urlscan.io logo urlscan.io
SecurityTrails logo

pay.oyindonesia.com Open in urlscan Pro
34.120.39.117  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.payment.rajaliburan.id/
Effective URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Submission: On March 19 via automatic, source certstream-suspicious — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 11 domains to perform 29 HTTP transactions. The main IP is 34.120.39.117, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is pay.oyindonesia.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 25th 2022. Valid for: a year.
This is the only time pay.oyindonesia.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 109.106.252.10 47583 (AS-HOSTINGER)
8 34.120.39.117 396982 (GOOGLE-CL...)
1 2404:6800:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2620:1ec:4f:1... 8075 (MICROSOFT...)
1 13.32.127.89 16509 (AMAZON-02)
4 52.219.36.129 16509 (AMAZON-02)
2 3.5.148.189 16509 (AMAZON-02)
2 2404:6800:400... 15169 (GOOGLE)
1 2 20.125.62.241 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
2 4.227.249.197 8075 (MICROSOFT...)
2 34.210.147.195 16509 (AMAZON-02)
29 13
2    109.106.252.10 (Singapore)

ASN47583 (AS-HOSTINGER, CY)
PTR: srv126.niagahoster.com
www.payment.rajaliburan.id
rajaliburan.id
8    34.120.39.117 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 117.39.120.34.bc.googleusercontent.com
pay.oyindonesia.com
checkout.oyindonesia.com
api.oyindonesia.com
1    2404:6800:4003:c11::5f (Singapore)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2606:4700::6810:7caf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
2    2620:1ec:4f:1::71 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    13.32.127.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-127-89.per50.r.cloudfront.net
cdn.growthbook.io
4    52.219.36.129 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: s3-ap-southeast-1.amazonaws.com
s3-ap-southeast-1.amazonaws.com
2    3.5.148.189 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: s3-ap-southeast-1-r-w.amazonaws.com
oy-static-assets.s3.ap-southeast-1.amazonaws.com
2    2404:6800:4003:c04::5e (Singapore)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    20.125.62.241 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
2    4.227.249.197 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
u.clarity.ms
2    34.210.147.195 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-210-147-195.us-west-2.compute.amazonaws.com
api2.amplitude.com
Apex Domain
Subdomains		 Transfer
8 oyindonesia.com
pay.oyindonesia.com
checkout.oyindonesia.com
api.oyindonesia.com
606 KB
6 amazonaws.com
s3-ap-southeast-1.amazonaws.com
oy-static-assets.s3.ap-southeast-1.amazonaws.com
554 KB
6 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 1002
c.clarity.ms — Cisco Umbrella Rank: 1518
u.clarity.ms — Cisco Umbrella Rank: 9218
21 KB
2 amplitude.com
api2.amplitude.com — Cisco Umbrella Rank: 1564
287 B
2 gstatic.com
fonts.gstatic.com
59 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 194
9 KB
2 rajaliburan.id
www.payment.rajaliburan.id
rajaliburan.id
362 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 240
741 B
1 growthbook.io
cdn.growthbook.io — Cisco Umbrella Rank: 19812
525 B
1 unpkg.com
unpkg.com — Cisco Umbrella Rank: 754
4 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 34
1 KB
29 11
Domain Requested by
4 s3-ap-southeast-1.amazonaws.com pay.oyindonesia.com
4 pay.oyindonesia.com pay.oyindonesia.com
2 api.oyindonesia.com pay.oyindonesia.com
2 api2.amplitude.com pay.oyindonesia.com
2 u.clarity.ms www.clarity.ms
2 c.clarity.ms 1 redirects
2 fonts.gstatic.com fonts.googleapis.com
2 checkout.oyindonesia.com pay.oyindonesia.com
2 oy-static-assets.s3.ap-southeast-1.amazonaws.com pay.oyindonesia.com
2 www.clarity.ms pay.oyindonesia.com
www.clarity.ms
2 cdnjs.cloudflare.com pay.oyindonesia.com
1 rajaliburan.id
1 c.bing.com 1 redirects
1 cdn.growthbook.io pay.oyindonesia.com
1 unpkg.com pay.oyindonesia.com
1 fonts.googleapis.com pay.oyindonesia.com
1 www.payment.rajaliburan.id 1 redirects
29 17

This site contains no links.

Subject Issuer Validity Valid
*.oyindonesia.com
Sectigo RSA Domain Validation Secure Server CA		 2022-07-25 -
2023-08-24		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-03-02 -
2023-05-25		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2022-12-01 -
2023-12-01		 a year crt.sh
cdn.growthbook.io
Amazon RSA 2048 M01		 2023-02-23 -
2024-02-09		 a year crt.sh
*.s3-ap-southeast-1.amazonaws.com
Amazon		 2022-09-21 -
2023-08-25		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-03-02 -
2023-05-25		 3 months crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 06		 2023-02-13 -
2024-02-08		 a year crt.sh
*.rajaliburan.id
R3		 2023-03-05 -
2023-06-03		 3 months crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA		 2023-01-23 -
2024-02-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Frame ID: 6C2E9AB3CCC49DD3416478CE6616F607
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Oy! Indonesia | Web Checkout

Page URL History Show full URLs

  1. https://www.payment.rajaliburan.id/ HTTP 301
    https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

29
Requests

97 %
HTTPS

43 %
IPv6

11
Domains

17
Subdomains

13
IPs

2
Countries

1256 kB
Transfer

3590 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.payment.rajaliburan.id/ HTTP 301
    https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=D415F08613544B6C811FC0DE8CA959BA&RedC=c.clarity.ms&MXFR=38F4489EBED261B9167C5A47BAD26FD6 HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D415F08613544B6C811FC0DE8CA959BA&MUID=2E69D6A01FF46DE80116C4791EAE6C82

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 4c962364-8041-45f7-8f75-73b407e9b41a
pay.oyindonesia.com/
Redirect Chain
  • https://www.payment.rajaliburan.id/
  • https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.39.117 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.39.120.34.bc.googleusercontent.com
Software
nginx / Express
Resource Hash
9572e90c4c5686c16ab475ef5a20718c76cde50f7a1bd62467e658e1b595eddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

access-control-allow-headers
X-Requested-by,Accept-encoding,X-Oy-Authorization,X-Oy-Username,DNT,Accept-Language,Content-Length,Host,Origin,Referer,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 19 Mar 2023 03:40:10 GMT
etag
W/"549-186ba33daf0"
last-modified
Tue, 07 Mar 2023 03:53:26 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 google
x-powered-by
Express
x-robots-tag
noindex, nofollow, nosnippet, noarchive

Redirect headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
707
content-type
text/html
date
Sun, 19 Mar 2023 03:40:10 GMT
location
https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
server
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
User-Agent
x-content-type-options
nosniff
x-powered-by
Niagahoster
x-xss-protection
1; mode=block
css2
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Barlow:wght@700&family=Inter:wght@400;600&display=swap
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c11::5f , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3869204ab850b81500f6453e2e0c30a05622aa698c5d11e97d025aba5b6e7be8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 19 Mar 2023 03:40:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 19 Mar 2023 03:40:10 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 19 Mar 2023 03:40:10 GMT
jquery.fancybox.min.css
cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a5ed4bb4bb22800c5f3d7057a35cbdd8bb49686d8df119a8452122aa7b40b80
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sun, 19 Mar 2023 03:40:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3229201
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
955
last-modified
Mon, 04 May 2020 16:10:00 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e58-f2d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dUyZIVN04S1HW9R2GRwWGrDAUnCaL6kSM3USdGr6fu5g%2FP86nZh83dvv7ukZoXM1SF2Vi74W3B9i5MZhpjr89Lngjh8heby4GgrsI7SwAxZZeGIC6QVP8aJ2sd0nNmuTsfcc32yzfDC4ByZU5BYydNDC"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7aa2b1488ac7a077-SIN
expires
Fri, 08 Mar 2024 03:40:10 GMT
jquery.fancybox.pack.js
cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.pack.js
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sun, 19 Mar 2023 03:40:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2089437
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7681
last-modified
Mon, 04 May 2020 16:10:00 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e58-5a5f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=COqLWcmRyYLzcnND704qqLhFh9bIpYx4ZKMmWxvk%2Fh7SVPWVFdjYh6va1P7BwR2nYH6l9ckibY1B%2FFHtIbsM%2FzzvW2iTMvDgX8mL%2BdQx1DHHgzA%2B%2Bd%2BVlYZ6sLDkc2JEqbGy4m4NuPjsvGYAs9AgPIGS"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7aa2b1488ac8a077-SIN
expires
Fri, 08 Mar 2024 03:40:10 GMT
axios.min.js
unpkg.com/axios@0.2.1/dist/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/axios@0.2.1/dist/axios.min.js
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ea09271cdbbab576808acdd5d42192dd3d02e0eac991f1e1e4e8e31df1e83d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sun, 19 Mar 2023 03:40:10 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
1323910
last-modified
Fri, 12 Sep 2014 22:58:23 GMT
fly-request-id
01GTMGNFK4HP2R68H58B79VBBQ-sin
server
cloudflare
etag
W/"2a7b-DIWmr1s3MEzXGfmbI9EiW+G8mlM"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
7aa2b1488b9f3dc5-SIN
main.fed9aac4.js
pay.oyindonesia.com/static/js/ 		3 MB
583 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.oyindonesia.com/static/js/main.fed9aac4.js
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.39.117 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.39.120.34.bc.googleusercontent.com
Software
nginx / Express
Resource Hash
75962689a57807ddfd122144c78dc54bb83726ead8cb539a184742505afaf03b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sun, 19 Mar 2023 03:40:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
last-modified
Tue, 07 Mar 2023 03:53:26 GMT
server
nginx
via
1.1 google
x-powered-by
Express
etag
W/"2b4c69-186ba33daf0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
x-robots-tag
noindex, nofollow, nosnippet, noarchive
access-control-allow-headers
X-Requested-by,Accept-encoding,X-Oy-Authorization,X-Oy-Username,DNT,Accept-Language,Content-Length,Host,Origin,Referer,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
main.821e892d.css
pay.oyindonesia.com/static/css/ 		106 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pay.oyindonesia.com/static/css/main.821e892d.css
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.39.117 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.39.120.34.bc.googleusercontent.com
Software
nginx / Express
Resource Hash
3504bf3a87128c3e32d0082736cfa60691c79770b829ca95d3aad856d0239582
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sun, 19 Mar 2023 03:40:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
last-modified
Tue, 07 Mar 2023 03:53:26 GMT
server
nginx
via
1.1 google
x-powered-by
Express
etag
W/"1a6e7-186ba33daf0"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
x-robots-tag
noindex, nofollow, nosnippet, noarchive
access-control-allow-headers
X-Requested-by,Accept-encoding,X-Oy-Authorization,X-Oy-Username,DNT,Accept-Language,Content-Length,Host,Origin,Referer,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
a8z8uhsmzg
www.clarity.ms/tag/ 		642 B
1001 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/a8z8uhsmzg
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:4f:1::71 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
36c057fa6c82304d486487b9bfdd0a8619d9b2eae5bdb26a5f4304d154a0d8fd

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type
application/x-javascript
date
Sun, 19 Mar 2023 03:40:10 GMT
cache-control
no-cache, no-store
expires
-1
x-azure-ref
0G4QWZAAAAADOLV7RG+zLTKHvgMfRIEPMU0lOMzBFREdFMDIyMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache
CONFIG_NOCACHE
request-context
appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
key_prod_ff35edb610dae9b9
cdn.growthbook.io/api/features/ 		129 B
525 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.growthbook.io/api/features/key_prod_ff35edb610dae9b9
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/static/js/main.fed9aac4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.127.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-127-89.per50.r.cloudfront.net
Software
/ Express
Resource Hash
ee679e1c72a8e046e33dee7ec72623c286dc9ea713030fb7c3573d82c7eecd03

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sun, 19 Mar 2023 03:40:12 GMT
via
1.1 d65f0ada2f9649266b32f91b10382a3e.cloudfront.net (CloudFront)
x-amz-cf-pop
PER50-C1
x-powered-by
Express
etag
W/"81-QcSLQ+FPOk2X/pIvTlPNv/fFlNI"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30, stale-while-revalidate=3600, stale-if-error=36000
content-length
129
x-amz-cf-id
12CLxD3wZKVHUmHlOyFBiQsmHMnwDYJ843TIc48d5HJtoHsLFKVp6w==
loader.6a9b36a775393a1b9d6bc6aa8e3225e7.svg
pay.oyindonesia.com/static/media/ 		439 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pay.oyindonesia.com/static/media/loader.6a9b36a775393a1b9d6bc6aa8e3225e7.svg
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.39.117 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.39.120.34.bc.googleusercontent.com
Software
nginx / Express
Resource Hash
9d4452b8632b7b9c958504482cda3b05aa9842822664534f9e82cac1bc805251
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sun, 19 Mar 2023 03:40:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
last-modified
Tue, 07 Mar 2023 03:53:26 GMT
server
nginx
via
1.1 google
x-powered-by
Express
etag
W/"1b7-186ba33daf0"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=0
x-robots-tag
noindex, nofollow, nosnippet, noarchive
access-control-allow-headers
X-Requested-by,Accept-encoding,X-Oy-Authorization,X-Oy-Username,DNT,Accept-Language,Content-Length,Host,Origin,Referer,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
oy.svg
s3-ap-southeast-1.amazonaws.com/oy-static-assets/pay/uiicon/logo/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3-ap-southeast-1.amazonaws.com/oy-static-assets/pay/uiicon/logo/oy.svg
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.36.129 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-ap-southeast-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
d1d92e140f9d9b655a42745538a37eac9e9f6a585d5baadd34e2264f12049bc0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Sun, 19 Mar 2023 03:40:12 GMT
Last-Modified
Wed, 16 Mar 2022 05:59:33 GMT
Server
AmazonS3
x-amz-request-id
D5A8917FVK7T2KGF
ETag
"a9f92842d32e611bf1e10d5ad47ce613"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
5195
x-amz-id-2
dgpQcx/T4clvMyg+UeRnVPJ0blykWFK6muPH3YVHwYaKIrWEj4SJwzdgylG07VcieyjCGLeWbW8=
mcp.svg
s3-ap-southeast-1.amazonaws.com/oy-static-assets/pay/uiicon/logo/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3-ap-southeast-1.amazonaws.com/oy-static-assets/pay/uiicon/logo/mcp.svg
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.36.129 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-ap-southeast-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
16da21ac3f7dac5b058c7bb1f1ba522cef0533ded9a9fcdd58a5571bc0074fc0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Sun, 19 Mar 2023 03:40:12 GMT
Last-Modified
Wed, 16 Mar 2022 05:59:35 GMT
Server
AmazonS3
x-amz-request-id
D5A1316BH1W72QV1
ETag
"97cc8821017d60769d99201ea455a6b3"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
17855
x-amz-id-2
h84DlKYzWBR57Z9u0VkIwbzDtbC6ywZKx9DfLkW+kT60/MpiXmMk4GZyVJ5ERtKio0zUCQrsSFc=
bank-indonesia.svg
oy-static-assets.s3.ap-southeast-1.amazonaws.com/pay/images/ 		254 KB
254 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oy-static-assets.s3.ap-southeast-1.amazonaws.com/pay/images/bank-indonesia.svg
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/4c962364-8041-45f7-8f75-73b407e9b41a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.5.148.189 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-ap-southeast-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
0b81eac837a281e2358a58c04e06a976614229757f51b1c4cc539c504ff2f6da

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Sun, 19 Mar 2023 03:40:12 GMT
Last-Modified
Mon, 04 Jul 2022 08:40:46 GMT
Server
AmazonS3
x-amz-request-id
D5A9YSXAX2YAJW4M
ETag
"975689f1f6eab6e78eb5f7a0e463efac"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
259689
x-amz-id-2
ABA59GNIDLEDjJHIZV5yq5fp9lYiecSJos+E+B/mM8shkkeGzy2qTPcW067CQUjdUL725vEVdfoI2I/25ANuqA==
4c962364-8041-45f7-8f75-73b407e9b41a
checkout.oyindonesia.com/b2x/v2/pay/enc/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://checkout.oyindonesia.com/b2x/v2/pay/enc/4c962364-8041-45f7-8f75-73b407e9b41a
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/static/js/main.fed9aac4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.39.117 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.39.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
7a22f8153a5634010140462366a98cda0c94e7ba3dc8dfa13156e245fcd4fd70
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options sameorigin

Request headers

Accept
application/json, text/plain, */*
Referer
https://pay.oyindonesia.com/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sun, 19 Mar 2023 03:40:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 google
server
nginx
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
X-Requested-by,Accept-encoding,X-Oy-Authorization,X-Oy-Username,DNT,Accept-Language,Content-Length,Host,Origin,Referer,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@700&family=Inter:wght@400;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c04::5e , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://pay.oyindonesia.com
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sun, 19 Mar 2023 03:10:29 GMT
x-content-type-options
nosniff
age
1782
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37924
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 20:54:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 18 Mar 2024 03:10:29 GMT
7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v12/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@700&family=Inter:wght@400;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c04::5e , Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://pay.oyindonesia.com
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Thu, 16 Mar 2023 11:39:12 GMT
x-content-type-options
nosniff
age
230459
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21724
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:29:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Mar 2024 11:39:12 GMT
clarity.js
www.clarity.ms/eus-d-sc/s/0.7.4/ 		55 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/eus-d-sc/s/0.7.4/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/a8z8uhsmzg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:4f:1::71 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
eb26f2d6058505cd1dbe32619149aee2b11f70bcf37c34cdf5ad879c68a9abc5

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sun, 19 Mar 2023 03:40:10 GMT
content-encoding
br
last-modified
Wed, 01 Jun 2022 12:22:22 GMT
server
nginx/1.18.0 (Ubuntu)
x-azure-ref-originshield
0/AQWZAAAAADiX2PT/zRTT6jQ7H+dwqnCU0lOMjIxMDgwNzE3MDQ3ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
etag
"1d9581e219711cd"
x-azure-ref
0G4QWZAAAAAAohQb/IfJAS4zTtbJQ8ArNU0lOMzBFREdFMDIyMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache
TCP_HIT
content-type
application/javascript;charset=utf-8
cache-control
public,max-age=86400
accept-ranges
bytes
request-context
appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=D415F08613544B6C811FC0DE8CA959BA&RedC=c.clarity.ms&MXFR=38F4489EBED261B9167C5A47BAD26FD6
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D415F08613544B6C811FC0DE8CA959BA&MUID=2E69D6A01FF46DE80116C4791EAE6C82
42 B
464 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D415F08613544B6C811FC0DE8CA959BA&MUID=2E69D6A01FF46DE80116C4791EAE6C82
Protocol
H2
Server
20.125.62.241 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 19 Mar 2023 03:40:11 GMT
last-modified
Mon, 13 Mar 2023 18:17:02 GMT
server
Microsoft-IIS/10.0
etag
"206d6b2d855d91:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Sun, 19 Mar 2023 03:40:11 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 1A96B3094E2E4E63A74FFD3BD5DA7FB3 Ref B: SIN30EDGE0815 Ref C: 2023-03-19T03:40:11Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=D415F08613544B6C811FC0DE8CA959BA&MUID=2E69D6A01FF46DE80116C4791EAE6C82
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
collect
u.clarity.ms/ 		0
299 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://u.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/eus-d-sc/s/0.7.4/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://pay.oyindonesia.com/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://pay.oyindonesia.com
Date
Sun, 19 Mar 2023 03:40:12 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81
4c962364-8041-45f7-8f75-73b407e9b41a
checkout.oyindonesia.com/b2x/v2/pay/status/enc/ 		508 B
359 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://checkout.oyindonesia.com/b2x/v2/pay/status/enc/4c962364-8041-45f7-8f75-73b407e9b41a
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/static/js/main.fed9aac4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.39.117 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.39.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
7b53d643d19202213a861ea55d0c599a656fb30dc692f54623dcb3280c670e43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options sameorigin

Request headers

Accept
application/json, text/plain, */*
Referer
https://pay.oyindonesia.com/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sun, 19 Mar 2023 03:40:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 google
server
nginx
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
X-Requested-by,Accept-encoding,X-Oy-Authorization,X-Oy-Username,DNT,Accept-Language,Content-Length,Host,Origin,Referer,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
oy.svg
s3-ap-southeast-1.amazonaws.com/oy-static-assets/pay/uiicon/logo/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3-ap-southeast-1.amazonaws.com/oy-static-assets/pay/uiicon/logo/oy.svg
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/static/js/main.fed9aac4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.36.129 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-ap-southeast-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
d1d92e140f9d9b655a42745538a37eac9e9f6a585d5baadd34e2264f12049bc0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Sun, 19 Mar 2023 03:40:12 GMT
Last-Modified
Wed, 16 Mar 2022 05:59:33 GMT
Server
AmazonS3
x-amz-request-id
D5AEEJY98GTYHHMM
ETag
"a9f92842d32e611bf1e10d5ad47ce613"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
5195
x-amz-id-2
z+KlP/FsKpprzSN5iqkvuvi28nvDVkRhvRKVixHQfBLns/6OuK5PFvCsskJ1FFUZ7aWhU9qfyt8=
mcp.svg
s3-ap-southeast-1.amazonaws.com/oy-static-assets/pay/uiicon/logo/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3-ap-southeast-1.amazonaws.com/oy-static-assets/pay/uiicon/logo/mcp.svg
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/static/js/main.fed9aac4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.36.129 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-ap-southeast-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
16da21ac3f7dac5b058c7bb1f1ba522cef0533ded9a9fcdd58a5571bc0074fc0

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Sun, 19 Mar 2023 03:40:12 GMT
Last-Modified
Wed, 16 Mar 2022 05:59:35 GMT
Server
AmazonS3
x-amz-request-id
D5AB3WVEFQ5XSG5D
ETag
"97cc8821017d60769d99201ea455a6b3"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
17855
x-amz-id-2
e/KQdR1CdJ5ZWXvNNvp8t7kU8Bs8w6Y71GxHgBIlMedvs907H3DhPSVYvY+KHkR+oPBpsdcgmPM=
bank-indonesia.svg
oy-static-assets.s3.ap-southeast-1.amazonaws.com/pay/images/ 		254 KB
254 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oy-static-assets.s3.ap-southeast-1.amazonaws.com/pay/images/bank-indonesia.svg
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/static/js/main.fed9aac4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.5.148.189 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-ap-southeast-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
0b81eac837a281e2358a58c04e06a976614229757f51b1c4cc539c504ff2f6da

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Sun, 19 Mar 2023 03:40:12 GMT
Last-Modified
Mon, 04 Jul 2022 08:40:46 GMT
Server
AmazonS3
x-amz-request-id
D5AFG1CDXQQ30Q11
ETag
"975689f1f6eab6e78eb5f7a0e463efac"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
259689
x-amz-id-2
n+lJblxOmEOGpE/JG/8GN+Jo4NRebsiAQ0UCdSZQZVbjgq28mgeEg1J/QlFvLjjLS2GeNMPdE9vyiMr+xloSEA==
LOGO-RAJA-LIBURAN.png
rajaliburan.id/wp-content/uploads/2021/12/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rajaliburan.id/wp-content/uploads/2021/12/LOGO-RAJA-LIBURAN.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
109.106.252.10 , Singapore, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv126.niagahoster.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://pay.oyindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers
httpapi
api2.amplitude.com/2/ 		94 B
287 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/static/js/main.fed9aac4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.210.147.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-210-147-195.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
4d24fe2afd0049f25c84f7d06cb8e082673c66392385509d09b2a96bb96868e7
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
*/*
Referer
https://pay.oyindonesia.com/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Sun, 19 Mar 2023 03:40:12 GMT
strict-transport-security
max-age=15768000
trace-id
Root=1-6416841c-0c669cc6780e3d1f5b9c3cdf
content-length
94
access-control-allow-methods
GET, POST
content-type
application/json
httpapi
api2.amplitude.com/2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.210.147.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-210-147-195.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://pay.oyindonesia.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, POST
access-control-allow-origin
*
content-length
0
date
Sun, 19 Mar 2023 03:40:12 GMT
strict-transport-security
max-age=15768000
event
api.oyindonesia.com/api/fluentd/v1/ 		93 B
124 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.oyindonesia.com/api/fluentd/v1/event
Requested by
Host: pay.oyindonesia.com
URL: https://pay.oyindonesia.com/static/js/main.fed9aac4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.39.117 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.39.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
bfd72454712c58322d6619b5468df5f03aacc3740dd42b8b0900167cf5528d28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options sameorigin

Request headers

Accept
*/*
Referer
https://pay.oyindonesia.com/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 19 Mar 2023 03:40:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 google
server
nginx
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
X-Requested-by,Accept-encoding,X-Oy-Authorization,X-Oy-Username,X-Api-Key,X-Oy-Bitwise-Active,X-Oy-Platform,DNT,Accept-Language,Content-Length,Host,Origin,Referer,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
event
api.oyindonesia.com/api/fluentd/v1/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.oyindonesia.com/api/fluentd/v1/event
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.39.117 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
117.39.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://pay.oyindonesia.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Origin, X-Requested-With, Content-Type, Accept, X-Oy-Username, X-Oy-Authorization, X-Oy-Idempotency-Key, X-Oy-Bitwise-Active, X-Oy-Platform
access-control-allow-methods
GET, POST, OPTIONS, HEAD, DELETE, PUT
access-control-allow-origin
https://pay.oyindonesia.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 19 Mar 2023 03:40:12 GMT
server
nginx
via
1.1 google
collect
u.clarity.ms/ 		0
299 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://u.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/eus-d-sc/s/0.7.4/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://pay.oyindonesia.com/
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://pay.oyindonesia.com
Date
Sun, 19 Mar 2023 03:40:12 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| clarity function| axios number| __mobxInstanceCount object| __mobxGlobals function| _ object| regeneratorRuntime object| _growthbook object| analyticsConnectorInstances object| jsonData

12 Cookies

Domain/Path Name / Value
www.clarity.ms/ Name: CLID
Value: da372b434a394beb941af5b65152d4ef.20230319.20240318
.oyindonesia.com/ Name: _clck
Value: 12301io|1|fa1|0
.oyindonesia.com/ Name: AMP_e52be39cc0
Value: JTdCJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJkZXZpY2VJZCUyMiUzQSUyMjdlNzEwN2UxLTAwNGItNDViYy1hZWIyLTEzYzY0ZGZkY2Q0NyUyMiUyQyUyMmxhc3RFdmVudFRpbWUlMjIlM0ExNjc5MTk3MjExNjUyJTJDJTIyc2Vzc2lvbklkJTIyJTNBMTY3OTE5NzIxMTI1NSUyQyUyMnVzZXJJZCUyMiUzQSUyMjRjOTYyMzY0LTgwNDEtNDVmNy04Zjc1LTczYjQwN2U5YjQxYSUyMiU3RA==
.bing.com/ Name: MUID
Value: 2E69D6A01FF46DE80116C4791EAE6C82
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 2E69D6A01FF46DE80116C4791EAE6C82
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 2E69D6A01FF46DE80116C4791EAE6C82
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0
.oyindonesia.com/ Name: _clsk
Value: 1h55eq8|1679197212156|1|1|u.clarity.ms/collect
.oyindonesia.com/ Name: AMP_MKTG_e52be39cc0
Value: JTdCJTdE

1 Console Messages

Source Level URL
Text
network error URL: https://rajaliburan.id/wp-content/uploads/2021/12/LOGO-RAJA-LIBURAN.png
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.oyindonesia.com
api2.amplitude.com
c.bing.com
c.clarity.ms
cdn.growthbook.io
cdnjs.cloudflare.com
checkout.oyindonesia.com
fonts.googleapis.com
fonts.gstatic.com
oy-static-assets.s3.ap-southeast-1.amazonaws.com
pay.oyindonesia.com
rajaliburan.id
s3-ap-southeast-1.amazonaws.com
u.clarity.ms
unpkg.com
www.clarity.ms
www.payment.rajaliburan.id
109.106.252.10
13.32.127.89
20.125.62.241
2404:6800:4003:c04::5e
2404:6800:4003:c11::5f
2606:4700::6810:7caf
2606:4700::6811:190e
2620:1ec:4f:1::71
2620:1ec:c11::200
3.5.148.189
34.120.39.117
34.210.147.195
4.227.249.197
52.219.36.129
0b81eac837a281e2358a58c04e06a976614229757f51b1c4cc539c504ff2f6da
16da21ac3f7dac5b058c7bb1f1ba522cef0533ded9a9fcdd58a5571bc0074fc0
3504bf3a87128c3e32d0082736cfa60691c79770b829ca95d3aad856d0239582
36c057fa6c82304d486487b9bfdd0a8619d9b2eae5bdb26a5f4304d154a0d8fd
3869204ab850b81500f6453e2e0c30a05622aa698c5d11e97d025aba5b6e7be8
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
4d24fe2afd0049f25c84f7d06cb8e082673c66392385509d09b2a96bb96868e7
5ea09271cdbbab576808acdd5d42192dd3d02e0eac991f1e1e4e8e31df1e83d9
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
6a5ed4bb4bb22800c5f3d7057a35cbdd8bb49686d8df119a8452122aa7b40b80
75962689a57807ddfd122144c78dc54bb83726ead8cb539a184742505afaf03b
7a22f8153a5634010140462366a98cda0c94e7ba3dc8dfa13156e245fcd4fd70
7b53d643d19202213a861ea55d0c599a656fb30dc692f54623dcb3280c670e43
9572e90c4c5686c16ab475ef5a20718c76cde50f7a1bd62467e658e1b595eddc
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d4452b8632b7b9c958504482cda3b05aa9842822664534f9e82cac1bc805251
bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347
bfd72454712c58322d6619b5468df5f03aacc3740dd42b8b0900167cf5528d28
d1d92e140f9d9b655a42745538a37eac9e9f6a585d5baadd34e2264f12049bc0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb26f2d6058505cd1dbe32619149aee2b11f70bcf37c34cdf5ad879c68a9abc5
ee679e1c72a8e046e33dee7ec72623c286dc9ea713030fb7c3573d82c7eecd03