
a097487a272dbac4bcc28622f4aecf8938a5c975bb7ddbaf80321795c4dd90aa

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Cache-Control
private
Content-Length
1436
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-AspNetMvc-Version
5.2
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Date
Mon, 06 Dec 2021 21:01:45 GMT
css
qa-pay-authorize.menu2order.com/Content/ 		119 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qa-pay-authorize.menu2order.com/Content/css?v=eTnu410DOWs-5cnsZi0VDuRct0OkwgpJhdsrhH02OJg1
Requested by
Host: qa-pay-authorize.menu2order.com
URL: https://qa-pay-authorize.menu2order.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.71.11.178 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
6ea9705e8df3d2b952cdb34fa05bc36718a2bdfbaaaf208df508670474ad70df

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://qa-pay-authorize.menu2order.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Mon, 06 Dec 2021 21:01:46 GMT
Content-Encoding
gzip
Last-Modified
Mon, 06 Dec 2021 21:01:46 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
User-Agent,Accept-Encoding
Content-Type
text/css; charset=utf-8
Cache-Control
public
Content-Length
27673
Expires
Tue, 06 Dec 2022 21:01:46 GMT
modernizr
qa-pay-authorize.menu2order.com/bundles/ 		11 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qa-pay-authorize.menu2order.com/bundles/modernizr?v=inCVuEFe6J4Q07A0AcRsbJic_UE5MwpRMNGcOtk94TE1
Requested by
Host: qa-pay-authorize.menu2order.com
URL: https://qa-pay-authorize.menu2order.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.71.11.178 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9e83216908224ffbc39992a5e60f93ca21b8e2240ba28025ba679c4b70f7112d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://qa-pay-authorize.menu2order.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Mon, 06 Dec 2021 21:01:46 GMT
Content-Encoding
gzip
Last-Modified
Mon, 06 Dec 2021 21:01:47 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
User-Agent,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Content-Length
5292
Expires
Tue, 06 Dec 2022 21:01:47 GMT
card.png
qa-pay-authorize.menu2order.com/Content/images/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa-pay-authorize.menu2order.com/Content/images/card.png
Requested by
Host: qa-pay-authorize.menu2order.com
URL: https://qa-pay-authorize.menu2order.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.71.11.178 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
bcc42c181cd79a8447addc02271582bea0ff39a7110eb45ad98a9f5a1a94aaef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://qa-pay-authorize.menu2order.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Mon, 06 Dec 2021 21:01:46 GMT
Last-Modified
Tue, 09 Feb 2021 13:49:35 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
ETag
"b08d467eafed61:0"
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
33112
Authorize.net-Logo.jpg
qa-pay-authorize.menu2order.com/Content/images/ 		120 KB
121 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa-pay-authorize.menu2order.com/Content/images/Authorize.net-Logo.jpg
Requested by
Host: qa-pay-authorize.menu2order.com
URL: https://qa-pay-authorize.menu2order.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.71.11.178 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
17c185e113549b7d4c316f04fe0696035dc992c978c2dcfbe90c48b0d8e98722

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://qa-pay-authorize.menu2order.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Mon, 06 Dec 2021 21:01:46 GMT
Last-Modified
Sat, 20 Mar 2021 07:01:12 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
ETag
"a3212cd0561dd71:0"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
123388
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: qa-pay-authorize.menu2order.com
URL: https://qa-pay-authorize.menu2order.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
https://qa-pay-authorize.menu2order.com/
Origin
https://qa-pay-authorize.menu2order.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 06 Dec 2021 21:01:47 GMT
content-encoding
gzip
last-modified
Tue, 02 Mar 2021 17:27:20 GMT
server
nginx
etag
W/"603e7578-15d9d"
vary
Accept-Encoding
x-hw
1638824507.dop010.fr8.t,1638824507.cds289.fr8.hn,1638824507.cds144.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30875
jquery
qa-pay-authorize.menu2order.com/bundles/ 		86 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qa-pay-authorize.menu2order.com/bundles/jquery?v=8Oos0avDZyPg-cbyVzvkIfERIE1DGSe3sRQdCSYrgEQ1
Requested by
Host: qa-pay-authorize.menu2order.com
URL: https://qa-pay-authorize.menu2order.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.71.11.178 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c6c9c55306e0cc0fbd50b3488121de96630e66f6744a6538e97e982d64144889

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://qa-pay-authorize.menu2order.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Mon, 06 Dec 2021 21:01:46 GMT
Content-Encoding
gzip
Last-Modified
Mon, 06 Dec 2021 21:01:47 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
User-Agent,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Content-Length
40204
Expires
Tue, 06 Dec 2022 21:01:47 GMT
bootstrap
qa-pay-authorize.menu2order.com/bundles/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qa-pay-authorize.menu2order.com/bundles/bootstrap?v=M4Nk6kIOwMFflsEKET0iPL9i5YBqbzMzvUOrd8gyCnw1
Requested by
Host: qa-pay-authorize.menu2order.com
URL: https://qa-pay-authorize.menu2order.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.71.11.178 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
a71fd6207f6416a9147eab09c1cafe22c8104507dd6391248ea2921bf7d8d78b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://qa-pay-authorize.menu2order.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Mon, 06 Dec 2021 21:01:46 GMT
Content-Encoding
gzip
Last-Modified
Mon, 06 Dec 2021 21:01:47 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
User-Agent,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Content-Length
14183
Expires
Tue, 06 Dec 2022 21:01:47 GMT
AuthorizeHostedForm
qa-pay-authorize.menu2order.com/Home/ Frame 761A 		455 B
622 B 		Document
General
Check archive.org
Download Go to
Full URL
https://qa-pay-authorize.menu2order.com/Home/AuthorizeHostedForm
Requested by
Host: qa-pay-authorize.menu2order.com
URL: https://qa-pay-authorize.menu2order.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.71.11.178 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b8ec39ffc43705175328b091b3dec648e7258b9ef46086134f9196e1286c50cc

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://qa-pay-authorize.menu2order.com/

Response headers

Cache-Control
private
Content-Length
328
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-AspNetMvc-Version
5.2
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Date
Mon, 06 Dec 2021 21:01:46 GMT
payment
accept.authorize.net/payment/ Frame 761A 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accept.authorize.net/payment/payment
Requested by
Host: qa-pay-authorize.menu2order.com
URL: https://qa-pay-authorize.menu2order.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.241.207.102 , Singapore, ASN2559 (VISANET, US),
Reverse DNS
Software
/
Resource Hash
24ed839729e2136e1be471e84941a30d1d62f7d496f99baad5b44be959699882
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
Origin
https://qa-pay-authorize.menu2order.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://qa-pay-authorize.menu2order.com/

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Expires
-1
X-OPNET-Transaction-Trace
198680c1-28bb-4016-a5fc-2a606c8305f3-22068-4649
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Date
Mon, 06 Dec 2021 21:01:47 GMT
X-Cnection
close
Content-Length
2790
sdk.js
assets.secure.checkout.visa.com/checkout-widget/resources/js/integration/v1/ Frame 761A
Redirect Chain
  • https://assets.secure.checkout.visa.com/checkout-widget/resources/js/integration/v1/sdk.js
  • https://assets.secure.checkout.visa.com/checkout-widget/resources/js/integration/v1/sdk.js?refererUrl=accept.authorize.net
161 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.secure.checkout.visa.com/checkout-widget/resources/js/integration/v1/sdk.js?refererUrl=accept.authorize.net
Requested by
Host: accept.authorize.net
URL: https://accept.authorize.net/payment/payment
Protocol
H2
Server
104.18.25.161 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74f4c38b9e3e97815b9dfe7f5be28ba6321c18e5ed846535645ee0821a15be49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains, max-age=15768000;includeSubdomains;always
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accept.authorize.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 06 Dec 2021 21:01:48 GMT
x-correlation-id
1_1638349169_739_1001334_b2k8l73-6454d8c97k_CHECKOUT-WIDGET
x-content-type-options
nosniff
cf-cache-status
HIT
age
475339
content-security-policy-report-only
block-all-mixed-content; base-uri 'none'; default-src 'self' *.visa.com; script-src-elem 'self' https://assets.secure.checkout.visa.com https://thm.visa.com https://secure.checkout.visa.com https://api-mastercard-src.nd.nudatasecurity.com https://www.aexp-static.com https://aug.americanexpress.com https://srcdcf.americanexpress.com https://webapp.src.discover.com https://dcf.src.discover.com https://src.apis.discover.com https://content.discovercard.com https://smetrics.discover.com *.optimizely.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://payments.google.com https://spay.samsung.com https://policy.cookiereports.com https://translate.google.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://qwww.aexp-static.com https://sandbox-assets.secure.checkout.visa.com https://cdncache-a.akamaihd.net *.discover.com *.mastercard.com *.googletagmanager.com https://gateway.zscalertwo.net https://gateway.zscalerthree.net https://gateway.zscloud.net https://gateway.zscalergov.net https://gateway.zscaler.net https://gateway.zscalerone.net *.amazonaws.com https://cdn.appdynamics.com *.opendns.com *.trendmicro.com 'unsafe-inline' 'unsafe-eval' data *.discovercard.com *.discover.com ; script-src 'self' https://assets.secure.checkout.visa.com https://thm.visa.com https://secure.checkout.visa.com https://api-mastercard-src.nd.nudatasecurity.com https://www.aexp-static.com https://aug.americanexpress.com https://srcdcf.americanexpress.com https://webapp.src.discover.com https://dcf.src.discover.com https://src.apis.discover.com https://content.discovercard.com https://smetrics.discover.com *.optimizely.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://payments.google.com https://spay.samsung.com https://policy.cookiereports.com https://translate.google.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://qwww.aexp-static.com https://sandbox-assets.secure.checkout.visa.com https://cdncache-a.akamaihd.net *.discover.com *.mastercard.com *.googletagmanager.com https://gateway.zscalertwo.net https://gateway.zscalerthree.net https://gateway.zscloud.net https://gateway.zscalergov.net https://gateway.zscaler.net https://gateway.zscalerone.net *.amazonaws.com https://cdn.appdynamics.com *.opendns.com *.trendmicro.com 'unsafe-inline' 'unsafe-eval' data *.discovercard.com *.discover.com ; frame-src data: 'self' https://h.online-metrix.net *.visa.com *.mastercard.com *.americanexpress.com *.aexp-static.com *.assets.mastercard.com https://webapp.src.discover.com https://dcf.src.discover.com https://src.apis.discover.com https://content.discovercard.com https://smetrics.discover.com *.doubleclick.net *.online-metrix.net https://www.googletagmanager.com *.googleapis.com *.cardinalcommerce.com *.opendns.com; style-src 'self' *.secure.checkout.visa.com https://fonts.googleapis.com https://translate.googleapis.com https://icm.aexp-static.com *.assets.mastercard.com https://webapp.src.discover.com https://dcf.src.discover.com https://src.apis.discover.com https://content.discovercard.com https://smetrics.discover.com https://fonts.googleapis.com https://translate.googleapis.com *.googleapis.com 'unsafe-inline'; style-src-elem 'self' *.secure.checkout.visa.com https://fonts.googleapis.com https://translate.googleapis.com https://icm.aexp-static.com *.assets.mastercard.com https://fonts.googleapis.com https://translate.googleapis.com *.googleapis.com 'unsafe-inline'; img-src data: 'self' *.discover.com *.americanexpress.com https://cdn.betread.com https://l.betrad.com *.secure.checkout.visa.com https://cdn.betrad.com https://assets.secure.checkout.visa.com https://thm.visa.com https://secure.checkout.visa.com https://webapp.src.discover.com https://dcf.src.discover.com https://src.apis.discover.com https://content.discovercard.com https://smetrics.discover.com https://src.mastercard.com *.mastercard.com https://api-mastercard-src.nd.nudatasecurity.com https://www.aexp-static.com *.optimizely.com *.doubleclick.net *.online-metrix.net https://www.google-analytics.com https://www.google.com https://maps.gstatic.com https://www.staticv.me https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://www.googletagmanager.com *.google.com *.staticv.me *.twitter.com *.opendns.com h.online-metrix.net *.discovercard.com *.discover.com *.visa.com *.facebook.com *.facebook.net *.cookiereports.com data google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gp www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.nf www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tk www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat https://maps.googleapis.com ; connect-src 'self' *.visa.com *.google-analytics.com *.optimizely.com *.doubleclick.net https://translate.googleapis.com *.googleapis.com https://code.jquery.com *.googletagmanager.com *.secure.checkout.visa.com https://srcservicing-qa.americanexpress.com https://sandbox.src.mastercard.com https://webapp.src.discover.com https://dcf.src.discover.com https://src.apis.discover.com https://content.discovercard.com https://smetrics.discover.com wss://secure.checkout.visa.com *.discover.com ; media-src 'none'; font-src data: 'self' https://www.aexp-static.com https://fonts.gstatic.com *.visa.com https://fonts.googleapis.com *.googleusercontent.com; object-src 'self' https://thm.visa.com; report-uri /logging/logCSPReport; report-to csp-endpoint
content-encoding
br
vary
Accept-Encoding
x-xss-protection
1; mode=block
x-served-by
b2k8l73-6454d8c97k
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000 ; includeSubDomains, max-age=15768000;includeSubdomains;always
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/logging/logCSPReport" }] }, { "max_age": 10886400, "endpoints": [{ "url": "/logging/logCSPReport" }] }
content-type
application/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
6b987396dc205bf5-FRA
expires
Mon, 06 Dec 2021 22:01:48 GMT

Redirect headers

location
https://assets.secure.checkout.visa.com/checkout-widget/resources/js/integration/v1/sdk.js?refererUrl=accept.authorize.net
date
Mon, 06 Dec 2021 21:01:47 GMT
server
cloudflare
cf-ray
6b9873966b115bf5-FRA
content-length
0
vary
Accept-Encoding
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
styles.bundle.css
accept.authorize.net/payment/Scripts/v1/ Frame 761A 		143 KB
143 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accept.authorize.net/payment/Scripts/v1/styles.bundle.css
Requested by
Host: accept.authorize.net
URL: https://accept.authorize.net/payment/payment
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.241.207.102 , Singapore, ASN2559 (VISANET, US),
Reverse DNS
Software
/
Resource Hash
dc8157540700a6d23b6c1d220e4d12112b46cfb3a62770127491695f02c16760
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accept.authorize.net/payment/payment
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Last-Modified
Tue, 30 Mar 2021 16:10:26 GMT
ETag
"05f6317f25d71:0"
Content-Type
text/css
X-Cnection
close
Date
Mon, 06 Dec 2021 21:01:47 GMT
Accept-Ranges
bytes
Content-Length
146648
inline.bundle.js
accept.authorize.net/payment/Scripts/v1/ Frame 761A 		796 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accept.authorize.net/payment/Scripts/v1/inline.bundle.js
Requested by
Host: accept.authorize.net
URL: https://accept.authorize.net/payment/payment
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.241.207.102 , Singapore, ASN2559 (VISANET, US),
Reverse DNS
Software
/
Resource Hash
ed6bb8f42da5f367b561820ea6e61c9f56a06b493f926c20fce4e3c193b6c493
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accept.authorize.net/payment/payment
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Last-Modified
Tue, 30 Mar 2021 16:10:26 GMT
ETag
"05f6317f25d71:0"
Content-Type
application/javascript
X-Cnection
close
Date
Mon, 06 Dec 2021 21:01:48 GMT
Accept-Ranges
bytes
Content-Length
796
polyfills.bundle.js
accept.authorize.net/payment/Scripts/v1/ Frame 761A 		107 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accept.authorize.net/payment/Scripts/v1/polyfills.bundle.js
Requested by
Host: accept.authorize.net
URL: https://accept.authorize.net/payment/payment
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.241.207.102 , Singapore, ASN2559 (VISANET, US),
Reverse DNS
Software
/
Resource Hash
97000a9efab09dce3cde8d241bd88482cadeeb33deb0efb81f618c7a212df207
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accept.authorize.net/payment/payment
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Last-Modified
Tue, 30 Mar 2021 16:10:26 GMT
ETag
"05f6317f25d71:0"
Content-Type
application/javascript
X-Cnection
close
Date
Mon, 06 Dec 2021 21:01:47 GMT
Accept-Ranges
bytes
Content-Length
109438
scripts.bundle.js
accept.authorize.net/payment/Scripts/v1/ Frame 761A 		124 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accept.authorize.net/payment/Scripts/v1/scripts.bundle.js
Requested by
Host: accept.authorize.net
URL: https://accept.authorize.net/payment/payment
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.241.207.102 , Singapore, ASN2559 (VISANET, US),
Reverse DNS
Software
/
Resource Hash
eebcfd42a6e7acb3ead994c0f75a97ead0766c16d26466e80610de2511d3eae8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accept.authorize.net/payment/payment
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Last-Modified
Tue, 30 Mar 2021 16:10:26 GMT
ETag
"05f6317f25d71:0"
Content-Type
application/javascript
X-Cnection
close
Date
Mon, 06 Dec 2021 21:01:47 GMT
Accept-Ranges
bytes
Content-Length
127008
main.bundle.js
accept.authorize.net/payment/Scripts/v1/ Frame 761A 		781 KB
781 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accept.authorize.net/payment/Scripts/v1/main.bundle.js
Requested by
Host: accept.authorize.net
URL: https://accept.authorize.net/payment/payment
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.241.207.102 , Singapore, ASN2559 (VISANET, US),
Reverse DNS
Software
/
Resource Hash
bae40cd11a5a0e3b7322647cdf5f92e7246d552d803a8e6d28924ba82ae56e1d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accept.authorize.net/payment/payment
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Last-Modified
Tue, 30 Mar 2021 16:10:26 GMT
ETag
"05f6317f25d71:0"
Content-Type
application/javascript
X-Cnection
close
Date
Mon, 06 Dec 2021 21:01:47 GMT
Accept-Ranges
bytes
Content-Length
799934
gtm.js
www.googletagmanager.com/ Frame 761A 		110 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KFWQGNC
Requested by
Host: accept.authorize.net
URL: https://accept.authorize.net/payment/payment
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0c6170af3a08a81dc4d0a331fb8d3c95355e5e38348ede026746a34e695f8000
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accept.authorize.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 06 Dec 2021 21:01:48 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41117
x-xss-protection
0
expires
Mon, 06 Dec 2021 21:01:48 GMT
analytics.js
www.google-analytics.com/ Frame 761A 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWQGNC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accept.authorize.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
5205
date
Mon, 06 Dec 2021 19:35:03 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Mon, 06 Dec 2021 21:35:03 GMT

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| html5 object| Modernizr function| $ function| jQuery

3 Cookies

Domain/Path Name / Value
.qa-pay-authorize.menu2order.com/ Name: ARRAffinity
Value: 8f02923e95f8feeea63e740636528740d0f527e78c728bfd4273797ee86ca4e7
.qa-pay-authorize.menu2order.com/ Name: ARRAffinitySameSite
Value: 8f02923e95f8feeea63e740636528740d0f527e78c728bfd4273797ee86ca4e7
.assets.secure.checkout.visa.com/ Name: __cfruid
Value: 4ac5540b3b69526093244737b16b1b93b16ca664-1638824507

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accept.authorize.net
assets.secure.checkout.visa.com
code.jquery.com
qa-pay-authorize.menu2order.com
www.google-analytics.com
www.googletagmanager.com
104.18.25.161
198.241.207.102
2001:4de0:ac18::1:a:3a
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200e
40.71.11.178
0c6170af3a08a81dc4d0a331fb8d3c95355e5e38348ede026746a34e695f8000
17c185e113549b7d4c316f04fe0696035dc992c978c2dcfbe90c48b0d8e98722
24ed839729e2136e1be471e84941a30d1d62f7d496f99baad5b44be959699882
6ea9705e8df3d2b952cdb34fa05bc36718a2bdfbaaaf208df508670474ad70df
74f4c38b9e3e97815b9dfe7f5be28ba6321c18e5ed846535645ee0821a15be49
97000a9efab09dce3cde8d241bd88482cadeeb33deb0efb81f618c7a212df207
9e83216908224ffbc39992a5e60f93ca21b8e2240ba28025ba679c4b70f7112d
a097487a272dbac4bcc28622f4aecf8938a5c975bb7ddbaf80321795c4dd90aa
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a71fd6207f6416a9147eab09c1cafe22c8104507dd6391248ea2921bf7d8d78b
b8ec39ffc43705175328b091b3dec648e7258b9ef46086134f9196e1286c50cc
bae40cd11a5a0e3b7322647cdf5f92e7246d552d803a8e6d28924ba82ae56e1d
bcc42c181cd79a8447addc02271582bea0ff39a7110eb45ad98a9f5a1a94aaef
c6c9c55306e0cc0fbd50b3488121de96630e66f6744a6538e97e982d64144889
dc8157540700a6d23b6c1d220e4d12112b46cfb3a62770127491695f02c16760
ed6bb8f42da5f367b561820ea6e61c9f56a06b493f926c20fce4e3c193b6c493
eebcfd42a6e7acb3ead994c0f75a97ead0766c16d26466e80610de2511d3eae8
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e