card.pay.nl Open in urlscan Pro
37.46.136.7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Submission: On June 10 via manual (June 10th 2024, 9:04:56 am UTC) from BE — Scanned from NL

Summary HTTP 17 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 37.46.136.7, located in Netherlands and belongs to CYSO-AS, NL. The main domain is card.pay.nl.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on August 9th 2023. Valid for: a year.

This is the only time card.pay.nl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	37.46.136.7 37.46.136.7	25151 (CYSO-AS) (CYSO-AS)
2	37.46.137.149 37.46.137.149	25151 (CYSO-AS) (CYSO-AS)
17	3

15 37.46.136.7 (Netherlands)

ASN25151 (CYSO-AS, NL)
PTR: free.cyso.net

card.pay.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.46.137.149 (Netherlands)

ASN25151 (CYSO-AS, NL)
PTR: static.pay.nl

static.pay.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	pay.nl card.pay.nl static.pay.nl — Cisco Umbrella Rank: 870364	111 KB
17	1

	Domain	Requested by
15	card.pay.nl	card.pay.nl
2	static.pay.nl	card.pay.nl
17	2

This site contains links to these domains. Also see Links.

Domain
www.pay.nl
pay.nl

Subject Issuer	Validity	Valid
*.pay.nl Sectigo RSA Organization Validation Secure Server CA	`2023-08-09` - `2024-08-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Frame ID: DDB862ADAFCEAAFF018130FA94CDC03E
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Betalen met Bancontact, maakt betalen makkelijk

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

1
Countries

111 kB
Transfer

214 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.pay.nl/privacybeleid
Title: Privacy statement

Search URL Search Domain Scan URL

URL: https://www.pay.nl/betaalmethoden/internetbankieren/bancontact
Title: Wat is Bancontact?

Search URL Search Domain Scan URL

URL: https://www.pay.nl/betaald_via_stichting_pay.nl
Title: Betaald via PAY.nl

Search URL Search Domain Scan URL

URL: https://pay.nl/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/ 41 KB
11 KB 263ms
175ms Document
text/html 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

7f2adfea8cef579788c044e13057e77144a80b4acfeacbec80047cf04ca7c75e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
Connection: close
Content-Encoding: gzip
Content-Length: 10596
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Content-Type: text/html; charset=UTF-8
Date: Mon, 10 Jun 2024 09:04:50 GMT
Expires: Mon, 26 Jul 1990 05:00:00 GMT
Last-Modified: Mon, 10 Jun 2024 09:04:50 GMT
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=300; includeSubDomains; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK base.css
card.pay.nl/style/ 12 KB
3 KB 94ms
26ms Stylesheet
text/css 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://card.pay.nl/style/base.css?version=v44

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

4d32059457c232d6c09376120d3ac7f9aa52906c453697f4a79f5045737ed8fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
ETag: "2e56-617efca1106c0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 2584

GET
H/1.1 200
OK mistercash.css
card.pay.nl/style/mistercash/ 6 KB
2 KB 94ms
27ms Stylesheet
text/css 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://card.pay.nl/style/mistercash/mistercash.css?version=v44

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

692786511e8878bf2c540e76e939af7d987b65c1d8c32a6c7c5686416bda4169

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
ETag: "1735-617efca1106c0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 1523

GET
H/1.1 200
OK jquery-3.3.1.min.js Show response
card.pay.nl/script/ 85 KB
31 KB 96ms
26ms Script
application/javascript 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://card.pay.nl/script/jquery-3.3.1.min.js?version=v44

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
ETag: "1538f-617efca1106c0-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 30307

GET
H/1.1 200
OK base.js Show response
card.pay.nl/script/ 13 KB
4 KB 94ms
25ms Script
application/javascript 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://card.pay.nl/script/base.js?version=v44

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

dd85a815c08ab37def983ba04868010bfb33b69db43cfc74b35eabf1f62c03f1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
ETag: "321e-617efca1106c0-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 2698

GET
H/1.1 200
OK mistercash.js Show response
card.pay.nl/script/mistercash/ 1 KB
1 KB 113ms
43ms Script
application/javascript 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://card.pay.nl/script/mistercash/mistercash.js?version=v44

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

e80da44939720df3fe5437c65018b25eb905d5e4d8150b10a6abe46352540bc8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
ETag: "5ed-617efca1106c0-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 411

GET
H/1.1 200
OK option_down.png
card.pay.nl/images/ 3 KB
4 KB 114ms
44ms Image
image/png 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://card.pay.nl/images/option_down.png

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

9dfe069208bd9cccc0dc3881c8f647bdb5e8aaba87ea85262c011cc2407dde35

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
ETag: "b76-617efca1106c0"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 2934

GET
H/1.1 200
OK paynl-footer-behind-white-100.png
static.pay.nl/images/ 15 KB
15 KB 129ms
52ms Image
image/png 37.46.137.149
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.pay.nl/images/paynl-footer-behind-white-100.png
Requested by: Host: card.pay.nl
URL: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 37.46.137.149 , Netherlands, ASN25151 (CYSO-AS, NL),
Reverse DNS: static.pay.nl
Software: Apache /
Resource Hash: 60614bb01e883aa17f1ee2858a1bfdd0040bd4cefb2a43c926d343fac2568a59

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Last-Modified: Wed, 07 Sep 2022 08:33:47 GMT
Server: Apache
ETag: "3b6c-5e8122bf0cdbb"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 15212

GET
H/1.1 200
OK base.mobile.css
card.pay.nl/style/ 6 KB
2 KB 146ms
30ms Stylesheet
text/css 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://card.pay.nl/style/base.mobile.css?version=v44

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

e5c8040f823368d8562fe6cf62a2bd47a4612a04243dd2475a1b2a5cd754d49e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
ETag: "178c-617efca1106c0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 1454

GET
H/1.1 200
OK mistercash.mobile.css
card.pay.nl/style/mistercash/ 2 KB
2 KB 221ms
28ms Stylesheet
text/css 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://card.pay.nl/style/mistercash/mistercash.mobile.css?version=v44

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

c6a244237a575124ab2b1670086ece85e5aa96ecc89cc229e2990ab9c1414e92

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
ETag: "83b-617efca1106c0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: close
Accept-Ranges: bytes
Content-Length: 716

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1228ee9d3c63aaa2e597ed4fc8550be8a379235979c40366cb198885eaf004b7

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK bancontact_logo.png
static.pay.nl/images/ 9 KB
9 KB 117ms
34ms Image
image/png 37.46.137.149
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.pay.nl/images/bancontact_logo.png
Requested by: Host: card.pay.nl
URL: https://card.pay.nl/style/mistercash/mistercash.css?version=v44
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 37.46.137.149 , Netherlands, ASN25151 (CYSO-AS, NL),
Reverse DNS: static.pay.nl
Software: Apache /
Resource Hash: 60f51c1bb50271c69f114a9e12ab61574b18b0a4727863e8afd1d4155396f173

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Last-Modified: Wed, 10 Feb 2021 13:20:49 GMT
Server: Apache
ETag: "24cc-5bafb45809dc9"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 9420

GET
H/1.1 200
OK flags_smaller.png
card.pay.nl/images/flags_sized/ 19 KB
19 KB 115ms
33ms Image
image/png 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://card.pay.nl/images/flags_sized/flags_smaller.png

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/style/base.css?version=v44

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

aff89bdb6b265162046789bf4d765f7de9dc0e06b891781f06d112b386b3187d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/style/base.css?version=v44
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
ETag: "4a1e-617efca1106c0"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 18974

GET
H/1.1 200
OK mc-bullet.png
card.pay.nl/images/mistercash/ 173 B
1 KB 101ms
19ms Image
image/png 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://card.pay.nl/images/mistercash/mc-bullet.png

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/style/mistercash/mistercash.css?version=v44

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

c0d73ee666c0e306d48866edb9751ee5267c80d4ab92854bd99001fb38c1cee0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/style/mistercash/mistercash.css?version=v44
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
ETag: "ad-617efca1106c0"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 173

GET
H/1.1 200
OK mc-bullet2.png
card.pay.nl/images/mistercash/ 288 B
1 KB 115ms
28ms Image
image/png 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://card.pay.nl/images/mistercash/mc-bullet2.png

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/style/mistercash/mistercash.css?version=v44

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

7593e59f9d4814fb8ebc1a50068b20d532417491f9835808e23626e8ca57e140

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/style/mistercash/mistercash.css?version=v44
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
ETag: "120-617efca1106c0"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 288

GET
H/1.1 200
OK mc-button-start.png
card.pay.nl/images/mistercash/ 231 B
1 KB 114ms
30ms Image
image/png 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://card.pay.nl/images/mistercash/mc-button-start.png

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/style/mistercash/mistercash.css?version=v44

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

380a7c67491f1505097d5acb3326a5b6a633f32a6cbe15d45bd1bfb907126df5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/style/mistercash/mistercash.css?version=v44
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
ETag: "e7-617efca1106c0"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 231

GET
H/1.1 200
OK mc-button-cancel.png
card.pay.nl/images/mistercash/ 242 B
1 KB 92ms
19ms Image
image/png 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://card.pay.nl/images/mistercash/mc-button-cancel.png

Requested by

Host: card.pay.nl
URL: https://card.pay.nl/style/mistercash/mistercash.css?version=v44

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

b1ea71dc52673d71125646c6c17896976a17ea0ad9ec2fc28e06869df1717995

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/style/mistercash/mistercash.css?version=v44
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
ETag: "f2-617efca1106c0"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 242

GET
H/1.1 200
OK favicon.ico
card.pay.nl/ 1 KB
2 KB 97ms
35ms Other
image/vnd.microsoft.icon 37.46.136.7
CYSO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://card.pay.nl/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.46.136.7 , Netherlands, ASN25151 (CYSO-AS, NL),

Reverse DNS

free.cyso.net

Software

Apache /

Resource Hash

82767f1939f0c211f77ddb41af2d29d45639b1ff053d2f4628dedaa4a089349c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://card.pay.nl/start/2486941191X5e95f/23b5f558e326d5f7/NL/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 10 Jun 2024 09:04:51 GMT
Strict-Transport-Security: max-age=300; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Last-Modified: Wed, 08 May 2024 11:41:55 GMT
Server: Apache
ETag: "47e-617efca1106c0"
Content-Type: image/vnd.microsoft.icon
Connection: close
Accept-Ranges: bytes
Content-Length: 1150

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none' ; script-src data: 'unsafe-inline' 'unsafe-eval' pay.google.com google.com apple.pay.nl js-agent.newrelic.com bam.nr-data.net 'self' ; style-src 'self' 'unsafe-inline' static.pay.nl fonts.googleapis.com; img-src 'self' www.gstatic.com static.pay.nl data: ; font-src 'self' fonts.gstatic.com ; connect-src apple.pay.nl pay.google.com google.com bam.nr-data.net 'self' ; media-src 'self' ; object-src 'none' ; frame-src pay.google.com google.com * ; child-src 'self' ; form-action * ; upgrade-insecure-requests;
Strict-Transport-Security	max-age=300; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

card.pay.nl
static.pay.nl
37.46.136.7
37.46.137.149
1228ee9d3c63aaa2e597ed4fc8550be8a379235979c40366cb198885eaf004b7
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
380a7c67491f1505097d5acb3326a5b6a633f32a6cbe15d45bd1bfb907126df5
4d32059457c232d6c09376120d3ac7f9aa52906c453697f4a79f5045737ed8fb
60614bb01e883aa17f1ee2858a1bfdd0040bd4cefb2a43c926d343fac2568a59
60f51c1bb50271c69f114a9e12ab61574b18b0a4727863e8afd1d4155396f173
692786511e8878bf2c540e76e939af7d987b65c1d8c32a6c7c5686416bda4169
7593e59f9d4814fb8ebc1a50068b20d532417491f9835808e23626e8ca57e140
7f2adfea8cef579788c044e13057e77144a80b4acfeacbec80047cf04ca7c75e
82767f1939f0c211f77ddb41af2d29d45639b1ff053d2f4628dedaa4a089349c
9dfe069208bd9cccc0dc3881c8f647bdb5e8aaba87ea85262c011cc2407dde35
aff89bdb6b265162046789bf4d765f7de9dc0e06b891781f06d112b386b3187d
b1ea71dc52673d71125646c6c17896976a17ea0ad9ec2fc28e06869df1717995
c0d73ee666c0e306d48866edb9751ee5267c80d4ab92854bd99001fb38c1cee0
c6a244237a575124ab2b1670086ece85e5aa96ecc89cc229e2990ab9c1414e92
dd85a815c08ab37def983ba04868010bfb33b69db43cfc74b35eabf1f62c03f1
e5c8040f823368d8562fe6cf62a2bd47a4612a04243dd2475a1b2a5cd754d49e
e80da44939720df3fe5437c65018b25eb905d5e4d8150b10a6abe46352540bc8

card.pay.nl Open in urlscan Pro 37.46.136.7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

3 IPs

1 Countries

111 kBTransfer

214 kBSize

0 Cookies

4 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

card.pay.nl Open in urlscan Pro
37.46.136.7 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

1
Countries

111 kB
Transfer

214 kB
Size

0
Cookies

17 HTTP transactions
1 data transactions