Submitted URL: https://paydirect.myob.com/pay/#/c6a2e641e42e24834e2e9f4d5e39bbec?source=email-view&type=invoice
Effective URL: https://paydirect.myob.com/pay/
Submission: On May 31 via manual from PG — Scanned from DE

Summary

This website contacted 7 IPs in 2 countries across 4 domains to perform 19 HTTP transactions. The main IP is 18.66.192.16, located in United States and belongs to AMAZON-02, US. The main domain is paydirect.myob.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on January 23rd 2024. Valid for: a year.
This is the only time paydirect.myob.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 18.66.192.16 16509 (AMAZON-02)
1 151.101.192.176 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.222.214.53 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 54.230.228.117 16509 (AMAZON-02)
19 7
Apex Domain
Subdomains
Transfer
13 myob.com
paydirect.myob.com
assets.digital.myob.com
1 MB
2 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1088
148 KB
1 gstatic.com
fonts.gstatic.com
46 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
1 KB
19 4
Domain Requested by
12 paydirect.myob.com paydirect.myob.com
2 js.stripe.com paydirect.myob.com
js.stripe.com
1 assets.digital.myob.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com client
19 5

This site contains links to these domains. Also see Links.

Domain
www.myob.com
Subject Issuer Validity Valid
paydirect.myob.com
Amazon RSA 2048 M02
2024-01-23 -
2025-02-19
a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA
2024-05-22 -
2024-08-22
3 months crt.sh
upload.video.google.com
WR2
2024-05-13 -
2024-08-05
3 months crt.sh
*.gstatic.com
WR2
2024-05-13 -
2024-08-05
3 months crt.sh
assets.digital.myob.com
Amazon RSA 2048 M02
2024-05-27 -
2025-06-24
a year crt.sh

This page contains 2 frames:

Primary Page: https://paydirect.myob.com/pay/
Frame ID: 29B32477188ABFEDB90FD46C0133B627
Requests: 20 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 54D888D1C9ABE74E229F023F313D0810
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

MYOB - Invoice portal

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Page Statistics

19
Requests

89 %
HTTPS

33 %
IPv6

4
Domains

5
Subdomains

7
IPs

2
Countries

1460 kB
Transfer

4180 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
paydirect.myob.com/pay/
1 KB
1 KB
Document
General
Full URL
https://paydirect.myob.com/pay/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
45234b00c74c2793a29fb95dd61a8469cfbf82f0e22b473066c9d0a32b012126
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
max-age=300
content-encoding
gzip
content-type
text/html
date
Fri, 31 May 2024 05:49:04 GMT
etag
W/"28edf55639f92921dc49a9dfbed157c5"
last-modified
Fri, 24 May 2024 08:25:23 GMT
referrer-policy
strict-origin-when-cross-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-amz-cf-id
qEA6-GtpMtVjgMHPnZT1Ph7efJEfu8l1I4SJI0Hsd62KHFC7jP2WHQ==
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
/
js.stripe.com/v3/
606 KB
148 KB
Script
General
Full URL
https://js.stripe.com/v3/
Requested by
Host: paydirect.myob.com
URL: https://paydirect.myob.com/pay/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
694b31f3e2143f688c6c2c0997fd4b68a03a86660ec57f8f0dc786557e802d7c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://paydirect.myob.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Fri, 31 May 2024 05:49:04 GMT
via
1.1 varnish
age
53
x-cache
HIT
content-length
151359
x-request-id
f1ede62d-4753-486e-8d96-f75b4d32b577
x-served-by
cache-fra-eddf8230097-FRA
last-modified
Thu, 30 May 2024 20:45:41 GMT
server
Fastly
etag
"c30ff670db772128437846ac22e97608"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
12
main.199916f6.js
paydirect.myob.com/static/js/
2 MB
347 KB
Script
General
Full URL
https://paydirect.myob.com/static/js/main.199916f6.js
Requested by
Host: paydirect.myob.com
URL: https://paydirect.myob.com/pay/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e9d9b3db7eccc1091dc418e2f1bede3678f012852acb87bbc684802924218d1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://paydirect.myob.com/pay/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 05:49:06 GMT
content-encoding
gzip
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 24 May 2024 08:25:21 GMT
server
AmazonS3
etag
W/"54a750066c090c58f8e31c5a07f77b39"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
d6iv2V0PjwI-mpw_tjotdwHmY2KJj_lFQFr4JqyoBKxkmIuOXgXE2g==
main.2d92d579.css
paydirect.myob.com/static/css/
381 KB
67 KB
Stylesheet
General
Full URL
https://paydirect.myob.com/static/css/main.2d92d579.css
Requested by
Host: paydirect.myob.com
URL: https://paydirect.myob.com/pay/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5d27740efc81b1b7db27c5b792eb8153ef605c579cd62c900f765ba2dc419fb7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://paydirect.myob.com/pay/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 05:49:06 GMT
content-encoding
gzip
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 24 May 2024 08:25:21 GMT
server
AmazonS3
etag
W/"c42eca0c40ffb0c74c3d4fb35b4e2a27"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
max-age=300
x-amz-cf-id
tOOIbHC8ixJ3-45YFN3uTm8B_RfMMFZ0ZKyFhhoU-i9YX8WK5Zwinw==
css2
fonts.googleapis.com/
2 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6b8a445dbddfb9b7c56ffd4f34b6ca628a0d2c85b6a8f4da1eda376694377c3c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://paydirect.myob.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Fri, 31 May 2024 05:49:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 31 May 2024 05:00:22 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 31 May 2024 05:49:05 GMT
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 54D8
0
0
Document
General
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-53.fra56.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://paydirect.myob.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
351
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Fri, 31 May 2024 05:43:14 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 24 May 2024 23:49:19 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-amz-cf-id
HOFsRKBvU5S175Q3lZVDAiSfa9ix0Jh3OGkB5NxIy1F-DtkJ6yCEzA==
x-amz-cf-pop
FRA56-P3
x-cache
Hit from cloudfront
x-content-type-options
nosniff
c6a2e641e42e24834e2e9f4d5e39bbec
paydirect.myob.com/api/invoice/
8 KB
3 KB
XHR
General
Full URL
https://paydirect.myob.com/api/invoice/c6a2e641e42e24834e2e9f4d5e39bbec?activity=true&mode=view&time=1717134545437
Requested by
Host: paydirect.myob.com
URL: https://paydirect.myob.com/static/js/main.199916f6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
a54b06d33b4b7617c503eee4eb5b2a090cbdbb7702c1dcc23106fbe8b4d25ed5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://paydirect.myob.com/pay/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 05:49:06 GMT
content-encoding
gzip
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P1
x-powered-by
Express
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
etag
W/"1e07-pIQm4u4oEjTq6M/QZ1NB82dLhXk"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/json; charset=utf-8
x-robots-tag
noindex
x-amz-cf-id
qcfHlaXoZYFaCW6r9jv95TsoflihYxpONnuHyiMcF30xr0YMH755_A==
c6a2e641e42e24834e2e9f4d5e39bbec
paydirect.myob.com/view/invoice/
1 MB
756 KB
XHR
General
Full URL
https://paydirect.myob.com/view/invoice/c6a2e641e42e24834e2e9f4d5e39bbec
Requested by
Host: paydirect.myob.com
URL: https://paydirect.myob.com/static/js/main.199916f6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
3959fafd671b160c6663c2c92b3bbf87e877d5db1a65e60efa068e99bbf7ddef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://paydirect.myob.com/pay/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 05:49:06 GMT
content-encoding
gzip
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P1
x-powered-by
Express
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
etag
W/"112796-zVDVEBFiXjnKlzEdLCB+g8LC0kg"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/json; charset=utf-8
cache-control
no-cache, private, no-store, must-revalidate
x-robots-tag
noindex
x-amz-cf-id
ptiLJmcpsa_N43xzAWDu7VreYDOStIhV1jWkJ1C67mQ6od3y-_UP0A==
truncated
/
897 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6cc7ebca6b16a29ee6495b57eef4524ad15d951de37d914e63025acc5a6daeb8

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/
46 KB
46 KB
Font
General
Full URL
https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://fonts.googleapis.com/
Origin
https://paydirect.myob.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 14:44:59 GMT
x-content-type-options
nosniff
age
227046
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46704
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:49:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 28 May 2025 14:44:59 GMT
favicon.ico
assets.digital.myob.com/images/favicons/
15 KB
15 KB
Other
General
Full URL
https://assets.digital.myob.com/images/favicons/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-117.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a892e99bac15fec7357df003e88f288f93440e5da78fe337114ceb9a87257aa8

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://paydirect.myob.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 30 May 2024 07:52:40 GMT
via
1.1 653de2a3596d1ebffe452d8daf65c9ea.cloudfront.net (CloudFront)
last-modified
Mon, 16 Nov 2020 01:20:03 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P5
age
78985
etag
"c94dc24f338972959eab4e601a5bc72e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/vnd.microsoft.icon
accept-ranges
bytes
content-length
15086
x-amz-cf-id
1G5qhgHy9aBDK04ANTgLddtdhddDnbX3OZgh_Krz7bGWlE5WysPlUw==
77d8b5d1-d89a-4298-8ce6-e9fa30a9237d
paydirect.myob.com/myob/link/e0bed489-a341-4ffa-b508-dbf8bffe22b4/
0
390 B
XHR
General
Full URL
https://paydirect.myob.com/myob/link/e0bed489-a341-4ffa-b508-dbf8bffe22b4/77d8b5d1-d89a-4298-8ce6-e9fa30a9237d?country=AU&product=ARL&state=3713d8146de4e03bb6add2a9fcaa6343d6ccbdb2c11f2efdb6816c27e889a98d
Requested by
Host: paydirect.myob.com
URL: https://paydirect.myob.com/static/js/main.199916f6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://paydirect.myob.com/pay/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 05:49:08 GMT
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P1
x-powered-by
Express
x-frame-options
DENY
x-cache
Miss from cloudfront
x-robots-tag
noindex
x-amz-cf-id
qcZ2khONwqOgfVTL1WwSoWm9IDX7-JkeGUJrEM7j41fxL6dNyziZUg==
x-xss-protection
1; mode=block
view-invoice
paydirect.myob.com/analytic-track/
2 B
476 B
XHR
General
Full URL
https://paydirect.myob.com/analytic-track/view-invoice
Requested by
Host: paydirect.myob.com
URL: https://paydirect.myob.com/static/js/main.199916f6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://paydirect.myob.com/pay/
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 05:49:09 GMT
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P1
x-powered-by
Express
x-cache
Miss from cloudfront
content-length
2
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/plain; charset=utf-8
x-robots-tag
noindex
x-amz-cf-id
k5MNMq7JrHbKJ8ECrJ9UiBg-baMSNdBC7SIWVy1Q6HqO5zG7D7mzng==
logo.760c6717113922c6e7483c6bc60ca31f.svg
paydirect.myob.com/static/media/
2 KB
2 KB
Image
General
Full URL
https://paydirect.myob.com/static/media/logo.760c6717113922c6e7483c6bc60ca31f.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
38346cc87f02fb6462cea705ce12ba3215db2958b653ef9575000d02393617ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://paydirect.myob.com/pay/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 05:49:10 GMT
content-encoding
gzip
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 24 May 2024 08:25:22 GMT
server
AmazonS3
etag
W/"03d009fd49a3044400f6ab17bd26f5e5"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
max-age=300
x-amz-cf-id
kRrO-cS3bc1ow_nFposejmtabQka3dZsZw2gKtWcHmuzBwdclzVI0g==
empty-invoice-list.6d9960e4112e048e5a63.png
paydirect.myob.com/static/media/
12 KB
12 KB
Image
General
Full URL
https://paydirect.myob.com/static/media/empty-invoice-list.6d9960e4112e048e5a63.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
47afb754434a03ff8069ef84dfb79ab85bde1e5a4233ad4a909c993b558646e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://paydirect.myob.com/pay/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 05:49:10 GMT
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
content-length
12130
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 24 May 2024 08:25:22 GMT
server
AmazonS3
etag
"24b81cdac0682e4ae3c52440427502b6"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
qciXEE9_BszMdQGlm8uH1JOf1NvByEAM_Xooaz-00EpQ--RkHG_5gA==
success.975d085bce3a2cf3595d.png
paydirect.myob.com/static/media/
35 KB
36 KB
Image
General
Full URL
https://paydirect.myob.com/static/media/success.975d085bce3a2cf3595d.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bf2ec51cb4c6d07197a2d1f609a565867689d7304825eb675400dde7cbc1d999
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://paydirect.myob.com/pay/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 05:49:10 GMT
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
content-length
35898
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 24 May 2024 08:25:22 GMT
server
AmazonS3
etag
"cba9ae9f3d43da754dc05914be2c511e"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
_TNX-FM8IKt8M63DqsOu9SVi7BxtMLIRXYqjHAci8RoqakMNBB-mMQ==
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4348bec3b368b2aa7ee26782532b097398750593fd8791b48d6778b13ab83d73

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
1cd773aa-9475-47c6-84f3-a85793c9d31d
https://paydirect.myob.com/
90 B
0
Other
General
Full URL
blob:https://paydirect.myob.com/1cd773aa-9475-47c6-84f3-a85793c9d31d
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6002d5317832a3f311690ee53f78e864c0a818186f4a6f121b117227955e9781

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length
90
Content-Type
myob.28056878978b9ed79bc0.woff
paydirect.myob.com/static/media/
25 KB
25 KB
Font
General
Full URL
https://paydirect.myob.com/static/media/myob.28056878978b9ed79bc0.woff
Requested by
Host: paydirect.myob.com
URL: https://paydirect.myob.com/static/css/main.2d92d579.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://paydirect.myob.com/static/css/main.2d92d579.css
Origin
https://paydirect.myob.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 05:49:10 GMT
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
25368
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 24 May 2024 08:25:22 GMT
server
AmazonS3
etag
"34437b27e0959adf8ab937cff172682d"
x-frame-options
DENY
content-type
binary/octet-stream
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
V64fL3QGLozdn_DE2lkx04ltXKyaHcsaFmIXWPfIKvCbPyzJR2N-4w==
fontawe.912ae96cada1fd3e7020.woff
paydirect.myob.com/static/media/
50 KB
0
Font
General
Full URL
https://paydirect.myob.com/static/media/fontawe.912ae96cada1fd3e7020.woff
Requested by
Host: paydirect.myob.com
URL: https://paydirect.myob.com/static/css/main.2d92d579.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-16.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://paydirect.myob.com/static/css/main.2d92d579.css
Origin
https://paydirect.myob.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 05:49:10 GMT
via
1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
71008
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 24 May 2024 08:25:22 GMT
server
AmazonS3
etag
"c709d0eb84bd7af7258d23ab3d1baaaa"
x-frame-options
DENY
content-type
binary/octet-stream
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
RgnWcklpoDRCPQnArEFqdlrSWeKUvJU_BTbz0MebiRqQG8B04PsBFg==
63d00f36-47f6-473e-8e1b-e908ee18da24
https://paydirect.myob.com/
90 B
0
Other
General
Full URL
blob:https://paydirect.myob.com/63d00f36-47f6-473e-8e1b-e908ee18da24
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6002d5317832a3f311690ee53f78e864c0a818186f4a6f121b117227955e9781

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length
90
Content-Type

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| webpackChunkStripeJSouter function| noop function| Stripe object| webpackChunkinvoice_frontend_service function| _ object| pdfjsLib

3 Cookies

Domain/Path Name / Value
m.stripe.com/ Name: m
Value: 6d17bb3d-a958-4602-88c4-64f3b5ee2a94c9dd2f
.paydirect.myob.com/ Name: __stripe_mid
Value: 0e943ea2-3033-47a3-9112-54abd1646482d5f997
.paydirect.myob.com/ Name: __stripe_sid
Value: e3b33a1e-79fa-42c7-a65a-c8e2c0169994f0a470

1 Console Messages

Source Level URL
Text
other warning URL: https://paydirect.myob.com/pay/#/c6a2e641e42e24834e2e9f4d5e39bbec?source=email-view&type=invoice
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block