urlscan.io logo urlscan.io
SecurityTrails logo

go.payreq.com Open in urlscan Pro
13.237.128.168  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://go.payreq.com/
Effective URL: https://go.payreq.com/portal/customer/login
Submission Tags: demotag1 demotag2 Search All
Submission: On April 26 via api from AU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 13.237.128.168, located in Sydney, Australia and belongs to AMAZON-02, US. The main domain is go.payreq.com.
TLS certificate: Issued by Amazon on November 10th 2021. Valid for: a year.
This is the only time go.payreq.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 12 13.237.128.168 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
13 4
Apex Domain
Subdomains		 Transfer
12 payreq.com
go.payreq.com
1 MB
1 gstatic.com
fonts.gstatic.com
31 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 39
1014 B
13 3
Domain Requested by
12 go.payreq.com 1 redirects go.payreq.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com go.payreq.com
13 3

This site contains no links.

Subject Issuer Validity Valid
go.payreq.com
Amazon		 2021-11-10 -
2022-12-09		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://go.payreq.com/portal/customer/login
Frame ID: F79497CBCED811CFDC1BB55490EA7B91
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Payreq

Page URL History Show full URLs

  1. https://go.payreq.com/ HTTP 302
    https://go.payreq.com/portal/customer/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

13
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

1273 kB
Transfer

3745 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://go.payreq.com/ HTTP 302
    https://go.payreq.com/portal/customer/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
go.payreq.com/portal/customer/
Redirect Chain
  • https://go.payreq.com/
  • https://go.payreq.com/portal/customer/login
762 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://go.payreq.com/portal/customer/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.128.168 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-128-168.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
afa81ec4c0cdf124b6927101f6f2a178e9e0dc5608bc23b2afbd3777b271eaf9
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' *.cloudflare.com *.paydock.com cdn.datatables.net cdn.zingchart.com fonts.gstatic.com blob:; img-src * data: https:; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'none'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache,no-store
content-length
762
content-security-policy
default-src 'self' 'unsafe-eval' *.cloudflare.com *.paydock.com cdn.datatables.net cdn.zingchart.com fonts.gstatic.com blob:; img-src * data: https:; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'none'
content-type
text/html; charset=UTF-8
date
Tue, 26 Apr 2022 23:16:30 GMT
feature-policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; wake-lock 'none'; vr 'none';
referrer-policy
same-origin
server
Apache
strict-transport-security
max-age=63072000; includeSubdomains; preload max-age=31536000; includeSubDomains
x-content-type-options
nosniff nosniff
x-frame-options
sameorigin
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-type
application/octet-stream
date
Tue, 26 Apr 2022 23:16:30 GMT
location
/portal/customer/login
server
Apache
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
css
fonts.googleapis.com/ 		4 KB
1014 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Muli:400,400i,700,700i&display=swap
Requested by
Host: go.payreq.com
URL: https://go.payreq.com/portal/customer/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b82181dfeb8d8a77ff113e50fd4212a15e2f56ad2a5c73413047ddf06bc7d657
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 23:16:30 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 26 Apr 2022 23:16:30 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 26 Apr 2022 23:16:30 GMT
2.d218d83a.chunk.css
go.payreq.com/payreq-ui/static/css/ 		329 KB
73 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://go.payreq.com/payreq-ui/static/css/2.d218d83a.chunk.css
Requested by
Host: go.payreq.com
URL: https://go.payreq.com/portal/customer/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.128.168 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-128-168.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
fd56eb0ea654577529a41c963d688ef53c941e938523e0f3b0b0a92e57b6a68f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.payreq.com/portal/customer/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 23:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 07 Apr 2022 00:09:26 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
strict-transport-security
max-age=63072000; includeSubdomains; preload
main.3be87d49.chunk.css
go.payreq.com/payreq-ui/static/css/ 		61 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://go.payreq.com/payreq-ui/static/css/main.3be87d49.chunk.css
Requested by
Host: go.payreq.com
URL: https://go.payreq.com/portal/customer/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.128.168 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-128-168.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
b1c2efe133ef93f9e9a8ac101804a0b1be486f183c8cfc59fea5928471714a51
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.payreq.com/portal/customer/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 23:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 07 Apr 2022 00:09:26 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
strict-transport-security
max-age=63072000; includeSubdomains; preload
runtime-main.dbd83393.js
go.payreq.com/payreq-ui/static/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.payreq.com/payreq-ui/static/js/runtime-main.dbd83393.js
Requested by
Host: go.payreq.com
URL: https://go.payreq.com/portal/customer/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.128.168 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-128-168.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
db81279967645a732e2bdb250dd7ae9f3d367be7d1a8286c19c4db35499686af
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.payreq.com/portal/customer/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 23:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 07 Apr 2022 00:09:26 GMT
server
Apache
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-length
1256
2.accfd12b.chunk.js
go.payreq.com/payreq-ui/static/js/ 		2 MB
713 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.payreq.com/payreq-ui/static/js/2.accfd12b.chunk.js
Requested by
Host: go.payreq.com
URL: https://go.payreq.com/portal/customer/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.128.168 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-128-168.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
4ec34c53f173628de3952b0ab1030a15c11be66e0ab2d96213a8fafbee9526ce
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.payreq.com/portal/customer/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 23:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 07 Apr 2022 00:09:26 GMT
server
Apache
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=63072000; includeSubdomains; preload
main.b53b67fa.chunk.js
go.payreq.com/payreq-ui/static/js/ 		627 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.payreq.com/payreq-ui/static/js/main.b53b67fa.chunk.js
Requested by
Host: go.payreq.com
URL: https://go.payreq.com/portal/customer/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.128.168 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-128-168.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
4cb2f1bc63271f51b41d688a2d6611ca6b3283a44c676e7ebd5e77170b78c991
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.payreq.com/portal/customer/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 23:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 07 Apr 2022 00:09:26 GMT
server
Apache
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=63072000; includeSubdomains; preload
pdf.worker.entry.3a6c78dc.worker.js
go.payreq.com/payreq-ui/static/js/ 		668 KB
193 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://go.payreq.com/payreq-ui/static/js/pdf.worker.entry.3a6c78dc.worker.js
Requested by
Host: go.payreq.com
URL: https://go.payreq.com/portal/customer/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.128.168 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-128-168.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
aaf0c69a23353a8a5ecc9693860940f1c39a847d74fbb6961d4309deba8c2887
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.payreq.com/portal/customer/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 23:16:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 07 Apr 2022 00:09:26 GMT
server
Apache
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=63072000; includeSubdomains; preload
login-session
go.payreq.com/auth/ 		17 B
907 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://go.payreq.com/auth/login-session
Requested by
Host: go.payreq.com
URL: https://go.payreq.com/payreq-ui/static/js/2.accfd12b.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.128.168 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-128-168.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' *.cloudflare.com *.paydock.com cdn.datatables.net cdn.zingchart.com fonts.gstatic.com blob:; img-src * data: https:; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'none'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Cache-Control
no-store
Referer
https://go.payreq.com/portal/customer/login
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 23:16:33 GMT
referrer-policy
same-origin
server
Apache
x-frame-options
sameorigin
content-type
application/json;charset=utf-8
x-xss-protection
1; mode=block
cache-control
no-cache,no-store
feature-policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; wake-lock 'none'; vr 'none';
content-security-policy
default-src 'self' 'unsafe-eval' *.cloudflare.com *.paydock.com cdn.datatables.net cdn.zingchart.com fonts.gstatic.com blob:; img-src * data: https:; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'none'
strict-transport-security
max-age=63072000; includeSubdomains; preload, max-age=31536000; includeSubDomains
content-length
17
x-content-type-options
nosniff, nosniff
csrf
go.payreq.com/sys/ 		92 B
924 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://go.payreq.com/sys/csrf
Requested by
Host: go.payreq.com
URL: https://go.payreq.com/payreq-ui/static/js/2.accfd12b.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.128.168 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-128-168.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
640de476408d0bc30accce6e34ff5bdd04a83035041eaa2be23be3c0388e9eea
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' *.cloudflare.com *.paydock.com cdn.datatables.net cdn.zingchart.com fonts.gstatic.com blob:; img-src * data: https:; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'none'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Cache-Control
no-store
Referer
https://go.payreq.com/portal/customer/login
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 23:16:33 GMT
referrer-policy
same-origin
server
Apache
x-frame-options
sameorigin
content-type
application/json;charset=utf-8
x-xss-protection
1; mode=block
cache-control
no-cache,no-store
feature-policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; wake-lock 'none'; vr 'none';
content-security-policy
default-src 'self' 'unsafe-eval' *.cloudflare.com *.paydock.com cdn.datatables.net cdn.zingchart.com fonts.gstatic.com blob:; img-src * data: https:; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'none'
strict-transport-security
max-age=63072000; includeSubdomains; preload, max-age=31536000; includeSubDomains
content-length
92
x-content-type-options
nosniff, nosniff
config
go.payreq.com/sys/ 		827 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://go.payreq.com/sys/config
Requested by
Host: go.payreq.com
URL: https://go.payreq.com/payreq-ui/static/js/2.accfd12b.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.128.168 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-128-168.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
ad296a18e5605db25c87f1e04ccd16e334c15e011f416715aaa7ba98e25ee81c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' *.cloudflare.com *.paydock.com cdn.datatables.net cdn.zingchart.com fonts.gstatic.com blob:; img-src * data: https:; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'none'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Cache-Control
no-store
Referer
https://go.payreq.com/portal/customer/login
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 23:16:33 GMT
referrer-policy
same-origin
server
Apache
x-frame-options
sameorigin
content-type
application/json;charset=utf-8
x-xss-protection
1; mode=block
cache-control
no-cache,no-store
feature-policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; wake-lock 'none'; vr 'none';
content-security-policy
default-src 'self' 'unsafe-eval' *.cloudflare.com *.paydock.com cdn.datatables.net cdn.zingchart.com fonts.gstatic.com blob:; img-src * data: https:; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'none'
strict-transport-security
max-age=63072000; includeSubdomains; preload, max-age=31536000; includeSubDomains
content-length
827
x-content-type-options
nosniff, nosniff
7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v27/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/muli/v27/7Auwp_0qiz-afTLGLQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:400,400i,700,700i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e14a625deb5e7cb388813d12ff906c39d7140ead453b49a22cc7d11497035790
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://go.payreq.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 17:08:29 GMT
x-content-type-options
nosniff
age
22084
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31248
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:29:47 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 26 Apr 2023 17:08:29 GMT
payreq-logo-no-tagline.f869ec8c.png
go.payreq.com/payreq-ui/static/media/ 		97 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://go.payreq.com/payreq-ui/static/media/payreq-logo-no-tagline.f869ec8c.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.237.128.168 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-237-128-168.ap-southeast-2.compute.amazonaws.com
Software
Apache /
Resource Hash
6779fe466b8da36b3d06dd56e5e9e08be6f3b1f2bbc96fbce00824b8bc9ba34b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://go.payreq.com/portal/customer/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 23:16:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 07 Apr 2022 00:09:26 GMT
server
Apache
vary
Accept-Encoding
content-type
image/png
strict-transport-security
max-age=63072000; includeSubdomains; preload
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c94a942c65276ea003739cd31addd687835769d51d61fd6067b8ad63807f7775

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| webpackJsonppayreq-ui function| setImmediate function| clearImmediate object| regeneratorRuntime function| Payment

1 Cookies

Domain/Path Name / Value
go.payreq.com/ Name: id
Value: %3A4f263aab-cff0-4f64-98a7-c01d3ffabf0b

4 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'wake-lock'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'vr'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-eval' *.cloudflare.com *.paydock.com cdn.datatables.net cdn.zingchart.com fonts.gstatic.com blob:; img-src * data: https:; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'none'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block