urlscan.io logo urlscan.io
SecurityTrails logo

securecheckout.hit-pay.com Open in urlscan Pro
3.1.13.32  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://securecheckout.hit-pay.com/payment-request/@the-live-stations-pte-ltd/97cdb83a-2154-47cc-abbe-bc149f9ce767/checkout
Effective URL: https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Submission: On December 27 via api from SG — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 5 countries across 11 domains to perform 23 HTTP transactions. The main IP is 3.1.13.32, located in Singapore and belongs to AMAZON-02, US. The main domain is securecheckout.hit-pay.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 16th 2022. Valid for: a year.
This is the only time securecheckout.hit-pay.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

6    3.1.13.32 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-1-13-32.ap-southeast-1.compute.amazonaws.com
securecheckout.hit-pay.com
hit-pay.com
3    2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net
cdn.segment.com
1    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a00:1450:400d:80e::2008 (Ireland)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    44.236.160.142 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-236-160-142.us-west-2.compute.amazonaws.com
api.segment.io
2    2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:4025:401::9b (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
Apex Domain
Subdomains		 Transfer
6 hit-pay.com
securecheckout.hit-pay.com
hit-pay.com
5 MB
4 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1974
33 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 111
3 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 112
203 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 178
112 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 115
118 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 4227
501 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 156
354 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 4240
354 B
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1180
181 B
1 gstatic.com
fonts.gstatic.com
38 KB
23 11
Domain Requested by
4 cdn.segment.com securecheckout.hit-pay.com
cdn.segment.com
4 securecheckout.hit-pay.com 1 redirects securecheckout.hit-pay.com
3 fonts.googleapis.com securecheckout.hit-pay.com
2 www.facebook.com securecheckout.hit-pay.com
2 connect.facebook.net securecheckout.hit-pay.com
connect.facebook.net
2 www.googletagmanager.com securecheckout.hit-pay.com
www.googletagmanager.com
2 hit-pay.com securecheckout.hit-pay.com
1 www.google.de securecheckout.hit-pay.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 api.segment.io cdn.segment.com
1 fonts.gstatic.com fonts.googleapis.com
23 12

This site contains no links.

Subject Issuer Validity Valid
securecheckout.hit-pay.com
Go Daddy Secure Certificate Authority - G2		 2022-02-16 -
2023-03-20		 a year crt.sh
hit-pay.com
Go Daddy Secure Certificate Authority - G2		 2022-12-05 -
2024-01-06		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.segment.com
Amazon		 2022-12-13 -
2024-01-12		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-10-05 -
2023-01-03		 3 months crt.sh
*.segment.io
Amazon		 2022-02-10 -
2023-03-11		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Frame ID: D29BF9793CDABBF63DC3E49BAD2AE9FB
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Checkout - HitPay

Page URL History Show full URLs

  1. https://securecheckout.hit-pay.com/payment-request/@the-live-stations-pte-ltd/97cdb83a-2154-47cc-abbe-bc149f9ce... HTTP 302
    https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

23
Requests

100 %
HTTPS

73 %
IPv6

11
Domains

12
Subdomains

11
IPs

5
Countries

5158 kB
Transfer

5761 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://securecheckout.hit-pay.com/payment-request/@the-live-stations-pte-ltd/97cdb83a-2154-47cc-abbe-bc149f9ce767/checkout HTTP 302
    https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request completed
securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/
Redirect Chain
  • https://securecheckout.hit-pay.com/payment-request/@the-live-stations-pte-ltd/97cdb83a-2154-47cc-abbe-bc149f9ce767/checkout
  • https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
16 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.1.13.32 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-13-32.ap-southeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
0b15da65e7c68351db4f830cf3e395efbd0ee86c2bbd1110b5bc20dc3d0f570a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' ecwid.com *.ecwid.com

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, private
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
frame-ancestors 'self' ecwid.com *.ecwid.com
Content-Type
text/html; charset=UTF-8
Date
Tue, 27 Dec 2022 01:41:45 GMT
Server
nginx/1.14.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Origin

Redirect headers

Cache-Control
no-cache, private
Connection
keep-alive
Content-Security-Policy
frame-ancestors 'self' ecwid.com *.ecwid.com
Content-Type
text/html; charset=UTF-8
Date
Tue, 27 Dec 2022 01:41:44 GMT
Location
https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Server
nginx/1.14.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Origin
app.js
securecheckout.hit-pay.com/js/ 		4 MB
4 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://securecheckout.hit-pay.com/js/app.js?id=cea5b91ea4774178d2c8
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.1.13.32 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-13-32.ap-southeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
8c1f687438be90e16e506395a332541880c46694f1bc5bf43a4738c04d8d188f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Tue, 27 Dec 2022 01:41:45 GMT
Last-Modified
Fri, 23 Dec 2022 06:44:13 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"63a54e3d-44bfcc"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4505548
app.css
securecheckout.hit-pay.com/css/ 		394 KB
395 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securecheckout.hit-pay.com/css/app.css?id=19ea66cac59f131f7d88
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.1.13.32 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-13-32.ap-southeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
01fd461a14c347a5007e7aa83c878d7990869f90f4b2f71037fcab2617faa7ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Tue, 27 Dec 2022 01:41:45 GMT
Last-Modified
Thu, 15 Dec 2022 16:20:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"639b4944-629ce"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
403918
logo.png
hit-pay.com/icons/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hit-pay.com/icons/logo.png
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.1.13.32 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-13-32.ap-southeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
716244ac94ff06d56f65eeda0655669398162e4f91f84662b3cd284c73a8316e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Tue, 27 Dec 2022 01:41:47 GMT
Last-Modified
Fri, 24 Jul 2020 22:58:46 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5f1b67a6-d428"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
54312
check.png
hit-pay.com/icons/ 		431 B
678 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hit-pay.com/icons/check.png
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.1.13.32 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-13-32.ap-southeast-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
0343eac99fbf52d2123ed93b1893439d45b0291680c6e3666f26c4060d6469d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Tue, 27 Dec 2022 01:41:47 GMT
Last-Modified
Fri, 24 Jul 2020 22:58:46 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5f1b67a6-1af"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
431
css
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,700
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/css/app.css?id=19ea66cac59f131f7d88
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7a695d75ed5265fb2f07d7f73e41ffe4acea9b5c5f6573294038d5ef560a0086
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 27 Dec 2022 01:41:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 27 Dec 2022 00:02:54 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 27 Dec 2022 01:41:46 GMT
css2
fonts.googleapis.com/ 		10 KB
772 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@200%3B400%3B500%3B600%3B700
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/css/app.css?id=19ea66cac59f131f7d88
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4225c7bd3f257719179ca0ccca2ac623179997c09e8374962ab15ef5010036a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 27 Dec 2022 01:41:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 27 Dec 2022 01:41:46 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 27 Dec 2022 01:41:46 GMT
css2
fonts.googleapis.com/ 		4 KB
591 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Nobile:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/css/app.css?id=19ea66cac59f131f7d88
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b00401e46d7babe80e831b5cd7533ff82290b97d3713a184fab40d1bba2d0ea3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 27 Dec 2022 01:41:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 27 Dec 2022 01:41:46 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 27 Dec 2022 01:41:46 GMT
analytics.min.js
cdn.segment.com/analytics.js/v1/Dvu3AfSekVmVrrz4qwjmgPMqwMjCHQw5/ 		100 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/Dvu3AfSekVmVrrz4qwjmgPMqwMjCHQw5/analytics.min.js
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
455da5d597790aba8631794608a088a7a45a63e8d7e1f26467031a737fa70d7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id
hQp1_XAc4i98tHjJri_ePcEF9tBzgnIz
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
date
Tue, 27 Dec 2022 01:41:48 GMT
x-amz-cf-pop
FRA6-C1
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 14 Dec 2022 00:11:12 GMT
server
AmazonS3
etag
W/"64b71263bc439ce99449c55a7b5a3a26"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
Y_yz1D0AZxKC5BDNieizzs4DSRTqLoEnFA2hrBIt0fAozay_HglAAQ==
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@200%3B400%3B500%3B600%3B700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securecheckout.hit-pay.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 23 Dec 2022 20:27:19 GMT
x-content-type-options
nosniff
age
278067
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37924
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 20:54:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 23 Dec 2023 20:27:19 GMT
gtm.js
www.googletagmanager.com/ 		114 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NW5HN32
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/js/app.js?id=cea5b91ea4774178d2c8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ff722abd19c82101d310387fb3288e2e595a88f6490b375fb2b4adca7f74e392
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 27 Dec 2022 01:41:47 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42862
x-xss-protection
0
last-modified
Tue, 27 Dec 2022 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 27 Dec 2022 01:41:47 GMT
fbevents.js
connect.facebook.net/en_US/ 		103 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
55c4e9ba07b641e64caa17bfcbdc63b1721a58554bd449401e600db3f6b95cf9
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 27 Dec 2022 01:41:47 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27298
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
Zn7Ngnzs9OmuFLoZ2s43TU2br0mn4Z/p3j86r9YrwqSx9jJALUrg6Ao+ZEZhJ2DJVUmMLUxMwaaSHT9O9digTQ==
x-fb-trip-id
2050670934
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		217 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-Q2XTP3W7YM&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NW5HN32
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3134522003c47bae9f6eb297f6dcda37d36c292e2305978bec50a59dae4fd357
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 27 Dec 2022 01:41:47 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
76977
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 27 Dec 2022 01:41:47 GMT
425852341832294
connect.facebook.net/signals/config/ 		293 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/425852341832294?v=2.9.90&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a7a05fca001e94d4f8e18b79f2f6b00e227a43f03b553fdc60fed73118576e63
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 27 Dec 2022 01:41:47 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
/20pesZSVLU0OxC9e3/6jyHPSURSsSo4lToMw+RodIbYwYJlfSbXWOQvu6sVsCoXGAWasymlK1txlkzLQawhmw==
x-fb-trip-id
2050670934
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
settings
cdn.segment.com/v1/projects/Dvu3AfSekVmVrrz4qwjmgPMqwMjCHQw5/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/Dvu3AfSekVmVrrz4qwjmgPMqwMjCHQw5/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/Dvu3AfSekVmVrrz4qwjmgPMqwMjCHQw5/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
407aa305ae1993bf4378b95c02b411a095ec8122de796aa48b238bd30b4c11a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id
wsT7Bxi68BK7wXS.Y1vD73AXLjYk41iI
content-encoding
br
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
date
Tue, 27 Dec 2022 00:42:08 GMT
x-amz-cf-pop
FRA6-C1
age
5725
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 02 Dec 2022 07:03:15 GMT
server
AmazonS3
etag
W/"3189de773a5d08c2c2b7831fc6fc8a45"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
G-BN_j0Pn1OiiLBito4C6hArUR1Xf5FD5Mha6yjaL7LI-mvz8vnL7A==
ajs-destination.bundle.1466bb14223e695495e6.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.1466bb14223e695495e6.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/Dvu3AfSekVmVrrz4qwjmgPMqwMjCHQw5/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1aab3c7efa1174866dc81b505ba5bc940bec1200e2b11758484cce9cf8f2cd43

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 03:00:42 GMT
x-amz-version-id
laxW76Utysumpt4PGNIVrD2EkpEC_Vx5
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
1636865
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 08 Dec 2022 00:52:27 GMT
server
AmazonS3
etag
W/"238b8357fd89fec8e05754f2e8550aa2"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
cQrWFoaJXt1KBby8kDUzJPJwSmmnvW_9cmPKEu-0VCGlWXJY6LrPPQ==
schemaFilter.bundle.debb169c1abb431faaa6.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.debb169c1abb431faaa6.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/Dvu3AfSekVmVrrz4qwjmgPMqwMjCHQw5/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e8771b238c60c36fc935fd2dad0aed6e70cea50a635ff4f89f394a968a258c42

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sat, 05 Nov 2022 02:10:35 GMT
x-amz-version-id
PLd.pUpm7LMRbNOoL15lZ8ocuYHxqnzt
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
4491073
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Sat, 05 Nov 2022 01:03:42 GMT
server
AmazonS3
etag
W/"3e448afdfea355c0f19700d04431ce7d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
0fJy1J2VAIPhuid3K2vn0H3_Zf4gYNu3i0zXc4q_ZDGipB3FCyEiyw==
p
api.segment.io/v1/ 		21 B
181 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/Dvu3AfSekVmVrrz4qwjmgPMqwMjCHQw5/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.236.160.142 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-236-160-142.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securecheckout.hit-pay.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securecheckout.hit-pay.com
date
Tue, 27 Dec 2022 01:41:47 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=425852341832294&ev=PageView&dl=https%3A%2F%2Fsecurecheckout.hit-pay.com%2Fpayment-request%2F97cdbce7-db2e-4db8-aa62-30c123a3110f%2Fcompleted&rl=&if=false&ts=1672105307572&sw=1600&sh=1200&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1672105307571.570418425&it=1672105307458&coo=false&rqm=GET
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 27 Dec 2022 01:41:47 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
collect
region1.analytics.google.com/g/ 		0
354 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-Q2XTP3W7YM&gtm=2oebu0&_p=673133170&_gaz=1&cid=664158845.1672105308&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&dl=%2Fpayment-request%2F97cdbce7-db2e-4db8-aa62-30c123a3110f%2Fcompleted&sid=1672105307&sct=1&seg=0&dt=Checkout%20-%20HitPay&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Q2XTP3W7YM&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Dec 2022 01:41:47 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securecheckout.hit-pay.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
354 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-Q2XTP3W7YM&cid=664158845.1672105308&gtm=2oebu0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Q2XTP3W7YM&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4025:401::9b Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Dec 2022 01:41:47 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securecheckout.hit-pay.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q2XTP3W7YM&cid=664158845.1672105308&gtm=2oebu0&aip=1&z=1514736299
Requested by
Host: securecheckout.hit-pay.com
URL: https://securecheckout.hit-pay.com/payment-request/97cdbce7-db2e-4db8-aa62-30c123a3110f/completed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Dec 2022 01:41:47 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=425852341832294&ev=Microdata&dl=https%3A%2F%2Fsecurecheckout.hit-pay.com%2Fpayment-request%2F97cdbce7-db2e-4db8-aa62-30c123a3110f%2Fcompleted&rl=&if=false&ts=1672105309075&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Checkout%20%20-%20HitPay%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1672105307571.570418425&it=1672105307458&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securecheckout.hit-pay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 27 Dec 2022 01:41:49 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| analytics object| antiClickjack object| $zeroDecimalCurrencies function| setImmediate function| clearImmediate function| _ function| Popper function| jQuery function| $ function| axios function| Vue object| dataLayer object| regeneratorRuntime object| core object| google_tag_manager object| google_tag_data function| fbq function| _fbq object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext function| onYouTubeIframeAPIReady object| gaGlobal

5 Cookies

Domain/Path Name / Value
.hit-pay.com/ Name: hitpay_session
Value: eyJpdiI6InI3dFE5S2ZYb3pMSlhUVS9lemhGNGc9PSIsInZhbHVlIjoiY00xTUJIR3BhTUhjSmVzaUhlS3FpUHF3cE9DckpJMXNXQVplb0haY3Z1dWNQTHE1YzhNWjY3T2hiNG9vejRodlpCK0FiUTE2QmhBUGVCQTZIQUo4VjlZeUR4SDVINkVBU2xsenR6TUlNQ29VRlZ5Nm50WWtpVDFFV2EydUM3Nk0iLCJtYWMiOiIyZWI4NTEwM2YwOTI1NzQ2NTgxZTEzMDZiZGJmMDdiMGI2OTU0MWQ1YTAyNjkxMmYxOTZhOTY5MWY2NzBmZGQwIiwidGFnIjoiIn0%3D
.hit-pay.com/ Name: ajs_anonymous_id
Value: 31871ee1-ae4d-49e2-bd22-08880515530b
.hit-pay.com/ Name: _fbp
Value: fb.1.1672105307571.570418425
.hit-pay.com/ Name: _ga_Q2XTP3W7YM
Value: GS1.1.1672105307.1.0.1672105307.60.0.0
.hit-pay.com/ Name: _ga
Value: GA1.1.664158845.1672105308

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' ecwid.com *.ecwid.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
cdn.segment.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
hit-pay.com
region1.analytics.google.com
securecheckout.hit-pay.com
stats.g.doubleclick.net
www.facebook.com
www.google.de
www.googletagmanager.com
2001:4860:4802:32::36
2a00:1450:4001:801::200a
2a00:1450:4001:809::2003
2a00:1450:4001:80b::2003
2a00:1450:400d:80e::2008
2a00:1450:4025:401::9b
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
3.1.13.32
44.236.160.142
99.86.8.175
01fd461a14c347a5007e7aa83c878d7990869f90f4b2f71037fcab2617faa7ab
0343eac99fbf52d2123ed93b1893439d45b0291680c6e3666f26c4060d6469d4
0b15da65e7c68351db4f830cf3e395efbd0ee86c2bbd1110b5bc20dc3d0f570a
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1aab3c7efa1174866dc81b505ba5bc940bec1200e2b11758484cce9cf8f2cd43
3134522003c47bae9f6eb297f6dcda37d36c292e2305978bec50a59dae4fd357
407aa305ae1993bf4378b95c02b411a095ec8122de796aa48b238bd30b4c11a1
4225c7bd3f257719179ca0ccca2ac623179997c09e8374962ab15ef5010036a3
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
455da5d597790aba8631794608a088a7a45a63e8d7e1f26467031a737fa70d7a
55c4e9ba07b641e64caa17bfcbdc63b1721a58554bd449401e600db3f6b95cf9
716244ac94ff06d56f65eeda0655669398162e4f91f84662b3cd284c73a8316e
7a695d75ed5265fb2f07d7f73e41ffe4acea9b5c5f6573294038d5ef560a0086
8c1f687438be90e16e506395a332541880c46694f1bc5bf43a4738c04d8d188f
a7a05fca001e94d4f8e18b79f2f6b00e227a43f03b553fdc60fed73118576e63
b00401e46d7babe80e831b5cd7533ff82290b97d3713a184fab40d1bba2d0ea3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8771b238c60c36fc935fd2dad0aed6e70cea50a635ff4f89f394a968a258c42
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ff722abd19c82101d310387fb3288e2e595a88f6490b375fb2b4adca7f74e392