urlscan.io logo urlscan.io
SecurityTrails logo

connectandpay.com Open in urlscan Pro
13.224.189.128  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://connectandpay.app.link/
Effective URL: https://connectandpay.com/
Submission: On February 14 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 1 countries across 7 domains to perform 25 HTTP transactions. The main IP is 13.224.189.128, located in United States and belongs to AMAZON-02, US. The main domain is connectandpay.com.
TLS certificate: Issued by Amazon on June 28th 2022. Valid for: a year.
This is the only time connectandpay.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2600:9000:20e... 16509 (AMAZON-02)
1 1 2600:9000:20e... 16509 (AMAZON-02)
4 13.224.189.128 16509 (AMAZON-02)
5 151.101.192.176 54113 (FASTLY)
1 13.225.82.234 16509 (AMAZON-02)
3 2606:4700::68... 13335 (CLOUDFLAR...)
8 54.213.152.180 16509 (AMAZON-02)
3 54.187.119.242 16509 (AMAZON-02)
1 52.26.242.165 16509 (AMAZON-02)
25 7
1    2600:9000:20eb:b800:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)
connectandpay.app.link
1    2600:9000:20eb:3a00:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)
connectandpay.app.link
4    13.224.189.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-128.fra2.r.cloudfront.net
connectandpay.com
5    151.101.192.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
m.stripe.network
1    13.225.82.234 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-82-234.fra2.r.cloudfront.net
cdn.auth0.com
3    2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
8    54.213.152.180 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-213-152-180.us-west-2.compute.amazonaws.com
tally.prod.readytouchpos.com
3    54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com
q.stripe.com
1    52.26.242.165 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-26-242-165.us-west-2.compute.amazonaws.com
m.stripe.com
Apex Domain
Subdomains		 Transfer
8 readytouchpos.com
tally.prod.readytouchpos.com — Cisco Umbrella Rank: 338098
2 KB
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1255
q.stripe.com — Cisco Umbrella Rank: 8027
m.stripe.com — Cisco Umbrella Rank: 1235
121 KB
4 connectandpay.com
connectandpay.com
2 MB
3 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 3469
onesignal.com — Cisco Umbrella Rank: 1259
73 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1317
17 KB
2 app.link
connectandpay.app.link
1 KB
1 auth0.com
cdn.auth0.com — Cisco Umbrella Rank: 8419
32 KB
25 7
Domain Requested by
8 tally.prod.readytouchpos.com connectandpay.com
4 connectandpay.com connectandpay.com
3 q.stripe.com connectandpay.com
3 js.stripe.com connectandpay.com
js.stripe.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 cdn.onesignal.com connectandpay.com
cdn.onesignal.com
2 connectandpay.app.link 2 redirects
1 m.stripe.com m.stripe.network
1 onesignal.com cdn.onesignal.com
1 cdn.auth0.com connectandpay.com
25 10

This site contains no links.

Subject Issuer Validity Valid
connectandpay.com
Amazon		 2022-06-28 -
2023-07-27		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2023-02-06 -
2023-05-13		 3 months crt.sh
*.auth0.com
Amazon		 2022-03-26 -
2023-04-24		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-03 -
2023-06-02		 a year crt.sh
tally.prod.readytouchpos.com
Go Daddy Secure Certificate Authority - G2		 2022-05-06 -
2023-06-07		 a year crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-14 -
2023-06-13		 4 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-01-08 -
2023-04-08		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://connectandpay.com/
Frame ID: 83E023C368D814C51D697B63DC56A97A
Requests: 13 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Frame ID: DA2BD653284754DC4020A13FF62E3294
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 5EF12A0C8A2EAD728BF7BA39AC0154CB
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Connect & Pay

Page URL History Show full URLs

  1. http://connectandpay.app.link/ HTTP 307
    https://connectandpay.app.link/ HTTP 307
    https://connectandpay.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com

Page Statistics

25
Requests

100 %
HTTPS

33 %
IPv6

7
Domains

10
Subdomains

7
IPs

1
Countries

2336 kB
Transfer

9111 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://connectandpay.app.link/ HTTP 307
    https://connectandpay.app.link/ HTTP 307
    https://connectandpay.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
connectandpay.com/
Redirect Chain
  • http://connectandpay.app.link/
  • https://connectandpay.app.link/
  • https://connectandpay.com/
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-128.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1056eec01b5b1961a99131270650690eeed1bb38e305f36b65c3122ae5382678
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
60220
content-encoding
gzip
content-type
text/html
date
Tue, 14 Feb 2023 05:15:01 GMT
etag
W/"6265cdc97197cc0889118d9d69a84722"
last-modified
Tue, 07 Feb 2023 22:09:28 GMT
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-cf-id
DVagCLSXrCsCcUICVhNzKUReXmUlFb9CHkm7tLBoNBwsvK0msqsIwQ==
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
_hnFFmqpvmIJnxe6lJu0U63RJZJI8hC0
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

date
Tue, 14 Feb 2023 21:58:41 GMT
last-modified
Tue, 14 Feb 2023 21:58:41 GMT
location
https://connectandpay.com/
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-id
ZlkIRGUZM0gM0TfnQQAuWp8TnBUGrx6PYcK_7ZiMBex2yrhvxwWpvA==
x-amz-cf-pop
FRA2-C1
x-cache
Miss from cloudfront
/
js.stripe.com/v3/ 		437 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
e861595fa7024f9db1f207582d5d79149e244e4118e7c71975a6c816e9dd5922
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Tue, 14 Feb 2023 21:58:41 GMT
via
1.1 varnish
age
19
x-cache
HIT
content-length
119839
x-request-id
6caeedc8-e07f-4193-8923-23989c0854e5
x-served-by
cache-hhn-etou8220051-HHN
last-modified
Tue, 14 Feb 2023 21:54:56 GMT
server
Fastly
etag
"c581f2125aefc6abf71e57ed1ac7411d"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
18
auth0-spa-js.production.js
cdn.auth0.com/js/auth0-spa-js/1.20/ 		93 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.auth0.com/js/auth0-spa-js/1.20/auth0-spa-js.production.js
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.82.234 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-82-234.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ebf5fe084506fa53aecb68bc4d315b1e1b149b56a0465d7bc7e584ca9711c6dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:33:08 GMT
x-amz-version-id
EitoVroJxedCjH__cInQE2mReOija6xB
content-encoding
gzip
last-modified
Mon, 07 Mar 2022 15:49:53 GMT
server
AmazonS3
via
1.1 e1e056e45a0f8d6bc22b223900511170.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
etag
W/"6f0671d3b94dacd6fb2f941d42e2e623"
age
1534
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=10800,public
x-amz-replication-status
FAILED
x-amz-cf-id
cWXDRRDPTB4tqULcUYL2pDOcL_lCJrXYVvUt3RoPsoNuZ_cdrNXuUQ==
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d12c6745eca14e06d4dea70f4c2bd875769b349770d04300477ab18d0db005d4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:58:41 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
1896
etag
W/"ae63ef8ff03da61fffaa7f165729897a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7999110ddd4b92a2-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Fri, 17 Feb 2023 21:58:41 GMT
runtime~app.27401809.js
connectandpay.com/static/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connectandpay.com/static/js/runtime~app.27401809.js
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-128.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7656bc3ccebd611041f9484fd00713447fbad96682d02882c2737830adcd4b2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://connectandpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-amz-version-id
QltEcG.ilZ8T2p3fi_VTSXCUjJIt2n37
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
date
Tue, 14 Feb 2023 21:58:41 GMT
content-encoding
gzip
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
24148
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 07 Feb 2023 22:09:46 GMT
server
AmazonS3
etag
W/"43ad0db632a6bc3cc97c8a7ef39ca56c"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
x-amz-cf-id
lbeD3oIqYO2lOABCii0zy_G-RHtRDDmdW8kiBynDD6px36X09g9qOQ==
2.93012ae5.chunk.js
connectandpay.com/static/js/ 		6 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://connectandpay.com/static/js/2.93012ae5.chunk.js
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-128.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3fe1a865b4632fa7c345fec2c9ce2685a326ba1f0c3c967a79c747b1c6742e3b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://connectandpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 05:15:02 GMT
x-amz-version-id
EDVjfRwVMUqpIpKsbpOinJg2fzV8LltJ
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
60220
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 07 Feb 2023 22:09:39 GMT
server
AmazonS3
etag
W/"cd68c981364feb963de27c2671b729ec-2"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
x-amz-cf-id
AXikO9lF02KiIAJobuqF20SPgmU14n-qqUs1_6V2qFwlawVtSrPw3A==
app.52c75b07.chunk.js
connectandpay.com/static/js/ 		2 MB
505 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connectandpay.com/static/js/app.52c75b07.chunk.js
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-128.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
670d968f115ce70407b803d545bf4e09d511bc96d2054d580013764a2ceed5e4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://connectandpay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 02:19:49 GMT
x-amz-version-id
aIvcHK8ws_qhV1gkooQuMlD_dfpuYQTQ
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
via
1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
age
70732
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 07 Feb 2023 22:09:43 GMT
server
AmazonS3
etag
W/"4d44c0d3de727cf5573326e49f7dac91"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
x-amz-cf-id
R-smSayJWVsuWUaIHAAg4P5YMCaF8tfSH9G0Iu8ZAo73TlcbywCsOA==
register
tally.prod.readytouchpos.com/tallyapi/auth/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/register
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.213.152.180 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-152-180.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://connectandpay.com
date
Tue, 14 Feb 2023 21:58:42 GMT
server-timing
intid;desc=227e3de8cafc593a
x-powered-by
Express
x-request-id
153834a1-8595-42e2-b489-c61e9ecfb839
register
tally.prod.readytouchpos.com/tallyapi/auth/ 		91 B
470 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/register
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/static/js/2.93012ae5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.213.152.180 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-152-180.us-west-2.compute.amazonaws.com
Software
Jetty(9.3.5.v20151012) / Express
Resource Hash
e4547ae1028ecd75782e300883b3592e9f9bae8475577dd66bd66b316b0ad328

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 14 Feb 2023 21:58:42 GMT
server
Jetty(9.3.5.v20151012)
x-powered-by
Express
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json
access-control-allow-origin
https://connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=b44f907a0608a39e
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
91
x-request-id
40cb484c-9f5e-435c-a674-abed052f0831
m-outer-93afeeb17bc37e711759584dbfc50d47.html
js.stripe.com/v3/ Frame DA2B 		200 B
810 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
5946818
cache-control
max-age=31536000
content-encoding
br
content-length
122
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Tue, 14 Feb 2023 21:58:42 GMT
etag
"93afeeb17bc37e711759584dbfc50d47"
last-modified
Wed, 07 Dec 2022 23:30:12 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
1382591
x-content-type-options
nosniff
x-request-id
70b1db06-b41d-44ff-9f92-60cb869d5ae3
x-served-by
cache-hhn-etou8220051-HHN
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ 		283 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
843114448aaeeda7e8caa0cf76d61e0c63b8bffccd34517483363fdb15cdc80c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:58:42 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
1894
etag
W/"2f96824aee4bf927e734cc519e3e726d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
79991111cff092a2-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Fri, 17 Feb 2023 21:58:42 GMT
csp-report
q.stripe.com/ Frame DA2B 		0
601 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 14 Feb 2023 21:58:42 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
0
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame DA2B 		0
600 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 14 Feb 2023 21:58:42 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
m-outer-8cb24ab2d649fd36a488d04d8c457933.js
js.stripe.com/v3/fingerprinted/js/ Frame DA2B 		631 B
468 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Tue, 14 Feb 2023 21:58:42 GMT
via
1.1 varnish
age
5946817
x-cache
HIT
content-length
332
x-request-id
ddf9e96d-22ee-4636-a75d-84da7d555c24
x-served-by
cache-hhn-etou8220051-HHN
last-modified
Wed, 07 Dec 2022 23:30:11 GMT
server
Fastly
etag
"f8f6a4584135f737b26927596ce6e0a7"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
1221029
inner.html
m.stripe.network/ Frame 5EF1 		930 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
117
cache-control
max-age=300, public
content-encoding
gzip
content-length
527
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Tue, 14 Feb 2023 21:58:42 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 varnish
x-cache
HIT
x-cache-hits
104
x-content-type-options
nosniff
x-request-id
a4615e48-aaa3-45a9-9cd1-3742cfca276a
x-served-by
cache-hhn-etou8220051-HHN
x-timer
S1676411922.273673,VS0,VE0
web
onesignal.com/api/v1/sync/979fc659-8f8a-42cc-b678-3ccf69ff9aa9/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/979fc659-8f8a-42cc-b678-3ccf69ff9aa9/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25600333eb8f125f1ea177856a61124267d823a890b25f57da0727763e4351c5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 21:58:42 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
EXPIRED
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
b9c6e153-17c1-4630-af64-3c34748f3dc5
x-runtime
0.022848
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"25600333eb8f125f1ea177856a611242"
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
79991112583892a2-FRA
access-control-allow-headers
SDK-Version
expires
Tue, 14 Feb 2023 22:58:42 GMT
csp-report
q.stripe.com/ Frame 5EF1 		0
374 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type
application/csp-report

Response headers

x-stripe-bg-intended-route-color
green
pragma
no-cache
date
Tue, 14 Feb 2023 21:58:42 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
server
nginx
cross-origin-opener-policy
same-origin
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
x-robots-tag
none
content-length
0
expires
0
out-4.5.42.js
m.stripe.network/ Frame 5EF1 		86 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.42.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Tue, 14 Feb 2023 21:58:42 GMT
x-content-type-options
nosniff
content-encoding
gzip
via
1.1 varnish
age
130
x-cache
HIT
content-length
16031
x-request-id
ac2d9319-a0f6-44af-b681-52070f8b6c69
x-served-by
cache-hhn-etou8220051-HHN
server
Fastly
x-timer
S1676411922.304398,VS0,VE0
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
accept-ranges
bytes
x-cache-hits
112
6
m.stripe.com/ Frame 5EF1 		156 B
553 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.242.165 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-242-165.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
f50cb7514a029c588a8ba5abacbfb1a92b61645bd3a8b1e4c1508a6828fd9826
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
green
date
Tue, 14 Feb 2023 21:58:42 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
server
nginx
content-type
application/json;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
login
tally.prod.readytouchpos.com/tallyapi/auth/ 		279 B
679 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/login
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/static/js/2.93012ae5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.213.152.180 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-152-180.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash
382c857a9d0d8860db696fb41bfd9ab467712f9e8d4f778ab37a780752f71546

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 14 Feb 2023 21:58:43 GMT
x-powered-by
Express
etag
W/"117-TK9OmXq95bz8GpWH45Axcfs9q1U"
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json; charset=utf-8
access-control-allow-origin
https://connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=274f90bfc12dd270
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
279
x-request-id
e1e1c30a-c928-46ae-909a-ef5d8a8d1317
login
tally.prod.readytouchpos.com/tallyapi/auth/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.213.152.180 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-152-180.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://connectandpay.com
date
Tue, 14 Feb 2023 21:58:43 GMT
server-timing
intid;desc=5a6819062c71e74a
x-powered-by
Express
x-request-id
69139951-fa98-4498-afca-0051fb69b2e7
privacyversion
tally.prod.readytouchpos.com/gmaapi/gma/ 		64 B
445 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/gma/privacyversion?id=
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/static/js/2.93012ae5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.213.152.180 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-152-180.us-west-2.compute.amazonaws.com
Software
Jetty(9.2.30.v20200428) / Express
Resource Hash
f67ddaafea12de1f989121f23bbd4900361f4963dabb8bd1dde0699b76b861dc

Request headers

Referer
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlrZXkiOiI1Yzk3ZjljNjg1YzUyZjQ5MTgyY2MzZjgyYTI2OTY3ZCIsInJvbGVzIjpbIjM2NXBheSJdLCJpYXQiOjE2NzY0MTE5MjMsImV4cCI6MTY3NjQxOTEyMywic3ViIjoiNWM5N2Y5YzY4NWM1MmY0OTE4MmNjM2Y4MmEyNjk2N2QifQ.iz8GPLSTdAYIHiiEjQIXPyKWZe8TIWX21544k9QEUdw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 14 Feb 2023 21:58:43 GMT
server
Jetty(9.2.30.v20200428)
x-powered-by
Express
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json
access-control-allow-origin
https://connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=a69e92ccbde32f07
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
64
x-request-id
8512d7df-ef58-497f-8a99-b61b5fe7eb75
privacyversion
tally.prod.readytouchpos.com/gmaapi/gma/ 		64 B
444 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/gma/privacyversion?id=
Requested by
Host: connectandpay.com
URL: https://connectandpay.com/static/js/2.93012ae5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.213.152.180 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-152-180.us-west-2.compute.amazonaws.com
Software
Jetty(9.2.30.v20200428) / Express
Resource Hash
f67ddaafea12de1f989121f23bbd4900361f4963dabb8bd1dde0699b76b861dc

Request headers

Referer
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlrZXkiOiI1Yzk3ZjljNjg1YzUyZjQ5MTgyY2MzZjgyYTI2OTY3ZCIsInJvbGVzIjpbIjM2NXBheSJdLCJpYXQiOjE2NzY0MTE5MjMsImV4cCI6MTY3NjQxOTEyMywic3ViIjoiNWM5N2Y5YzY4NWM1MmY0OTE4MmNjM2Y4MmEyNjk2N2QifQ.iz8GPLSTdAYIHiiEjQIXPyKWZe8TIWX21544k9QEUdw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 14 Feb 2023 21:58:43 GMT
server
Jetty(9.2.30.v20200428)
x-powered-by
Express
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json
access-control-allow-origin
https://connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=2d63a2abaad7e6b4
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
64
x-request-id
20d2977a-deb4-4dbc-87ec-4cde58cbd144
privacyversion
tally.prod.readytouchpos.com/gmaapi/gma/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/gma/privacyversion?id=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.213.152.180 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-152-180.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
GET
Origin
https://connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://connectandpay.com
date
Tue, 14 Feb 2023 21:58:43 GMT
server-timing
intid;desc=7c123fe4cda35712
x-powered-by
Express
x-request-id
3f992462-6035-463f-b995-3a0dd74f0c7c
privacyversion
tally.prod.readytouchpos.com/gmaapi/gma/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/gma/privacyversion?id=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.213.152.180 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-152-180.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
GET
Origin
https://connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://connectandpay.com
date
Tue, 14 Feb 2023 21:58:43 GMT
server-timing
intid;desc=1d76192b0e14beac
x-powered-by
Express
x-request-id
4023b173-4fd5-4374-831e-9521b9d32f6d

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| oncontentvisibilityautostatechange object| webpackChunkStripeJSouter function| noop function| Stripe function| createAuth0Client function| Auth0Client object| webpackJsonp function| setImmediate function| clearImmediate object| regeneratorRuntime function| _ object| __dynProto$Gbl object| AWS function| Buffer function| Alert7 function| OneSignal object| REACT_NAVIGATION_DEVTOOLS object| __react_navigation__elements_contexts boolean| __reactResponderSystemActive number| __oneSignalSdkLoadCount function| __jp0

6 Cookies

Domain/Path Name / Value
.app.link/ Name: _s
Value: RecfMohR9HGa71af3t90EidHSNv2wNpFz0hyl%2BxgSJ1yGUkyDykOfED2a%2BeKmoyS
connectandpay.com/ Name: ai_user
Value: Et6D/QxGQB2PmY/8jPu62y|2023-02-14T21:58:41.759Z
connectandpay.com/ Name: ai_session
Value: l7x5UhwKZ73VazxY43nVBo|1676411922069|1676411922069
m.stripe.com/ Name: m
Value: 43d4912e-785b-41a0-9a7f-841fc15ca36946c2bc
.connectandpay.com/ Name: __stripe_mid
Value: 561046ce-f72e-46b0-ab9c-504f644a31a59232c7
.connectandpay.com/ Name: __stripe_sid
Value: ab35b7f7-9aed-4379-bc09-0bbb9432862cb24a18

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.auth0.com
cdn.onesignal.com
connectandpay.app.link
connectandpay.com
js.stripe.com
m.stripe.com
m.stripe.network
onesignal.com
q.stripe.com
tally.prod.readytouchpos.com
13.224.189.128
13.225.82.234
151.101.192.176
2600:9000:20eb:3a00:19:9934:6a80:93a1
2600:9000:20eb:b800:19:9934:6a80:93a1
2606:4700::6812:e234
52.26.242.165
54.187.119.242
54.213.152.180
1056eec01b5b1961a99131270650690eeed1bb38e305f36b65c3122ae5382678
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
25600333eb8f125f1ea177856a61124267d823a890b25f57da0727763e4351c5
382c857a9d0d8860db696fb41bfd9ab467712f9e8d4f778ab37a780752f71546
3fe1a865b4632fa7c345fec2c9ce2685a326ba1f0c3c967a79c747b1c6742e3b
670d968f115ce70407b803d545bf4e09d511bc96d2054d580013764a2ceed5e4
843114448aaeeda7e8caa0cf76d61e0c63b8bffccd34517483363fdb15cdc80c
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
d12c6745eca14e06d4dea70f4c2bd875769b349770d04300477ab18d0db005d4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4547ae1028ecd75782e300883b3592e9f9bae8475577dd66bd66b316b0ad328
e861595fa7024f9db1f207582d5d79149e244e4118e7c71975a6c816e9dd5922
ebf5fe084506fa53aecb68bc4d315b1e1b149b56a0465d7bc7e584ca9711c6dc
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
f50cb7514a029c588a8ba5abacbfb1a92b61645bd3a8b1e4c1508a6828fd9826
f67ddaafea12de1f989121f23bbd4900361f4963dabb8bd1dde0699b76b861dc
f7656bc3ccebd611041f9484fd00713447fbad96682d02882c2737830adcd4b2