urlscan.io logo urlscan.io
SecurityTrails logo

pay.gocardless.com Open in urlscan Pro
35.241.14.239  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://x-pi-live.sagepay.com/api/direct-debit/mandateSetup/mandateFormRequest/70a707ac-5a02-471b-bfa2-3e1ad2eb8c39
Effective URL: https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY
Submission: On May 18 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 8 domains to perform 15 HTTP transactions. The main IP is 35.241.14.239, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is pay.gocardless.com. The Cisco Umbrella rank of the primary domain is 17135.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on February 3rd 2022. Valid for: a year.
This is the only time pay.gocardless.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
6 35.241.14.239 15169 (GOOGLE)
2 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 2a04:4e42:400... 54113 (FASTLY)
1 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 99.86.8.175 16509 (AMAZON-02)
1 34.212.119.49 16509 (AMAZON-02)
1 1 99.86.7.121 16509 (AMAZON-02)
3 18.66.248.11 16509 (AMAZON-02)
15 8
1    2606:4700::6811:6030 (United States)

ASN13335 (CLOUDFLARENET, US)
x-pi-live.sagepay.com
6    35.241.14.239 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 239.14.241.35.bc.googleusercontent.com
pay.gocardless.com
2    2a02:26f0:1700:11::b856:6785 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
consent.cookiebot.com
1    2a04:4e42:400::393 (United States)

ASN54113 (FASTLY, US)
res.cloudinary.com
1    2a02:26f0:1700:781::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
consentcdn.cookiebot.com
1    99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net
cdn.segment.com
1    34.212.119.49 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-212-119-49.us-west-2.compute.amazonaws.com
api.segment.io
1    99.86.7.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-121.fra6.r.cloudfront.net
widget.intercom.io
3    18.66.248.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-11.dus51.r.cloudfront.net
js.intercomcdn.com
Apex Domain
Subdomains		 Transfer
6 gocardless.com
pay.gocardless.com — Cisco Umbrella Rank: 17135
259 KB
3 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 2525
132 KB
3 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 4801
consentcdn.cookiebot.com — Cisco Umbrella Rank: 5547
79 KB
1 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 2514
249 B
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1077
176 B
1 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1569
55 KB
1 cloudinary.com
res.cloudinary.com — Cisco Umbrella Rank: 2274
8 KB
1 sagepay.com
x-pi-live.sagepay.com
444 B
15 8
Domain Requested by
6 pay.gocardless.com pay.gocardless.com
3 js.intercomcdn.com widget.intercom.io
2 consent.cookiebot.com pay.gocardless.com
consent.cookiebot.com
1 widget.intercom.io 1 redirects
1 api.segment.io cdn.segment.com
1 cdn.segment.com pay.gocardless.com
1 consentcdn.cookiebot.com consent.cookiebot.com
1 res.cloudinary.com pay.gocardless.com
1 x-pi-live.sagepay.com 1 redirects
15 9

This site contains links to these domains. Also see Links.

Domain
gocardless.com
Subject Issuer Validity Valid
*.gocardless.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-03 -
2023-02-10		 a year crt.sh
consent.cookiebot.com
DigiCert ECC Extended Validation Server CA		 2020-06-11 -
2022-06-11		 2 years crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2		 2020-05-27 -
2022-06-22		 2 years crt.sh
*.cookiebot.com
DigiCert SHA2 Secure Server CA		 2021-07-05 -
2022-07-13		 a year crt.sh
*.segment.com
Amazon		 2022-01-12 -
2023-02-10		 a year crt.sh
*.segment.io
Amazon		 2022-02-10 -
2023-03-11		 a year crt.sh
*.intercomcdn.com
Amazon		 2022-01-30 -
2023-02-28		 a year crt.sh

This page contains 3 frames:

Primary Page: https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY
Frame ID: B9683EBAEBD5DC294C2DAF77027FD61F
Requests: 14 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: ADD5198BED446EBF1C09B362187A0B31
Requests: 1 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.84def5e8.js
Frame ID: 84CD91DC9E279540E83834F0C4AB45B0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Payment details - Blue Mountain Water Limited

Page URL History Show full URLs

  1. https://x-pi-live.sagepay.com/api/direct-debit/mandateSetup/mandateFormRequest/70a707ac-5a02-471b-bfa2-3e1... HTTP 308
    https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY Page URL

Detected technologies

Overall confidence: 80%
Detected patterns
  • <img[^>]+\.cloudinary\.com
Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

15
Requests

93 %
HTTPS

44 %
IPv6

8
Domains

9
Subdomains

8
IPs

2
Countries

595 kB
Transfer

1708 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://x-pi-live.sagepay.com/api/direct-debit/mandateSetup/mandateFormRequest/70a707ac-5a02-471b-bfa2-3e1ad2eb8c39 HTTP 308
    https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://widget.intercom.io/widget/owu6vgyd HTTP 302
  • https://js.intercomcdn.com/shim.latest.js

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request RE001SNEMA3EJE71CRNX93EVFJQRNTKY
pay.gocardless.com/flow/
Redirect Chain
  • https://x-pi-live.sagepay.com/api/direct-debit/mandateSetup/mandateFormRequest/70a707ac-5a02-471b-bfa2-3e1ad2eb8c39
  • https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY
29 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.14.239 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
239.14.241.35.bc.googleusercontent.com
Software
/
Resource Hash
bcf40921820156857cba3654e9d12051435a3b4494e28d1d9af9e1648cc3387a
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
max-age=0, private, must-revalidate
content-length
29808
content-type
text/html
date
Wed, 18 May 2022 12:25:33 GMT
etag
W/"bcf40921820156857cba3654e9d12051"
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Origin
via
1.1 google
x-content-type-options
nosniff
x-request-id
23BF0290E7AA_0A1407581F92_6284E5BA_38D4C0001
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
70d4937bbc8e76e7-LHR
content-language
en-GB
content-length
0
date
Wed, 18 May 2022 12:25:32 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY
server
cloudflare
vary
Accept-Encoding
payflow-browser-performance-b91c8581fbbb872f78a2.js
pay.gocardless.com/packs/js/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.gocardless.com/packs/js/payflow-browser-performance-b91c8581fbbb872f78a2.js
Requested by
Host: pay.gocardless.com
URL: https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.14.239 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
239.14.241.35.bc.googleusercontent.com
Software
/
Resource Hash
c915190933aeef42b43321636d79e23ac360730bdaa4db2e714e8157999628c0
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 12:25:33 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 18 May 2022 11:10:51 GMT
vary
Accept-Encoding, Origin
content-type
application/javascript
via
1.1 google
cache-control
public, max-age=31536000, immutable
strict-transport-security
max-age=31556926; includeSubDomains; preload
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5180
x-xss-protection
1; mode=block
pay-flow-manifest-0f84e8a9.css
pay.gocardless.com/packs/css/ 		203 KB
129 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pay.gocardless.com/packs/css/pay-flow-manifest-0f84e8a9.css
Requested by
Host: pay.gocardless.com
URL: https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.14.239 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
239.14.241.35.bc.googleusercontent.com
Software
/
Resource Hash
676205dffb41c21eb738ff20994ed118a41535397a361381bc9bf6394739a9b5
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 12:25:33 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 18 May 2022 11:10:51 GMT
vary
Accept-Encoding, Origin
content-type
text/css
via
1.1 google
cache-control
public, max-age=31536000, immutable
strict-transport-security
max-age=31556926; includeSubDomains; preload
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
131952
x-xss-protection
1; mode=block
uc.js
consent.cookiebot.com/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/uc.js
Requested by
Host: pay.gocardless.com
URL: https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:11::b856:6785 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fae0b8f255ca326bdbbafdffae74342b6eac771ef68a71072ec1eacb70dcd39a

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 12:25:33 GMT
content-encoding
gzip
last-modified
Mon, 16 May 2022 08:34:39 GMT
etag
"35be1ac8ff68d81:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-expose-headers
Request-Context
cache-control
public, max-age=148
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
accept-ranges
bytes
content-length
29783
expires
Wed, 18 May 2022 12:28:01 GMT
0e31f0d38848471d776c6c7b38d2983d.png
res.cloudinary.com/gocardless/image/fetch/w_300,h_50,c_limit,dpr_3.0/https://uploads.gocardless.com/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/gocardless/image/fetch/w_300,h_50,c_limit,dpr_3.0/https://uploads.gocardless.com/0e31f0d38848471d776c6c7b38d2983d.png
Requested by
Host: pay.gocardless.com
URL: https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::393 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cloudinary /
Resource Hash
4ac106a2d5bf7922493be9c3f548f14ec549ead90e2874d0fbc503ed061bebf6
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 12:25:33 GMT
x-content-type-options
nosniff
last-modified
Tue, 29 Sep 2020 13:25:34 GMT
server
Cloudinary
etag
"49ddb64a2c1d2c17bd36ada658987996"
strict-transport-security
max-age=604800
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=604800
server-timing
fastly;dur=1;start=2022-05-18T12:25:33.582Z;desc=hit,rtt;dur=55
accept-ranges
bytes
timing-allow-origin
*
content-length
7715
direct-debit-logo-footer-476c823f84181683419acf9b4d37e1007920c69b58e665486c0c553d3cd3528e.svg
pay.gocardless.com/assets/pay/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pay.gocardless.com/assets/pay/direct-debit-logo-footer-476c823f84181683419acf9b4d37e1007920c69b58e665486c0c553d3cd3528e.svg
Requested by
Host: pay.gocardless.com
URL: https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.241.14.239 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
239.14.241.35.bc.googleusercontent.com
Software
/
Resource Hash
a08f0c6fd7a18cd20cd9bbc8aa7cf9ca3acff3f2d52c152ddf26c2c6874f9deb
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 12:25:33 GMT
via
1.1 google
x-content-type-options
nosniff
last-modified
Wed, 18 May 2022 11:10:14 GMT
vary
Origin
content-type
image/svg+xml
cache-control
public, max-age=31536000, immutable
strict-transport-security
max-age=31556926; includeSubDomains; preload
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14658
x-xss-protection
1; mode=block
pay-flow-manifest-69bd4a90bb1b3e1bfae5.js
pay.gocardless.com/packs/js/ 		262 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.gocardless.com/packs/js/pay-flow-manifest-69bd4a90bb1b3e1bfae5.js
Requested by
Host: pay.gocardless.com
URL: https://pay.gocardless.com/flow/RE001SNEMA3EJE71CRNX93EVFJQRNTKY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.241.14.239 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
239.14.241.35.bc.googleusercontent.com
Software
/
Resource Hash
e08f73b38fbc08f98cb0e18903d0ed6113645e6b810769e9cd091066f8f717e2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 12:25:33 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 18 May 2022 11:10:51 GMT
vary
Accept-Encoding, Origin
content-type
application/javascript
via
1.1 google
cache-control
public, max-age=31536000, immutable
strict-transport-security
max-age=31556926; includeSubDomains; preload
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
82955
x-xss-protection
1; mode=block
truncated
/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d71725437166a3db624724350527cd5727e9364f17879f9a7c2f95d76845ef15

Request headers

Referer
Origin
https://pay.gocardless.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
truncated
/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db926eef157d6d6b8a3e1ac2799e393fd21bae76b023f8ddb60beedaed20dbeb

Request headers

Referer
Origin
https://pay.gocardless.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame ADD5 		627 B
692 B 		Document
General
Check archive.org
Download Go to
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:781::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=31535885
content-encoding
gzip
content-length
392
content-type
text/html
date
Wed, 18 May 2022 12:25:34 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Thu, 18 May 2023 12:23:39 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
cc.js
consent.cookiebot.com/597cc39c-16de-4370-a3d5-b084a41b7359/ 		199 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/597cc39c-16de-4370-a3d5-b084a41b7359/cc.js?renew=false&referer=pay.gocardless.com&dnt=false&init=false
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:11::b856:6785 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
04de987aa9d5883db9c473d300d2def85ecc91c190e8e70964d0badd057e3343

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 18 May 2022 12:25:34 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
private, max-age=1
content-length
49235
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
browser_performance_metrics
pay.gocardless.com/enterprise/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pay.gocardless.com/enterprise/browser_performance_metrics
Requested by
Host: pay.gocardless.com
URL: https://pay.gocardless.com/packs/js/payflow-browser-performance-b91c8581fbbb872f78a2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.241.14.239 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
239.14.241.35.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
GoCardless-Version
2015-07-06
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 18 May 2022 12:25:34 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
x-request-id
82D30214EBA4_0A1412F71F92_6284E5B8_37C100001
pragma
no-cache
access-control-max-age
7200
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
https://pay.gocardless.com
vary
Origin
cache-control
no-store
access-control-allow-credentials
true
access-control-expose-headers
gocardless-organisation-id, ETag, X-Request-Id, X-Runtime, ratelimit-limit, ratelimit-remaining, ratelimit-reset, Content-Length
analytics.min.js
cdn.segment.com/analytics.js/v1/Diwogko64X5YVhl9Wttpb9arCLVm8oTB/ 		350 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/Diwogko64X5YVhl9Wttpb9arCLVm8oTB/analytics.min.js
Requested by
Host: pay.gocardless.com
URL: https://pay.gocardless.com/packs/js/pay-flow-manifest-69bd4a90bb1b3e1bfae5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c81db745e94b42b316cc4be8119df267ba09b542b481a4a21ea221f8bf754970

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id
N8oCzISt7q2DoBMNqA8.CUDS.9BuvwaU
content-encoding
br
etag
W/"d103da6d3c7b75d4deb161a318bef501"
age
15
x-cache
Hit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Mon, 09 May 2022 20:40:15 GMT
server
AmazonS3
date
Wed, 18 May 2022 12:25:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
via
1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
cache-control
public, max-age=120
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
kYWGE4hio0Q6_kFlEWNFAK3JwjdVR53lMY4IC6cxp-liRce7J7yagA==
t
api.segment.io/v1/ 		21 B
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/t
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/Diwogko64X5YVhl9Wttpb9arCLVm8oTB/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.212.119.49 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-212-119-49.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://pay.gocardless.com
date
Wed, 18 May 2022 12:25:35 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
shim.latest.js
js.intercomcdn.com/
Redirect Chain
  • https://widget.intercom.io/widget/owu6vgyd
  • https://js.intercomcdn.com/shim.latest.js
18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/shim.latest.js
Protocol
H2
Server
18.66.248.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-11.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6ea1ed745db5650427bb7261c30a7809cec1eccc3f771829f7adf7ebaef9d08

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 18 May 2022 12:23:16 GMT
content-encoding
gzip
last-modified
Wed, 18 May 2022 10:13:07 GMT
server
AmazonS3
age
139
etag
"570bddfdceaa714d3d8c360f4b9eb87e"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 9ce5bc08de451222a6a280b1273d60c6.cloudfront.net (CloudFront)
cache-control
max-age=300, s-maxage=300, public
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-length
6155
x-amz-cf-id
70UAWOx542iQvPvNPCz5ifacG5GEysTAEtdE1-LF69PxJMND4kINaA==

Redirect headers

date
Tue, 17 May 2022 16:26:41 GMT
via
1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
server
AmazonS3
age
71934
x-cache
Hit from cloudfront
location
https://js.intercomcdn.com/shim.latest.js
x-amz-cf-pop
FRA6-C1
content-length
0
x-amz-cf-id
rdC5QolYjG7TjjIuEP53ASiOKAXcoNSXiXwVWBHQVVu3qSKJc_Z3GA==
frame-modern.84def5e8.js
js.intercomcdn.com/ Frame 84CD 		313 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.84def5e8.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/owu6vgyd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-11.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
25c2aba07aa9156d229a7a52cf79c2cfd1d39795200a95088e730650f816779e

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 18 May 2022 12:13:13 GMT
content-encoding
gzip
last-modified
Wed, 18 May 2022 10:11:42 GMT
server
AmazonS3
age
742
etag
"9a400f5aef08bb818571df465096f747"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 9ce5bc08de451222a6a280b1273d60c6.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-length
85171
x-amz-cf-id
V0bv_rwSVgQanr-oKTyClGK1WGU64FT_2A_EpVAj7ATpbNhpZQ-xqA==
vendor-modern.501342e6.js
js.intercomcdn.com/ Frame 84CD 		136 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.501342e6.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/owu6vgyd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-11.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9429b6f57da46792a7748acaf1fec9d403e62c97195a54bc7766366393742e31

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 18 May 2022 12:13:04 GMT
content-encoding
gzip
last-modified
Tue, 17 May 2022 15:07:56 GMT
server
AmazonS3
age
751
etag
"18cca08a15720c470854d9a0bac187ee"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 9ce5bc08de451222a6a280b1273d60c6.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
content-length
42638
x-amz-cf-id
zZCe8Kr7Pj9kWqUAW7fwO-ZVBvETl2ibtfktvOfB0OipLtJlt-xVdw==

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| isSupportedBrowser function| isLoadedInIframe object| buttonsToDisableOnClick function| runForAllButtons function| submitFormWithCommitType function| disableAndSubmit object| angular number| ng339 function| _ function| UAParser object| analytics object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot object| dataLayer object| CookieConsent object| CookiebotDialog object| CookieConsentDialog object| CookieDialogInitScrollPosition function| showCookieBanner function| hideCookieBanner function| Intercom function| normalize function| __intercomAssignLocation

3 Cookies

Domain/Path Name / Value
.sagepay.com/ Name: __cf_bm
Value: A3_kCq7PSAm89gD1OPySRm72_c2fvYA6K2AmGbjwal4-1652876732-0-AdAXY4olH+vczl6uKKu1m/v86BPB9nyRFsiINMQglAzo1GdVBMDz4iVeLukqd4YDBu8jWZXbGepEbdrDhHds1LU=
pay.gocardless.com/ Name: CookieConsent
Value: -2
.gocardless.com/ Name: ajs_anonymous_id
Value: %22236d0634-2d2e-4b62-8447-3abf8d1d9db9%22

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
cdn.segment.com
consent.cookiebot.com
consentcdn.cookiebot.com
js.intercomcdn.com
pay.gocardless.com
res.cloudinary.com
widget.intercom.io
x-pi-live.sagepay.com
18.66.248.11
2606:4700::6811:6030
2a02:26f0:1700:11::b856:6785
2a02:26f0:1700:781::f09
2a04:4e42:400::393
34.212.119.49
35.241.14.239
99.86.7.121
99.86.8.175
04de987aa9d5883db9c473d300d2def85ecc91c190e8e70964d0badd057e3343
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
25c2aba07aa9156d229a7a52cf79c2cfd1d39795200a95088e730650f816779e
4ac106a2d5bf7922493be9c3f548f14ec549ead90e2874d0fbc503ed061bebf6
676205dffb41c21eb738ff20994ed118a41535397a361381bc9bf6394739a9b5
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
9429b6f57da46792a7748acaf1fec9d403e62c97195a54bc7766366393742e31
a08f0c6fd7a18cd20cd9bbc8aa7cf9ca3acff3f2d52c152ddf26c2c6874f9deb
b6ea1ed745db5650427bb7261c30a7809cec1eccc3f771829f7adf7ebaef9d08
bcf40921820156857cba3654e9d12051435a3b4494e28d1d9af9e1648cc3387a
c81db745e94b42b316cc4be8119df267ba09b542b481a4a21ea221f8bf754970
c915190933aeef42b43321636d79e23ac360730bdaa4db2e714e8157999628c0
d71725437166a3db624724350527cd5727e9364f17879f9a7c2f95d76845ef15
db926eef157d6d6b8a3e1ac2799e393fd21bae76b023f8ddb60beedaed20dbeb
e08f73b38fbc08f98cb0e18903d0ed6113645e6b810769e9cd091066f8f717e2
fae0b8f255ca326bdbbafdffae74342b6eac771ef68a71072ec1eacb70dcd39a