urlscan.io logo urlscan.io
SecurityTrails logo

pay.cakto.com.br Open in urlscan Pro
2606:4700:20::681a:d55  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://pay.cakto.com.br/
Effective URL: https://pay.cakto.com.br/
Submission: On December 27 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 6 domains to perform 15 HTTP transactions. The main IP is 2606:4700:20::681a:d55, located in United States and belongs to CLOUDFLARENET, US. The main domain is pay.cakto.com.br.
TLS certificate: Issued by WE1 on December 10th 2024. Valid for: 3 months.
This is the only time pay.cakto.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 7 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a01:b740:a02... 6185 (APPLE-AUSTIN)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.198.23.205 396982 (GOOGLE-CL...)
15 8
7    2606:4700:20::681a:d55 (United States)

ASN13335 (CLOUDFLARENET, US)
pay.cakto.com.br
1    2606:4700::6812:ba1f (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    2a01:b740:a02:f100::8 (Amsterdam, Netherlands)

ASN6185 (APPLE-AUSTIN, US)
applepay.cdn-apple.com
2    2a00:1450:400c:c07::5c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
pay.google.com
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.logr-ingest.com
1    2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    104.198.23.205 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 205.23.198.104.bc.googleusercontent.com
r.logr-ingest.com
Apex Domain
Subdomains		 Transfer
7 cakto.com.br
pay.cakto.com.br
385 KB
2 logr-ingest.com
cdn.logr-ingest.com — Cisco Umbrella Rank: 11973
r.logr-ingest.com — Cisco Umbrella Rank: 12439
186 KB
2 google.com
pay.google.com — Cisco Umbrella Rank: 2834
49 KB
1 gstatic.com
www.gstatic.com
1 KB
1 cdn-apple.com
applepay.cdn-apple.com — Cisco Umbrella Rank: 12599
15 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 318
26 KB
15 6
Domain Requested by
7 pay.cakto.com.br 1 redirects pay.cakto.com.br
2 pay.google.com pay.cakto.com.br
pay.google.com
1 r.logr-ingest.com cdn.logr-ingest.com
1 www.gstatic.com
1 cdn.logr-ingest.com pay.cakto.com.br
1 applepay.cdn-apple.com pay.cakto.com.br
1 cdn.jsdelivr.net pay.cakto.com.br
15 7

This site contains no links.

Subject Issuer Validity Valid
pay.cakto.com.br
WE1		 2024-12-10 -
2025-03-10		 3 months crt.sh
*.jsdelivr.net
Sectigo RSA Domain Validation Secure Server CA		 2024-05-04 -
2025-05-04		 a year crt.sh
applepay.cdn-apple.com
Apple Public Server ECC CA 11 - G1		 2024-12-20 -
2025-03-20		 3 months crt.sh
*.google.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
logr-ingest.com
WE1		 2024-11-24 -
2025-02-22		 3 months crt.sh
*.gstatic.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
api.logrocket.com
R10		 2024-10-28 -
2025-01-26		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://pay.cakto.com.br/
Frame ID: 9901B68D9FCDB236501C5AC26A19E97F
Requests: 10 HTTP requests in this frame

Frame: https://pay.cakto.com.br/cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js
Frame ID: 08E8A27C762D39D9B489B4751E7C1B5A
Requests: 2 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fpay.cakto.com.br&mid=
Frame ID: EAE89C17C3367F65719A7759F567A903
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cakto

Page URL History Show full URLs

  1. http://pay.cakto.com.br/ HTTP 307
    https://pay.cakto.com.br/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • pay\.google\.com/([a-z/]+)/pay\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

15
Requests

80 %
HTTPS

86 %
IPv6

6
Domains

7
Subdomains

8
IPs

4
Countries

662 kB
Transfer

2404 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://pay.cakto.com.br/ HTTP 307
    https://pay.cakto.com.br/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://pay.cakto.com.br/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://pay.cakto.com.br/cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pay.cakto.com.br/
Redirect Chain
  • http://pay.cakto.com.br/
  • https://pay.cakto.com.br/
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.cakto.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a9fa7c4f39543bc5112e0191fd92cd11b87e6ba3a2f113a17c01ffdd628d868

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
771
cache-control
public,max-age=10,s-maxage=86400
cf-cache-status
DYNAMIC
cf-ray
8f8a2c1c2aa80482-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 27 Dec 2024 14:59:03 GMT
last-modified
Tue, 24 Dec 2024 14:26:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=swSRDE50f0GT8B%2FEloFtRmhpzQfPSpFGvU4HDk3KNvNM%2B%2FPi8tAf%2B2r1SwU34%2FZXmLukASodkLl%2FQjgEu9D14FfqOnvTDAhrITVR%2Bf2I2EWLXnTTkJSeNm2vPvlar0vbiOjaYSEK3KvIr66eA10%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=20366&min_rtt=20197&rtt_var=3302&sent=6&recv=11&lost=0&retrans=0&sent_bytes=3985&recv_bytes=2287&delivery_rate=194749&cwnd=254&unsent_bytes=0&cid=5f555c521a474f56&ts=59&x=0"
vary
Accept-Encoding
x-amz-request-id
tx00000cf1a2ffcc423bb0e-00676ac662-2032db68-nyc3d
x-do-app-origin
d4c13152-f7eb-4308-bc0c-2f94f5e97058
x-do-orig-status
200
x-do-static-catchall-document
index.html
x-envoy-upstream-healthchecked-cluster
x-rgw-object-type
Normal

Redirect headers

Location
https://pay.cakto.com.br/
Non-Authoritative-Reason
HttpsUpgrades
index-c700313a.js
pay.cakto.com.br/assets/ 		1 MB
342 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.cakto.com.br/assets/index-c700313a.js
Requested by
Host: pay.cakto.com.br
URL: https://pay.cakto.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
884fa1e76ec36d149663768966b1a5e19f1bdeb22cf2f4314167b96b220b7ed8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://pay.cakto.com.br
Referer
https://pay.cakto.com.br/

Response headers

x-envoy-upstream-healthchecked-cluster
content-encoding
gzip
cf-cache-status
HIT
etag
W/"50a9f7fffea26f349f82f6d09ff51eda"
age
1413
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hBKHZgEgmRYrWXUHet7l3k5M4%2FRPjEs9wYOiZ4pPtFedGbOFFe2qzSYpuqMK7rb3QNj3PjRuZLXpkEh25iF6eFHxqmnvXYLvvzM9QB5RbhJ7UoZdNB48a1dt3CZAblILTS2V%2FgZUrHvs%2B67u1Og%3D"}],"group":"cf-nel","max_age":604800}
server-timing
cfL4;desc="?proto=TCP&rtt=20351&min_rtt=20164&rtt_var=1883&sent=12&recv=15&lost=0&retrans=0&sent_bytes=7146&recv_bytes=2531&delivery_rate=326049&cwnd=256&unsent_bytes=0&cid=5f555c521a474f56&ts=102&x=0"
date
Fri, 27 Dec 2024 14:59:03 GMT
x-rgw-object-type
Normal
content-type
text/javascript; charset=utf-8
last-modified
Tue, 24 Dec 2024 14:26:30 GMT
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
public, max-age=14400, s-maxage=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-do-app-origin
d4c13152-f7eb-4308-bc0c-2f94f5e97058
x-amz-request-id
tx00000b7af820768483645-00676ac4b0-2032db68-nyc3d
x-do-static-catchall-document
index.html
cf-ray
8f8a2c1c8afb0482-FRA
server
cloudflare
x-do-orig-status
200
index-7f92c801.css
pay.cakto.com.br/assets/ 		75 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pay.cakto.com.br/assets/index-7f92c801.css
Requested by
Host: pay.cakto.com.br
URL: https://pay.cakto.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f92c80135b54c63bbdf637bc571cf0c4b6847a5c740f8aee749b68a7604c9d7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pay.cakto.com.br/

Response headers

x-envoy-upstream-healthchecked-cluster
content-encoding
gzip
cf-cache-status
HIT
etag
W/"ba05f4bb5ed327c8d026cb0310f0974b"
age
1412
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eYzKglba3mvfFOohtYmHivsGbSZ051202MgPnrBCf0qMPzK7n3ftf3PiCxH1tMxl%2FCojED6dyUG1vNY4Hew9j%2B5za7MELAR6Tlp4mqP0hZqVQEJCGhkFAdo3RygecqGuVTnV7CccZuZArYQ0wd4%3D"}],"group":"cf-nel","max_age":604800}
server-timing
cfL4;desc="?proto=TCP&rtt=20351&min_rtt=20164&rtt_var=1883&sent=68&recv=15&lost=0&retrans=0&sent_bytes=71274&recv_bytes=2531&delivery_rate=326049&cwnd=256&unsent_bytes=31872&cid=5f555c521a474f56&ts=103&x=0"
date
Fri, 27 Dec 2024 14:59:03 GMT
x-rgw-object-type
Normal
content-type
text/css; charset=utf-8
last-modified
Tue, 24 Dec 2024 14:26:30 GMT
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
public, max-age=14400, s-maxage=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-do-app-origin
d4c13152-f7eb-4308-bc0c-2f94f5e97058
x-amz-request-id
tx0000084dee6d2788ec42e-00676ac4b0-200a9e29-nyc3d
x-do-static-catchall-document
index.html
cf-ray
8f8a2c1c8afa0482-FRA
server
cloudflare
x-do-orig-status
200
payment-token-efi.min.js
cdn.jsdelivr.net/gh/efipay/js-payment-token-efi/dist/ 		89 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/efipay/js-payment-token-efi/dist/payment-token-efi.min.js
Requested by
Host: pay.cakto.com.br
URL: https://pay.cakto.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ba1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41cb2ab822ae81fda999ff43bfcedf76e98f1177593418ac4f460bd8fabbcab1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pay.cakto.com.br/

Response headers

access-control-expose-headers
*
content-encoding
br
cf-cache-status
HIT
etag
W/"16431-DXknEO/ClA5dBJ28ih8D/Q2Ao7w"
age
26713
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xa9NKEwRzuZNkNAj6MMI0lgA4iFlEbvJLqn9LM7CwLszP5Nb3NCFwFmLeiloRQJWZ9J2rgDn9TjshIhedA3gmmV53l3bE45q1aCKVuwoL3CjlsYj0Dly1Z8y%2F9HhQMUxyXIx7GurlgQSuAhLa%2Bc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443"; ma=86400
x-cache
HIT, HIT
date
Fri, 27 Dec 2024 14:59:03 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220034-FRA, cache-lga21924-LGA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8f8a2c1ce867362a-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
25763
server
cloudflare
x-jsd-version
3.1.0
apple-pay-sdk.js
applepay.cdn-apple.com/jsapi/1.latest/ 		51 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://applepay.cdn-apple.com/jsapi/1.latest/apple-pay-sdk.js
Requested by
Host: pay.cakto.com.br
URL: https://pay.cakto.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a01:b740:a02:f100::8 Amsterdam, Netherlands, ASN6185 (APPLE-AUSTIN, US),
Reverse DNS
Software
Apple /
Resource Hash
180b34f4ed0c89432f9cb57a693b8e42d42e03a86a06a85bad2b58213ed613cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pay.cakto.com.br/

Response headers

content-encoding
gzip
etag
"3cd414cd4f340f06f47ce5faffc9893d--gzip"
Age
27365
apple-originating-system
wp-content-server-prod1-use1
x-content-type-options
nosniff
CDNUUID
b7c3c233-6027-44e3-943b-1bb5c002d0c7-6143864467
X-Cache
hit-fresh, hit-fresh
Date
Fri, 27 Dec 2024 07:23:00 GMT
apple-tk
false
Content-Type
application/javascript
vary
Accept-Encoding
apple-seq
0
strict-transport-security
max-age=31536000; includeSubdomains
cache-control
max-age=300, s-maxage=86400, stale-while-revalidate=3600
x-envoy-upstream-service-time
4
Connection
keep-alive
access-control-allow-credentials
false
x-conversation-id
62e6457c-f4ee-1be8-f744-2ab2c3d24a65
access-control-allow-origin
*
Content-Length
14764
x-xss-protection
1; mode=block
Server
Apple
pay.js
pay.google.com/gp/p/js/ 		168 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/js/pay.js
Requested by
Host: pay.cakto.com.br
URL: https://pay.cakto.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
670ad7267437eeb7108ceea71c78d5c56637b13dcd4dc517135ce4248628336d
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-BY6cyR5grZf1_ds1dq-Tag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pay.cakto.com.br/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 27 Dec 2024 14:59:03 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
date
Fri, 27 Dec 2024 14:59:03 GMT
content-type
application/javascript; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
reporting-endpoints
default="/gp/p/_/InstantbuyFrontendHttp/web-reports?context=eJzjKtHikmLw0ZBiWFYqxbBkphSDxNeXTBpA7JQ-gzUIiFtvnmOdCsRzA86zhmeeZzVae57VCYiT_p1nLQJiQ4VLrI5A_CvvEqtqzyVWUyAukrjC2gTE9aFXWbdcvcq6kfUaayzvNdZZFtdYA7KusQrxcGxv3L2bTeDBh3WrmZW0k_IL4zPziksS80qSSivTivLzSlLzUopTi8pSi-KNDIxMDI0MjfQMjOMLDAD7SES_"
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-BY6cyR5grZf1_ds1dq-Tag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist
cache-control
private, max-age=600
cross-origin-opener-policy
same-origin
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'unsafe-inline' 'unsafe-eval' blob: data:;report-uri /_/InstantbuyFrontendHttp/cspreport/fine-allowlist
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
logger-1.min.js
cdn.logr-ingest.com/ 		903 KB
186 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.logr-ingest.com/logger-1.min.js
Requested by
Host: pay.cakto.com.br
URL: https://pay.cakto.com.br/assets/index-c700313a.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a8ff695d5d5eabecc2c26b3318ead068c9b3e8d209362eb8d44dc90c0e4376c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pay.cakto.com.br/

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"bd85da432296b8a2d0c48077ac2700710a6cd6221ecf5dd27fb3e7f9cd46229f-br"
age
27
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2BPySK5ayWuZi1I2EkWVRs59pqdREESvEoIijQ3xdCA%2FU8wJmo7AUbOGpkvJklidbquBHaxc01WU4TxumXV8nwiqNUo7OccnJQ5Odz%2BteY%2F6D7VP3v%2BHpp%2FO%2BQ%2BVMte2Ne8h5gWWLcbRNrer%2FZi2SFuU"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
HIT
server-timing
cfL4;desc="?proto=QUIC&rtt=21940&min_rtt=21936&rtt_var=8233&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4131&recv_bytes=4176&delivery_rate=142033&cwnd=12000&unsent_bytes=0&cid=76f72152dd0eb10c&ts=40&x=1", cfExtPri, cfHdrFlush;dur=0
date
Fri, 27 Dec 2024 14:59:04 GMT
content-type
text/javascript; charset=utf-8
last-modified
Thu, 26 Dec 2024 22:35:27 GMT
x-served-by
cache-fra-eddf8230084-FRA
x-cache-hits
1
vary
x-fh-requested-host, accept-encoding
strict-transport-security
max-age=31556926
priority
u=3,i=?0
cache-control
public, max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1735252814.219380,VS0,VE1
cross-origin-resource-policy
cross-origin
cf-ray
8f8a2c1e0f3ddcbd-FRA
access-control-allow-origin
*
server
cloudflare
main.js
pay.cakto.com.br/cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/ Frame 08E8
Redirect Chain
  • https://pay.cakto.com.br/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://pay.cakto.com.br/cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js?
9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.cakto.com.br/cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js?
Requested by
Host: pay.cakto.com.br
URL: https://pay.cakto.com.br/
Protocol
H2
Server
2606:4700:20::681a:d55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15137606204b3efff264d3fbb23e4015b965327fb9bc1e5126ac0e712caacf79
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hc0clq0l8MHZtxrCXwLNnfyUw4ZWAprkP5zcLguEzmuQqDyulW0N6G3nc4LgDhqtoZYsJl6XNlN6ygYWX5E4uFRfeS7C%2FOIGkXtNPHuZvArPCWLgQ%2BW1e5D4c%2BqyAyrGURok%2BqRjDswQqkneV2Y%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8f8a2c1e0c030482-FRA
server-timing
cfL4;desc="?proto=TCP&rtt=21219&min_rtt=20128&rtt_var=683&sent=319&recv=168&lost=0&retrans=0&sent_bytes=392534&recv_bytes=2708&delivery_rate=10902622&cwnd=453&unsent_bytes=0&cid=5f555c521a474f56&ts=332&x=0"
date
Fri, 27 Dec 2024 14:59:04 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js?
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OKS%2FlrwvqQJ7gYFSk4Lc%2BUTYbTy4B0UHkq4kJ%2BnXucyo4Dm5YKbYDF3ixdVvZWm0uGPJY67sSOhl0cHJLRGzn1gOOdOxVYbaIPJy2%2FdWGb%2BW4tgiwAJ2X5qo372ibpJm%2FPaFSK2R110YDTAfY28%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f8a2c1ddbe40482-FRA
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=21167&min_rtt=20128&rtt_var=771&sent=318&recv=167&lost=0&retrans=0&sent_bytes=391984&recv_bytes=2613&delivery_rate=10902622&cwnd=452&unsent_bytes=0&cid=5f555c521a474f56&ts=302&x=0"
content-length
0
date
Fri, 27 Dec 2024 14:59:03 GMT
vary
Accept-Encoding
server
cloudflare
payframe
pay.google.com/gp/p/ui/ Frame EAE8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fpay.cakto.com.br&mid=
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-WkjfO3QWWQfPpcTkwCl4NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pay.cakto.com.br/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-WkjfO3QWWQfPpcTkwCl4NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-security-policy-report-only
script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.EXcpQiqSfK4.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/fine-allowlist
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-site
date
Fri, 27 Dec 2024 14:59:04 GMT
expires
Fri, 27 Dec 2024 14:59:04 GMT
origin-trial
AssDE6uDpaVUq9mb8HyrCnDR4hxNa3P1PQl8E0huFRpGw4MFWswRwyuk1E68LufiBFMulCrRk3VCexIRW39eYwoAAABMeyJvcmlnaW4iOiJodHRwczovL3BheS5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5fQ==
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints
default="/gp/p/_/InstantbuyFrontendBuyflowPayframeUi/web-reports?context=eJzjKtHikmLw0ZBiWFYqxbBkphSDxNeXTBpA7JQ-gzUIiFtvnmOdCsRzA86zhmeeZzVae57VCYiT_p1nLQJiQ4VLrI5A_CvvEqtqzyVWUyAukrjC2gTE9aFXWbdcvcq6kfUaayzvNdZZFtdYA7KusQpxc-xo3L2bTeDEqaOZStpJ-YXxmXnFJYl5JUmllWlF-XklqXkpxalFZalF8UYGRiaGRoZGegbG8QUGALJYRFM"
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
0
8f8a2c1c2aa80482
pay.cakto.com.br/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 08E8 		0
1005 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pay.cakto.com.br/cdn-cgi/challenge-platform/h/b/jsd/r/8f8a2c1c2aa80482
Requested by
Host: pay.cakto.com.br
URL: https://pay.cakto.com.br/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fMib0rNVJQB3%2BplJW%2F%2B7vb7le0nMG2Dhwg3CZoFXz9yDdIZ5zrx0rNO%2FGJ2f%2BwT4JvoJlEevJiAVdcLuWnvLY1F1UeDsRFWhbtXkxE%2B1lh33oTwTGz9JcM7nNJi1%2FxL%2BI%2BGYF1usBJH3bJD%2BJOA%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f8a2c1e6c5d0482-FRA
server-timing
cfL4;desc="?proto=TCP&rtt=20960&min_rtt=20128&rtt_var=639&sent=331&recv=185&lost=0&retrans=0&sent_bytes=397282&recv_bytes=19076&delivery_rate=10902622&cwnd=459&unsent_bytes=0&cid=5f555c521a474f56&ts=426&x=0"
content-length
0
date
Fri, 27 Dec 2024 14:59:04 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
fbf40100-7fbe-4f20-8857-eef435bc0471
https://pay.cakto.com.br/ Frame 		0
0
favicon-32x32.png
pay.cakto.com.br/favicon/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pay.cakto.com.br/favicon/favicon-32x32.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed2c914ef49eb854343cce95ef95385312c5de3b0ca7fd2e720ef0ea31ee2b46

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pay.cakto.com.br/

Response headers

x-envoy-upstream-healthchecked-cluster
cf-cache-status
HIT
etag
"6df22f87471665b70e4aa01bb514dcb0"
age
55388
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dBTCjW24UypBBeWU%2Frtpm2eOFayZBzIvx2%2B4DsxCOw1cLMdsvsfOlW2EjfZEEEXmYmS8QSZKEunNTzatLsCeh3JT79ITK29F02GI6JRsqc86OtGw5G1av0hApGWdrZcHgWxVPXhkcLIc57G2l8c%3D"}],"group":"cf-nel","max_age":604800}
server-timing
cfL4;desc="?proto=TCP&rtt=26012&min_rtt=20128&rtt_var=10584&sent=332&recv=187&lost=0&retrans=0&sent_bytes=398309&recv_bytes=19782&delivery_rate=10902622&cwnd=460&unsent_bytes=0&cid=5f555c521a474f56&ts=775&x=0"
date
Fri, 27 Dec 2024 14:59:04 GMT
x-rgw-object-type
Normal
content-type
image/png
last-modified
Tue, 24 Dec 2024 14:26:30 GMT
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
public, max-age=14400, s-maxage=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-do-app-origin
d4c13152-f7eb-4308-bc0c-2f94f5e97058
x-amz-request-id
tx000009226404151f278e3-00676acac0-2032db68-nyc3d
x-do-static-catchall-document
index.html
accept-ranges
bytes
content-length
1444
cf-ray
8f8a2c20be210482-FRA
server
cloudflare
x-do-orig-status
200
light_square_gpay.svg
www.gstatic.com/instantbuy/svg/ 		2 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/instantbuy/svg/light_square_gpay.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c76f766ed128ff1c05cbab4f53e470751b475152992a770d42273047bc1708c5
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/instantbuy-eng
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pay.cakto.com.br/

Response headers

content-encoding
br
age
6222
report-to
{"group":"instantbuy-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/instantbuy-eng"}]}
x-content-type-options
nosniff
expires
Sat, 27 Dec 2025 13:15:22 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 27 Dec 2024 13:15:22 GMT
last-modified
Fri, 03 Mar 2023 17:58:00 GMT
content-type
image/svg+xml
vary
Accept-Encoding
content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/instantbuy-eng
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin; report-to="instantbuy-eng"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
894
x-xss-protection
0
server
sffe
i
r.logr-ingest.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://r.logr-ingest.com/i?a=a6fhgj%2Fcheckout&r=5-76979629-2a67-4cf5-8174-0f32dc8637e5&t=cfbd9470-cbb0-49c7-a282-837ee395b091&s=0&u=422bbbd9-42a5-4b67-b0e9-f01d49c43e47&is=1&rs=0%2Cu
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.23.205 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
205.23.198.104.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-logrocket-relay-version
Access-Control-Request-Method
POST
Origin
https://pay.cakto.com.br
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,X-Csrftoken,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,X-Logrocket-Url,X-Logrocket-Ignore,X-Logrocket-Secret,X-LogRocket-Relay-Version
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
content-length
0
date
Fri, 27 Dec 2024 14:59:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains
i
r.logr-ingest.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
pay.cakto.com.br
URL
blob:https://pay.cakto.com.br/fbf40100-7fbe-4f20-8857-eef435bc0471
Domain
r.logr-ingest.com
URL
https://r.logr-ingest.com/i?a=a6fhgj%2Fcheckout&r=5-76979629-2a67-4cf5-8174-0f32dc8637e5&t=cfbd9470-cbb0-49c7-a282-837ee395b091&s=0&u=422bbbd9-42a5-4b67-b0e9-f01d49c43e47&is=1&rs=0%2Cu

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 string| KwaiAnalyticsObject object| kwaiq object| install object| EfiJs function| ApplePaySession object| ApplePayWebOptions function| ApplePayError function| _lrMutationObserver function| _lr_surl_cb object| __SDKCONFIG__ object| ApplePaySDK function| _lrXMLHttpRequest object| denylistedDomainsHashedValueListForGpayButtonWithCardInfo object| whitelistedDomainsHashedValueListForGpayButtonWithCardInfo object| denylistedMerchentIdsHashedValueListForGpayButtonWithCardInfo object| denylistedMerchantIdsHashedValueListForGpayButtonVariant object| allowlistedMerchantDomainsForBnplDynamicButton object| allowlistedMerchantDomainsForRlmiaDynamicButton object| allowlistedMerchantDomainsForPopupModeLoadingScreen string| dynamicGpayButtonVariant object| google object| regeneratorRuntime function| _LRLogger boolean| _lr_loaded

5 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 520=XVUIgK444SJ0TyDuCKcXlWHcq5b__97E67YHWVh-cikP12gMupBsDKbS7laovB5xTHy4duCddnVES1fDaU6LuKdckdO0WTAL_aQSyhLBa2peTPG5eFcOolHvpvXQn699eefTqEq_l1idjB96OgbKwy3wLK1xg34EK1ErbMrSI7tG_fk
.cakto.com.br/ Name: cf_clearance
Value: zjM6Ljsqi0eQ1R6Qe7NXUCRLWhxbWz3KI3Wjo09O6FI-1735311544-1.2.1.1-c5MWSl5.zdXDnb2DXfCcIe4wKXq8RP11sCjlHIW959SThmup9mWY9Ui..wWDpamgLfMFAoHMT4UOCYfqk1d0pc6ZP9z9mhjn63J8jIb47R2IHYhEyPyJsOdOhWAsuhnOC8XiuYFOl3AYBF9L3br3P4zaF86_vfyRJXMzysUEvUlHTFbvaozEHsONItnXKi7oJKayl9HySHijL0CDZIfCiugEks4PDpfF0hHnuQP1gR58acrR4PCZeRlLpkH24znCwXhshbBY9AtWFqAvcSrjub.snLdpVO1lOO.OeyXvq_9d9XziG5MKNux8jNfAm7cDqYlG6YlZndyvPuyM4_b9e7EQGhtOxVaZQ4wwMtUKNpJRIrp.b0On5EetR_0bwo4o
pay.cakto.com.br/ Name: _lr_tabs_-a6fhgj%2Fcheckout
Value: {%22recordingID%22:%225-76979629-2a67-4cf5-8174-0f32dc8637e5%22%2C%22sessionID%22:0%2C%22lastActivity%22:1735311544145%2C%22hasActivity%22:false}
pay.cakto.com.br/ Name: _lr_hb_-a6fhgj%2Fcheckout
Value: {%22heartbeat%22:1735311544145}
pay.cakto.com.br/ Name: _lr_uf_-a6fhgj
Value: 873d660f-861b-4bd2-9a2e-76bdbbbe9859

4 Console Messages

Source Level URL
Text
other warning URL: https://pay.cakto.com.br/
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://pay.cakto.com.br/
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".
other warning URL: https://pay.cakto.com.br/
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://pay.cakto.com.br/
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".