urlscan.io logo urlscan.io
SecurityTrails logo

connectandpay.com Open in urlscan Pro
108.139.29.117  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://connectandpay.com/
Effective URL: https://connectandpay.com/
Submission: On August 13 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 2 countries across 10 domains to perform 26 HTTP transactions. The main IP is 108.139.29.117, located in United States and belongs to AMAZON-02, US. The main domain is connectandpay.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on April 28th 2024. Valid for: a year.
This is the only time connectandpay.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

5    108.139.29.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-117.jfk50.r.cloudfront.net
connectandpay.com
1    151.101.128.176 (San Francisco, United States)

ASN54113 (FASTLY, US)
js.stripe.com
1    2600:9000:2511:9600:10:474e:104a:2961 (United States)

ASN16509 (AMAZON-02, US)
cdn.auth0.com
1    104.17.111.223 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
2    2607:f8b0:4004:c06::5c (Washington, United States)

ASN15169 (GOOGLE, US)
pay.google.com
8    44.239.122.138 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-122-138.us-west-2.compute.amazonaws.com
tally.prod.readytouchpos.com
1    151.101.64.176 (San Francisco, United States)

ASN54113 (FASTLY, US)
js.stripe.com
2    2607:f8b0:400d:c0e::5f (Morganton, United States)

ASN15169 (GOOGLE, US)
firebase.googleapis.com
2    2607:f8b0:4004:c1b::5f (Washington, United States)

ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com
1    2607:f8b0:400d:c09::61 (Morganton, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2607:f8b0:4004:c1f::71 (Washington, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2607:f8b0:400d:c1d::5e (Morganton, United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
8 readytouchpos.com
tally.prod.readytouchpos.com — Cisco Umbrella Rank: 627646
2 KB
5 connectandpay.com
connectandpay.com
3 MB
4 googleapis.com
firebase.googleapis.com — Cisco Umbrella Rank: 5014
firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 420
1 KB
2 google.com
pay.google.com — Cisco Umbrella Rank: 4623
42 KB
2 stripe.com
js.stripe.com — Cisco Umbrella Rank: 2856
155 KB
1 gstatic.com
www.gstatic.com
1 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
87 KB
1 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 5708
3 KB
1 auth0.com
cdn.auth0.com — Cisco Umbrella Rank: 10656
14 KB
26 10
Domain Requested by
8 tally.prod.readytouchpos.com connectandpay.com
5 connectandpay.com connectandpay.com
2 firebaseinstallations.googleapis.com connectandpay.com
2 firebase.googleapis.com connectandpay.com
2 pay.google.com connectandpay.com
pay.google.com
2 js.stripe.com connectandpay.com
js.stripe.com
1 www.gstatic.com
1 www.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com connectandpay.com
1 cdn.onesignal.com connectandpay.com
1 cdn.auth0.com connectandpay.com
26 11

This site contains no links.

Subject Issuer Validity Valid
connectandpay.com
Amazon RSA 2048 M03		 2024-04-28 -
2025-05-28		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-07-23 -
2024-10-24		 3 months crt.sh
*.auth0.com
Amazon RSA 2048 M03		 2024-01-25 -
2025-02-22		 a year crt.sh
onesignal.com
WE1		 2024-07-29 -
2024-10-27		 3 months crt.sh
*.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
tally.prod.readytouchpos.com
Go Daddy Secure Certificate Authority - G2		 2024-05-04 -
2025-06-05		 a year crt.sh
upload.video.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.google-analytics.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.gstatic.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://connectandpay.com/
Frame ID: 08CA8FF254CE3C67335AEA58389FF0AD
Requests: 18 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 6F6D54DEC5C59208B5F69579FB205A9C
Requests: 1 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fconnectandpay.com&mid=
Frame ID: FCAB8AC102C46949D6960DC149175CFE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Connect & Pay

Page URL History Show full URLs

  1. http://connectandpay.com/ HTTP 307
    https://connectandpay.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • pay\.google\.com/([a-z/]+)/pay\.js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com

Page Statistics

26
Requests

100 %
HTTPS

58 %
IPv6

10
Domains

11
Subdomains

12
IPs

2
Countries

2966 kB
Transfer

12728 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://connectandpay.com/ HTTP 307
    https://connectandpay.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
connectandpay.com/
Redirect Chain
  • http://connectandpay.com/
  • https://connectandpay.com/
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
18c781707c41d891d366263f351d05b35165be65280ce1634c85bfaec63d222d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

age
37211
content-encoding
gzip
content-type
text/html
date
Tue, 13 Aug 2024 06:56:05 GMT
etag
W/"e31f68d6a9825a12f4fa7ee4142c9166"
last-modified
Thu, 01 Aug 2024 12:54:46 GMT
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
via
1.1 62c7f4f128c40af6818c2f8f919f1c18.cloudfront.net (CloudFront)
x-amz-cf-id
wT3a_WEL5zPOFaULdB5spZ2djC0DiYK7fw1Yv5YtAqVTXEu6-KfKSQ==
x-amz-cf-pop
JFK50-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
mtNOTHliYfskhB5_SoMbZsfvV6uaG0M4
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

Location
https://connectandpay.com/
Non-Authoritative-Reason
HttpsUpgrades
/
js.stripe.com/v3/ 		637 KB
155 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
cbe2ad6853b4107f183861dcb0779d1781a5a1fd865057508291e492a64dacb4
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Tue, 13 Aug 2024 17:06:07 GMT
via
1.1 varnish
age
2
x-cache
HIT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
157969
x-request-id
09ea665f-6e76-41ca-81ef-401e3a280759
x-served-by
cache-lax-kwhp1940023-LAX
last-modified
Mon, 12 Aug 2024 17:52:00 GMT
server
Fastly
etag
"12d6b55afd0a9b13610c2562f5d2f4ad"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
2
auth0-spa-js.production.js
cdn.auth0.com/js/auth0-spa-js/2.1/ 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.auth0.com/js/auth0-spa-js/2.1/auth0-spa-js.production.js
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:9600:10:474e:104a:2961 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d931bfe4b9f39f318e84dc593cdc78fe4f5e463fe4c1fd2a6b72ed583ebaf872
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
9GuZ7OPrjGLhGXFoVYk0nC_sL6c2.1M2
content-encoding
gzip
via
1.1 0bc560bfbdf419589e7d5b642ae14678.cloudfront.net (CloudFront)
date
Tue, 13 Aug 2024 16:37:04 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-amz-cf-pop
JFK50-P6
age
1744
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
FAILED
last-modified
Mon, 21 Aug 2023 16:00:29 GMT
server
AmazonS3
etag
W/"9c185ec28488b9113e39f2483714b411"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=10800,public
x-robots-tag
noindex
x-amz-cf-id
Kw1YpyWXyRfMGGZgOWw4NbWdrDhXVWalcLTwFjOYyAq9Ef704XCyfw==
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec8b1b07980996f574075e1b7e895d5d47794b9dcf345a68d60fbb17034f7bef
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
Origin
https://connectandpay.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 13 Aug 2024 17:06:07 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
etag
W/"09282956186c8515ef0d208902803581"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://connectandpay.com
cache-control
public, max-age=259200
cf-ray
8b2a4b3d2f2615c8-SJC
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Fri, 16 Aug 2024 17:06:07 GMT
pay.js
pay.google.com/gp/p/js/ 		143 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/js/pay.js
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::5c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b098989ddf2ade66d01b3c4d8328a5e042a0f40d76bdf089bfd3664b1e8c2b65
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-6psNVc5jsAaniPw404xNGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 13 Aug 2024 17:06:08 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-6psNVc5jsAaniPw404xNGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/gp/p/_/InstantbuyFrontendHttp/web-reports?context=eJzjitDikmLw0JBiWF4qxbBkphSDxNeXTGpA7JQ-gzUAiH3qZ7BGAXHrzXOsk4F4bsB51vDM86xJ_86zFgDxkoiLrAcSL7IaKlxitQfiX3mXWOcYXGYV4uZoWPpuK5vAhweLqpS0k_IL4zPziksS80qSSivTivLzSlLzUopTi8pSi-KNDIxMDCwMDfWMjOILDAB5DDkq"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Tue, 13 Aug 2024 17:06:08 GMT
runtime~app.27401809.js
connectandpay.com/static/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connectandpay.com/static/js/runtime~app.27401809.js
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7656bc3ccebd611041f9484fd00713447fbad96682d02882c2737830adcd4b2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://connectandpay.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
ht.5uxxfc4GfXkXltTEIq.40WmrOl6Gp
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
date
Tue, 13 Aug 2024 15:57:37 GMT
content-encoding
gzip
via
1.1 62c7f4f128c40af6818c2f8f919f1c18.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P2
x-amz-server-side-encryption
AES256
age
4609
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 01 Aug 2024 12:54:59 GMT
server
AmazonS3
etag
W/"43ad0db632a6bc3cc97c8a7ef39ca56c"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
x-amz-cf-id
rWy4sgXEmzO2lr33IJOPoQS1rxYz3x5yp33FPDQNFHrJekWhIyDjYQ==
2.71a83b78.chunk.js
connectandpay.com/static/js/ 		7 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://connectandpay.com/static/js/2.71a83b78.chunk.js
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ea9a03f099cf837152782bdba4ef503558f73a4dccbe79d6b13d100a7b03124
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://connectandpay.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
da25HkOAW3w.tji7FYp9m9xYMEUo1kqx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
date
Tue, 13 Aug 2024 08:29:53 GMT
content-encoding
gzip
via
1.1 62c7f4f128c40af6818c2f8f919f1c18.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P2
x-amz-server-side-encryption
AES256
age
32221
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 01 Aug 2024 12:54:54 GMT
server
AmazonS3
etag
W/"a94f48fcded0764a34e03440ae818ce3-2"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
x-amz-cf-id
7fg22MUnZHXVbLh4Z3sKDLZ6a7Akiu3mx5CzfYknZRL60UHaiiRvtg==
app.434e71fb.chunk.js
connectandpay.com/static/js/ 		4 MB
827 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connectandpay.com/static/js/app.434e71fb.chunk.js
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
374e5a06845381371f81c3c7773d3695d938df94368665cbe337e94db3618608
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://connectandpay.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
D0pV0oKMb_6QrO5HF69_YsXCEIU4VWAB
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
date
Tue, 13 Aug 2024 07:41:16 GMT
content-encoding
gzip
via
1.1 62c7f4f128c40af6818c2f8f919f1c18.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P2
x-amz-server-side-encryption
AES256
age
33892
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 01 Aug 2024 12:54:57 GMT
server
AmazonS3
etag
W/"2294881ed013f20ba088253d39c1ecc7"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
x-amz-cf-id
vHnW5MGof2AqzRWhC4EfnX9caIi4VzM3jfse1-YXNJbW-fkZpxHWnw==
register
tally.prod.readytouchpos.com/tallyapi/auth/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/register
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.122.138 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-122-138.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://connectandpay.com
date
Tue, 13 Aug 2024 17:06:09 GMT
server-timing
intid;desc=8860f85ce385f266
x-powered-by
Express
x-request-id
7f15c20e-fd0f-4def-b9cd-0ef000be1236
register
tally.prod.readytouchpos.com/tallyapi/auth/ 		91 B
471 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/register
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/static/js/app.434e71fb.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.122.138 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-122-138.us-west-2.compute.amazonaws.com
Software
Jetty(9.3.5.v20151012) / Express
Resource Hash
4f21cbe07b1207c824fdfb02e069c0e8f86af90b5a8c73087d69aff56cecfd47

Request headers

Accept
application/json
Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 13 Aug 2024 17:06:09 GMT
server
Jetty(9.3.5.v20151012)
x-powered-by
Express
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json
access-control-allow-origin
https://connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=89daa8087f7f946d
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
91
x-request-id
a579f3a4-c5fb-4cfd-9027-c7b06320412a
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 6F6D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
1157566
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=31536000
content-encoding
br
content-length
154
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Tue, 13 Aug 2024 17:06:09 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 11 Nov 2022 20:25:37 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
73692
x-content-type-options
nosniff
x-request-id
e97a0f17-8b17-4bec-9b55-de5115fad045
x-served-by
cache-bur-kbur8200078-BUR
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:428371404653:web:5ce48e52faf45f3043dc64/ 		377 B
429 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:428371404653:web:5ce48e52faf45f3043dc64/webConfig
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/static/js/2.71a83b78.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0e::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
37e215c0c836c21c82e0d93c5a72d89dcab03a50ea44612f4388e6843af089ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
x-goog-api-key
AIzaSyBQrO2yL9lQZQwHH480Lmftl3n2psMvFyQ
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 13 Aug 2024 17:06:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://connectandpay.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
240
x-xss-protection
0
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:428371404653:web:5ce48e52faf45f3043dc64/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:428371404653:web:5ce48e52faf45f3043dc64/webConfig
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0e::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-api-key
Access-Control-Request-Method
GET
Origin
https://connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://connectandpay.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Tue, 13 Aug 2024 17:06:09 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
payframe
pay.google.com/gp/p/ui/ Frame FCAB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fconnectandpay.com&mid=
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::5c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-UxGmbN_7PWNfNb-eG7ah5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-UxGmbN_7PWNfNb-eG7ah5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-site
date
Tue, 13 Aug 2024 17:06:09 GMT
expires
Tue, 13 Aug 2024 17:06:09 GMT
origin-trial
AssDE6uDpaVUq9mb8HyrCnDR4hxNa3P1PQl8E0huFRpGw4MFWswRwyuk1E68LufiBFMulCrRk3VCexIRW39eYwoAAABMeyJvcmlnaW4iOiJodHRwczovL3BheS5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5fQ==
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints
default="/gp/p/_/InstantbuyFrontendBuyflowPayframeUi/web-reports?context=eJzjitDikmLw0JBiWF4qxbBkphSDxNeXTGpA7JQ-gzUAiH3qZ7BGAXHrzXOsk4F4bsB51vDM86xJ_86zFgDxkoiLrAcSL7IaKlxitQfiX3mXWOcYXGYV4uFoXPpuK5vAg5aZRxiVtJPyC-Mz84pLEvNKkkor04ry80pS81KKU4vKUovijQyMTAwsDA31jIziCwwAmkg5Ag"
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/connect-and-pay-push/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/connect-and-pay-push/installations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-firebase-client,x-goog-api-key
Access-Control-Request-Method
POST
Origin
https://connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-firebase-client,x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://connectandpay.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Tue, 13 Aug 2024 17:06:09 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/connect-and-pay-push/ 		625 B
681 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/connect-and-pay-push/installations
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/static/js/2.71a83b78.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
12505d6ca815d5a57dc89e0807079e56aec72f41bbd5d3797d9bc198856fe391
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
x-goog-api-key
AIzaSyBQrO2yL9lQZQwHH480Lmftl3n2psMvFyQ
x-firebase-client
eyJ2ZXJzaW9uIjoyLCJoZWFydGJlYXRzIjpbeyJhZ2VudCI6ImZpcmUtY29yZS8wLjEwLjQgZmlyZS1jb3JlLWVzbTIwMTcvMC4xMC40IGZpcmUtanMvIGZpcmUtaWlkLzAuNi43IGZpcmUtaWlkLWVzbTIwMTcvMC42LjcgZmlyZS1hbmFseXRpY3MvMC4xMC40IGZpcmUtYW5hbHl0aWNzLWVzbTIwMTcvMC4xMC40IiwiZGF0ZXMiOlsiMjAyNC0wOC0xMyJdfV19
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 13 Aug 2024 17:06:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://connectandpay.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
491
x-xss-protection
0
js
www.googletagmanager.com/gtag/ 		244 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-4WTWB6FXLB
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/static/js/2.71a83b78.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e511662387a378727b0d2a2ce1229f4000c1f58037a7ec40ed0eb0ce4b3c97cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 13 Aug 2024 17:06:09 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
88690
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 13 Aug 2024 17:06:09 GMT
login
tally.prod.readytouchpos.com/tallyapi/auth/ 		279 B
681 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/login
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/static/js/app.434e71fb.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.122.138 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-122-138.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash
da721e3a0949ea8cfc40a825a2a88f8d34470a5ebb849fda4ae2a362f85d74aa

Request headers

Accept
application/json
Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 13 Aug 2024 17:06:09 GMT
x-powered-by
Express
etag
W/"117-3Tc1XradMIjjV2hAXBvaMIKmO5U"
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json; charset=utf-8
access-control-allow-origin
https://connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=746080d5574a7bbc
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
279
x-request-id
93f2d0e7-0a5a-4506-97ce-287ff51c5565
login
tally.prod.readytouchpos.com/tallyapi/auth/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.122.138 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-122-138.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://connectandpay.com
date
Tue, 13 Aug 2024 17:06:09 GMT
server-timing
intid;desc=0f2728c134c77e75
x-powered-by
Express
x-request-id
41e4f73c-5339-4e79-af20-6df1ff4f8807
privacyversion
tally.prod.readytouchpos.com/gmaapi/gma/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/gma/privacyversion?id=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.122.138 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-122-138.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
GET
Origin
https://connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://connectandpay.com
date
Tue, 13 Aug 2024 17:06:09 GMT
server-timing
intid;desc=c5fb2b05773c9a0e
x-powered-by
Express
x-request-id
46e93841-4331-49be-ac30-74ffcd549f8d
privacyversion
tally.prod.readytouchpos.com/gmaapi/gma/ 		64 B
445 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/gma/privacyversion?id=
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/static/js/app.434e71fb.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.122.138 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-122-138.us-west-2.compute.amazonaws.com
Software
Jetty(9.2.30.v20200428) / Express
Resource Hash
f67ddaafea12de1f989121f23bbd4900361f4963dabb8bd1dde0699b76b861dc

Request headers

Referer
Authorization
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlrZXkiOiJlMDZkNGNjZDZjN2NhMTU2YmM1ZTQ4MDFkNTEzODViZSIsInJvbGVzIjpbIjM2NXBheSJdLCJpYXQiOjE3MjM1Njg3NjksImV4cCI6MTcyMzU3NTk2OSwic3ViIjoiZTA2ZDRjY2Q2YzdjYTE1NmJjNWU0ODAxZDUxMzg1YmUifQ.tuTWMHoYAqa7wdxf-KbaIvdTSF-soXb1X2aig301EYM
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 13 Aug 2024 17:06:10 GMT
server
Jetty(9.2.30.v20200428)
x-powered-by
Express
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json
access-control-allow-origin
https://connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=a4e982288364d1b5
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
64
x-request-id
4c0f3c9e-224e-4828-aa7c-c7cfe75f778c
privacyversion
tally.prod.readytouchpos.com/gmaapi/gma/ 		64 B
443 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/gma/privacyversion?id=
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/static/js/app.434e71fb.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.122.138 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-122-138.us-west-2.compute.amazonaws.com
Software
Jetty(9.2.30.v20200428) / Express
Resource Hash
f67ddaafea12de1f989121f23bbd4900361f4963dabb8bd1dde0699b76b861dc

Request headers

Referer
Authorization
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlrZXkiOiJlMDZkNGNjZDZjN2NhMTU2YmM1ZTQ4MDFkNTEzODViZSIsInJvbGVzIjpbIjM2NXBheSJdLCJpYXQiOjE3MjM1Njg3NjksImV4cCI6MTcyMzU3NTk2OSwic3ViIjoiZTA2ZDRjY2Q2YzdjYTE1NmJjNWU0ODAxZDUxMzg1YmUifQ.tuTWMHoYAqa7wdxf-KbaIvdTSF-soXb1X2aig301EYM
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 13 Aug 2024 17:06:10 GMT
server
Jetty(9.2.30.v20200428)
x-powered-by
Express
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json
access-control-allow-origin
https://connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=b056cbea75f6c298
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
64
x-request-id
2fed197b-2d78-4007-8eaa-0527cb12e58c
privacyversion
tally.prod.readytouchpos.com/gmaapi/gma/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/gma/privacyversion?id=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.122.138 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-122-138.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
GET
Origin
https://connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://connectandpay.com
date
Tue, 13 Aug 2024 17:06:09 GMT
server-timing
intid;desc=edfd056322960f95
x-powered-by
Express
x-request-id
d997de85-21f2-4164-936d-8353e1a516fe
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-4WTWB6FXLB&gtm=45je4880v9103561956za200&_p=1723568769610&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&_fid=ftQ4SNcIXN1ldzuMtEpm5i&cid=1322066589.1723568770&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1723568770&sct=1&seg=0&dl=https%3A%2F%2Fconnectandpay.com%2F&dt=Connect%20%26%20Pay&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.origin=firebase&tfd=3581
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-4WTWB6FXLB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::71 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 13 Aug 2024 17:06:10 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://connectandpay.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
favicon.ico
connectandpay.com/ 		14 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://connectandpay.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1891375f71d8d8792020b9612ae092cb702240741dcbab71728054e322824c1c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://connectandpay.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
ai8npcIsEnviA5uAL4Jy_NltK7z.YpW8
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
date
Tue, 13 Aug 2024 13:23:50 GMT
via
1.1 62c7f4f128c40af6818c2f8f919f1c18.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P2
age
13862
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
14510
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 01 Aug 2024 12:54:40 GMT
server
AmazonS3
etag
"08c52c4f58617fba63cd20f023c13794"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/vnd.microsoft.icon
accept-ranges
bytes
x-amz-cf-id
dykQ8IayQqDl2_62gIEubAkrj74PGLXGYkIyd3_vaFspGWAPyVu2kA==
light_square_gpay.svg
www.gstatic.com/instantbuy/svg/ 		2 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/instantbuy/svg/light_square_gpay.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c1d::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c76f766ed128ff1c05cbab4f53e470751b475152992a770d42273047bc1708c5
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/instantbuy-eng
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/instantbuy-eng
content-encoding
br
x-content-type-options
nosniff
date
Thu, 08 Aug 2024 00:24:35 GMT
age
492095
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
894
x-xss-protection
0
last-modified
Fri, 03 Mar 2023 17:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="instantbuy-eng"
vary
Accept-Encoding
report-to
{"group":"instantbuy-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/instantbuy-eng"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 08 Aug 2025 00:24:35 GMT

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| webpackChunkStripeJSouter function| noop function| Stripe object| auth0 object| webpackJsonp function| setImmediate function| clearImmediate function| _setGlobalConsole function| _measure function| _scrollTo function| _setGestureState function| _log object| _frameCallbackRegistry object| LayoutAnimationRepository function| _ object| dataLayer function| gtag object| OneSignal object| AWS function| Buffer object| regeneratorRuntime function| Alert7 object| REACT_NAVIGATION_DEVTOOLS object| __react_navigation__elements_contexts boolean| __reactResponderSystemActive object| denylistedDomainsHashedValueListForGpayButtonWithCardInfo object| whitelistedDomainsHashedValueListForGpayButtonWithCardInfo object| denylistedMerchentIdsHashedValueListForGpayButtonWithCardInfo object| denylistedMerchantIdsHashedValueListForGpayButtonVariant object| allowlistedMerchantDomainsForBnplDynamicButton string| dynamicGpayButtonVariant object| google object| google_tag_manager object| google_tag_data object| gaGlobal

6 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 516=HkRt9OyiEkxi-VUqmzc8pIZL18cIjSR3Nv-vRginMdANySoi8J1IOIQuM5Fd9U11WaSRonlOUtp61hzbQeOGfbLPkILVwIgac3lODid7-w6uQ13z6qudK8ZGRDqlioa7keRC-D5lmvEsyLrl33q1A1EjQ_m3gjQkcjY6FA3GQSU
m.stripe.com/ Name: m
Value: 201d0f84-491d-43d5-88c8-d2fa476eb7f15bf419
.connectandpay.com/ Name: __stripe_mid
Value: 8d0d81f5-bce2-485e-a51c-14cd99fd48682c22a6
.connectandpay.com/ Name: __stripe_sid
Value: d1560c97-26dc-46df-9995-f0fc65132c377b9e8c
.connectandpay.com/ Name: _ga
Value: GA1.1.1322066589.1723568770
.connectandpay.com/ Name: _ga_4WTWB6FXLB
Value: GS1.1.1723568770.1.0.1723568770.0.0.0

5 Console Messages

Source Level URL
Text
security error URL: https://connectandpay.com/
Message:
Failed to find a valid digest in the 'integrity' attribute for resource 'https://cdn.onesignal.com/sdks/OneSignalSDK.js' with computed SHA-384 integrity 'VA26BrXcBmNaVP7rffftmGVq9ZHHfIlvCmd0Sh1fWLko7Mj5JeK2cUHKClZxPtTi'. The resource has been blocked.
other warning URL: https://connectandpay.com/
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://connectandpay.com/
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".
other warning URL: https://connectandpay.com/
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://connectandpay.com/
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.auth0.com
cdn.onesignal.com
connectandpay.com
firebase.googleapis.com
firebaseinstallations.googleapis.com
js.stripe.com
pay.google.com
tally.prod.readytouchpos.com
www.google-analytics.com
www.googletagmanager.com
www.gstatic.com
104.17.111.223
108.139.29.117
151.101.128.176
151.101.64.176
2600:9000:2511:9600:10:474e:104a:2961
2607:f8b0:4004:c06::5c
2607:f8b0:4004:c1b::5f
2607:f8b0:4004:c1f::71
2607:f8b0:400d:c09::61
2607:f8b0:400d:c0e::5f
2607:f8b0:400d:c1d::5e
44.239.122.138
12505d6ca815d5a57dc89e0807079e56aec72f41bbd5d3797d9bc198856fe391
1891375f71d8d8792020b9612ae092cb702240741dcbab71728054e322824c1c
18c781707c41d891d366263f351d05b35165be65280ce1634c85bfaec63d222d
374e5a06845381371f81c3c7773d3695d938df94368665cbe337e94db3618608
37e215c0c836c21c82e0d93c5a72d89dcab03a50ea44612f4388e6843af089ed
3ea9a03f099cf837152782bdba4ef503558f73a4dccbe79d6b13d100a7b03124
4f21cbe07b1207c824fdfb02e069c0e8f86af90b5a8c73087d69aff56cecfd47
b098989ddf2ade66d01b3c4d8328a5e042a0f40d76bdf089bfd3664b1e8c2b65
c76f766ed128ff1c05cbab4f53e470751b475152992a770d42273047bc1708c5
cbe2ad6853b4107f183861dcb0779d1781a5a1fd865057508291e492a64dacb4
d931bfe4b9f39f318e84dc593cdc78fe4f5e463fe4c1fd2a6b72ed583ebaf872
da721e3a0949ea8cfc40a825a2a88f8d34470a5ebb849fda4ae2a362f85d74aa
e511662387a378727b0d2a2ce1229f4000c1f58037a7ec40ed0eb0ce4b3c97cd
ec8b1b07980996f574075e1b7e895d5d47794b9dcf345a68d60fbb17034f7bef
f67ddaafea12de1f989121f23bbd4900361f4963dabb8bd1dde0699b76b861dc
f7656bc3ccebd611041f9484fd00713447fbad96682d02882c2737830adcd4b2