urlscan.io logo urlscan.io
SecurityTrails logo

payment.globalvisapay.com Open in urlscan Pro
104.247.108.50  Public Scan

Go To Rescan Add Verdict Report
URL: https://payment.globalvisapay.com/
Submission: On October 22 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 20 HTTP transactions. The main IP is 104.247.108.50, located in United States and belongs to CODEFORHOST-AS-ARIN, US. The main domain is payment.globalvisapay.com.
TLS certificate: Issued by R3 on October 22nd 2023. Valid for: 3 months.
This is the only time payment.globalvisapay.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 104.247.108.50 399883 (CODEFORHO...)
10 104.17.67.26 13335 (CLOUDFLAR...)
1 2a02:26f0:c6:... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
20 5
6    104.247.108.50 (United States)

ASN399883 (CODEFORHOST-AS-ARIN, US)
PTR: daisy-us-wz2.hostever.com
payment.globalvisapay.com
10    104.17.67.26 (None, )

ASN13335 (CLOUDFLARENET, US)
www.sos.state.co.us
1    2a02:26f0:c6::211:16b3 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)
immi.homeaffairs.gov.au
1    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
Apex Domain
Subdomains		 Transfer
10 state.co.us
www.sos.state.co.us — Cisco Umbrella Rank: 417002
244 KB
6 globalvisapay.com
payment.globalvisapay.com
189 KB
2 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2250
315 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 56
87 KB
1 homeaffairs.gov.au
immi.homeaffairs.gov.au — Cisco Umbrella Rank: 279267
10 KB
20 5
Domain Requested by
10 www.sos.state.co.us payment.globalvisapay.com
6 payment.globalvisapay.com payment.globalvisapay.com
2 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com payment.globalvisapay.com
1 immi.homeaffairs.gov.au payment.globalvisapay.com
20 5

This site contains links to these domains. Also see Links.

Domain
example.com
immi.homeaffairs.gov.au
www.coloradosos.gov
www.homeaffairs.gov.au
Subject Issuer Validity Valid
payment.globalvisapay.com
R3		 2023-10-22 -
2024-01-20		 3 months crt.sh
*.sos.state.co.us
Entrust Certification Authority - L1K		 2023-08-18 -
2024-09-18		 a year crt.sh
homeaffairs.gov.au
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-12 -
2024-10-12		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-09-28 -
2023-12-21		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://payment.globalvisapay.com/
Frame ID: 324CB35B6CCFCD15CDBAE9F33250065B
Requests: 19 HTTP requests in this frame

Frame: https://payment.globalvisapay.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7ff8d35b/main.js
Frame ID: 46AC500BB5EC719B197168C90FB2C2E3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Immigration and citizenship - Payment

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

530 kB
Transfer

1463 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
payment.globalvisapay.com/ 		16 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.108.50 , United States, ASN399883 (CODEFORHOST-AS-ARIN, US),
Reverse DNS
daisy-us-wz2.hostever.com
Software
LiteSpeed /
Resource Hash
afbce1c25fdf5a53db2a70243137b571d7ff67b11ae0365e6cb2dbc23bdd39c3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
4333
content-type
text/html
date
Sun, 22 Oct 2023 10:51:18 GMT
etag
"3e48-6534fd9f-6c1992f2;br"
last-modified
Sun, 22 Oct 2023 10:46:55 GMT
server
LiteSpeed
vary
Accept-Encoding
theme.css.xhtml
www.sos.state.co.us/payment-gateway/javax.faces.resource/ 		25 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.sos.state.co.us/payment-gateway/javax.faces.resource/theme.css.xhtml?ln=primefaces-aristo
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.67.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87672c3881c40be148b737176e84b7f09b6491c92fdb1e5142492793dd56cd88
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:19 GMT
content-security-policy
frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
x-content-type-options
nosniff
strict-transport-security
max-age=16070400; includeSubDomains
last-modified
Mon, 30 Aug 2021 20:57:58 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
x-frame-options
SAMEORIGIN
content-type
text/css
content-language
de-DE
cf-ray
81a12f328f369bbc-FRA
x-xss-protection
1; mode=block
expires
Sun, 29 Oct 2023 10:51:19 GMT
sos-faces.css.xhtml
www.sos.state.co.us/payment-gateway/javax.faces.resource/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.sos.state.co.us/payment-gateway/javax.faces.resource/sos-faces.css.xhtml?ln=styles
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.67.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47e3423d47d6fb0f9cf84c12689b2cefba28f0e08b9b0a6a5be70cf09dc093c4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:19 GMT
content-security-policy
frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
x-content-type-options
nosniff
strict-transport-security
max-age=16070400; includeSubDomains
last-modified
Mon, 14 Nov 2022 01:35:20 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
x-frame-options
SAMEORIGIN
content-type
text/css
content-language
de-DE
cf-ray
81a12f328f349bbc-FRA
x-xss-protection
1; mode=block
expires
Sun, 29 Oct 2023 10:51:19 GMT
components.css.xhtml
www.sos.state.co.us/payment-gateway/javax.faces.resource/ 		94 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.sos.state.co.us/payment-gateway/javax.faces.resource/components.css.xhtml?ln=primefaces&v=8.0
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.67.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aeff63228b57cfd6aff1c86fd1d0cb7f0a249ddbbf3399b4a90462c1ca88aefb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:19 GMT
content-security-policy
frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
x-content-type-options
nosniff
strict-transport-security
max-age=16070400; includeSubDomains
last-modified
Mon, 30 Aug 2021 20:57:58 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
x-frame-options
SAMEORIGIN
content-type
text/css
content-language
de-DE
cf-ray
81a12f328f359bbc-FRA
x-xss-protection
1; mode=block
expires
Sun, 29 Oct 2023 10:51:19 GMT
jquery.js.xhtml
www.sos.state.co.us/payment-gateway/javax.faces.resource/jquery/ 		86 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sos.state.co.us/payment-gateway/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=8.0
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.67.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:19 GMT
content-security-policy
frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
x-content-type-options
nosniff
strict-transport-security
max-age=16070400; includeSubDomains
last-modified
Mon, 30 Aug 2021 20:57:58 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
x-frame-options
SAMEORIGIN
content-type
application/javascript
content-language
de-DE
cf-ray
81a12f328f3d9bbc-FRA
x-xss-protection
1; mode=block
expires
Sun, 29 Oct 2023 10:51:19 GMT
jquery-plugins.js.xhtml
www.sos.state.co.us/payment-gateway/javax.faces.resource/jquery/ 		261 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sos.state.co.us/payment-gateway/javax.faces.resource/jquery/jquery-plugins.js.xhtml?ln=primefaces&v=8.0
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.67.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99d02c2df8caf8fa07a68d82e7a63a112635c73f03367665786b056c972e1334
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:19 GMT
content-security-policy
frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
x-content-type-options
nosniff
strict-transport-security
max-age=16070400; includeSubDomains
last-modified
Mon, 30 Aug 2021 20:57:58 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
x-frame-options
SAMEORIGIN
content-type
application/javascript
content-language
de-DE
cf-ray
81a12f328f389bbc-FRA
x-xss-protection
1; mode=block
expires
Sun, 29 Oct 2023 10:51:19 GMT
core.js.xhtml
www.sos.state.co.us/payment-gateway/javax.faces.resource/ 		42 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sos.state.co.us/payment-gateway/javax.faces.resource/core.js.xhtml?ln=primefaces&v=8.0
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.67.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
40509d57086c720aa07557e34ae53097bd9cdd44a362da9d523ff00893d49537
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:19 GMT
content-security-policy
frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
x-content-type-options
nosniff
strict-transport-security
max-age=16070400; includeSubDomains
last-modified
Mon, 30 Aug 2021 20:57:58 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
x-frame-options
SAMEORIGIN
content-type
application/javascript
content-language
de-DE
cf-ray
81a12f328f3e9bbc-FRA
x-xss-protection
1; mode=block
expires
Sun, 29 Oct 2023 10:51:19 GMT
components.js.xhtml
www.sos.state.co.us/payment-gateway/javax.faces.resource/ 		424 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sos.state.co.us/payment-gateway/javax.faces.resource/components.js.xhtml?ln=primefaces&v=8.0
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.67.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bc6502a1cb11feab43da0f3f27ed769b52f6e45c8585df652c2a58d5d8b9190
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:19 GMT
content-security-policy
frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
x-content-type-options
nosniff
strict-transport-security
max-age=16070400; includeSubDomains
last-modified
Mon, 30 Aug 2021 20:57:58 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
x-frame-options
SAMEORIGIN
content-type
application/javascript
content-language
de-DE
cf-ray
81a12f328f419bbc-FRA
x-xss-protection
1; mode=block
expires
Sun, 29 Oct 2023 10:51:19 GMT
jsf.js.xhtml
www.sos.state.co.us/payment-gateway/javax.faces.resource/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sos.state.co.us/payment-gateway/javax.faces.resource/jsf.js.xhtml?ln=javax.faces
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.67.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e905ffb004e884decc0118b5596596fe6fb88fefde62113402f3f8e1ac3bba8a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:19 GMT
content-security-policy
frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
x-content-type-options
nosniff
strict-transport-security
max-age=16070400; includeSubDomains
last-modified
Mon, 30 Aug 2021 20:57:58 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
x-frame-options
SAMEORIGIN
content-type
application/javascript
content-language
de-DE
cf-ray
81a12f328f3a9bbc-FRA
x-xss-protection
1; mode=block
expires
Sun, 29 Oct 2023 10:51:19 GMT
static.css
payment.globalvisapay.com/www.coloradosos.gov/pubs/css/ 		22 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment.globalvisapay.com/www.coloradosos.gov/pubs/css/static.css
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.108.50 , United States, ASN399883 (CODEFORHOST-AS-ARIN, US),
Reverse DNS
daisy-us-wz2.hostever.com
Software
LiteSpeed /
Resource Hash
cc4cf8ecd7785ac0a40104030db695928ad3960e2f4da77361baeeebb1ebf257

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:18 GMT
content-encoding
br
last-modified
Sun, 22 Oct 2023 10:43:32 GMT
server
LiteSpeed
etag
"579a-6534fcd4-6c1b17d6;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
3355
expires
Sun, 29 Oct 2023 10:51:18 GMT
payment-gateway.css
payment.globalvisapay.com/www.sos.state.co.us_443/payment-gateway/styles/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment.globalvisapay.com/www.sos.state.co.us_443/payment-gateway/styles/payment-gateway.css
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.108.50 , United States, ASN399883 (CODEFORHOST-AS-ARIN, US),
Reverse DNS
daisy-us-wz2.hostever.com
Software
LiteSpeed /
Resource Hash
7a2edfc198a1a4f4573ba0147a0ef8cc9f4ac40f9b5f8bfbccdd0356efcc0625

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:18 GMT
content-encoding
br
last-modified
Sun, 22 Oct 2023 10:43:27 GMT
server
LiteSpeed
etag
"1137-6534fccf-6c1a8574;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
942
expires
Sun, 29 Oct 2023 10:51:18 GMT
logo-ha.png
immi.homeaffairs.gov.au/AssetLibrary/dist/assets/images/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://immi.homeaffairs.gov.au/AssetLibrary/dist/assets/images/logo-ha.png
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:c6::211:16b3 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8b34ff7e90893824d5247cab284ff67981a301894a3061c3f020d5f71fe347a7
Security Headers
Name Value
Content-Security-Policy report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.auscheck.gov.au https://*.CISC.gov.au https://*.cetc.gov.au https://*.osi.gov.au https://*.gov.au https://bordertv.au.vbrickrev.com https://*.translation.gov.au https://*.odwt.app
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.auscheck.gov.au https://*.CISC.gov.au https://*.cetc.gov.au https://*.osi.gov.au https://*.gov.au https://bordertv.au.vbrickrev.com https://*.translation.gov.au https://*.odwt.app
x-ms-invokeapp
1; RequireReadOnly
x-content-type-options
nosniff
date
Sun, 22 Oct 2023 10:51:18 GMT
last-modified
Thu, 07 Oct 2021 22:32:07 GMT
sprequestguid
9892e3a0-0dd2-4037-b22b-fb9f6b96a919
source
PDC35
etag
"{B3304010-F4FB-4CA4-986D-BBB61AFCD3DD},11pub"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public, max-age=86400
accept-ranges
bytes
request-id
9892e3a0-0dd2-4037-b22b-fb9f6b96a919
content-length
9080
bannerLeft.png
payment.globalvisapay.com/www.coloradosos.gov/pubs/images/Banner/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment.globalvisapay.com/www.coloradosos.gov/pubs/images/Banner/bannerLeft.png
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.108.50 , United States, ASN399883 (CODEFORHOST-AS-ARIN, US),
Reverse DNS
daisy-us-wz2.hostever.com
Software
LiteSpeed /
Resource Hash
b2617024bb21d03de130e2cc97bcc41625891460a4403b18932e9ef1239950ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:18 GMT
last-modified
Sun, 22 Oct 2023 10:43:32 GMT
server
LiteSpeed
etag
"18f9-6534fcd4-6c1b17d7;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
6393
expires
Sun, 29 Oct 2023 10:51:18 GMT
bannerRight.png
payment.globalvisapay.com/www.coloradosos.gov/pubs/images/Banner/ 		170 KB
170 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment.globalvisapay.com/www.coloradosos.gov/pubs/images/Banner/bannerRight.png
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.108.50 , United States, ASN399883 (CODEFORHOST-AS-ARIN, US),
Reverse DNS
daisy-us-wz2.hostever.com
Software
LiteSpeed /
Resource Hash
aa9101c9cca8cab009d3d92e8a6b4f119aeb4dfab9522fcb80aca481010dd4b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:18 GMT
last-modified
Sun, 22 Oct 2023 10:43:32 GMT
server
LiteSpeed
etag
"2a7e2-6534fcd4-6c1b17df;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
174050
expires
Sun, 29 Oct 2023 10:51:18 GMT
dot_clear.gif.xhtml
www.sos.state.co.us/payment-gateway/javax.faces.resource/spacer/ 		42 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sos.state.co.us/payment-gateway/javax.faces.resource/spacer/dot_clear.gif.xhtml?ln=primefaces&v=8.0
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.67.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:19 GMT
content-security-policy
frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
x-content-type-options
nosniff
strict-transport-security
max-age=16070400; includeSubDomains
last-modified
Mon, 30 Aug 2021 20:57:58 GMT
server
cloudflare
cf-cache-status
DYNAMIC
x-frame-options
SAMEORIGIN
content-type
image/gif
content-language
de-DE
cf-ray
81a12f355b249bbc-FRA
content-length
42
x-xss-protection
1; mode=block
expires
Sun, 29 Oct 2023 10:51:19 GMT
js
www.googletagmanager.com/gtag/ 		251 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-JDK6PLVHDW
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
327efaa8e9c79fd15296ab323d7d0f893016696df4585a184d53e29c90c15616
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:20 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
88218
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 22 Oct 2023 10:51:20 GMT
dot_clear.gif.xhtml
www.sos.state.co.us/payment-gateway/javax.faces.resource/spacer/ 		42 B
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sos.state.co.us/payment-gateway/javax.faces.resource/spacer/dot_clear.gif.xhtml?ln=primefaces&v=8.0
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.67.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:20 GMT
content-security-policy
frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com;
x-content-type-options
nosniff
strict-transport-security
max-age=16070400; includeSubDomains
last-modified
Mon, 30 Aug 2021 20:57:58 GMT
server
cloudflare
cf-cache-status
DYNAMIC
x-frame-options
SAMEORIGIN
content-type
image/gif
content-language
de-DE
cf-ray
81a12f3e6eb09bbc-FRA
content-length
42
x-xss-protection
1; mode=block
expires
Sun, 29 Oct 2023 10:51:20 GMT
collect
region1.google-analytics.com/g/ 		0
261 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-JDK6PLVHDW&gtm=45je3ai0&_p=986388175&cid=329203465.1697971881&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1697971880&sct=1&seg=0&dl=https%3A%2F%2Fpayment.globalvisapay.com%2F&dt=Immigration%20and%20citizenship%20-%20Payment&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JDK6PLVHDW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 Oct 2023 10:51:20 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://payment.globalvisapay.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
main.js
payment.globalvisapay.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7ff8d35b/ Frame 46AC 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payment.globalvisapay.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7ff8d35b/main.js
Requested by
Host: payment.globalvisapay.com
URL: https://payment.globalvisapay.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.247.108.50 , United States, ASN399883 (CODEFORHOST-AS-ARIN, US),
Reverse DNS
daisy-us-wz2.hostever.com
Software
LiteSpeed /
Resource Hash
434dac2a141a98ca010872b4bd15fe2e8c7d75cb3b2be25f83fbcf29473c51ac

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sun, 22 Oct 2023 10:51:20 GMT
content-encoding
br
last-modified
Sun, 22 Oct 2023 10:43:09 GMT
server
LiteSpeed
etag
"1c81-6534fcbd-6c1992ec;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
3151
expires
Sun, 29 Oct 2023 10:51:20 GMT
collect
region1.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-JDK6PLVHDW&gtm=45je3ai0&_p=986388175&cid=329203465.1697971881&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1697971880&sct=1&seg=0&dl=https%3A%2F%2Fpayment.globalvisapay.com%2F&dt=Immigration%20and%20citizenship%20-%20Payment&en=scroll&epn.percent_scrolled=90&_et=21
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JDK6PLVHDW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payment.globalvisapay.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 Oct 2023 10:51:25 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://payment.globalvisapay.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery function| autosize object| jQBrowser function| PF object| PrimeFaces function| Class object| jsf object| mojarra function| defaultCommandPay function| gtag object| dataLayer object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal

3 Cookies

Domain/Path Name / Value
.sos.state.co.us/ Name: __cf_bm
Value: _JXUS.mHnhrBiOGhX8bwK0JlFCAC8rzAA_qNTmytF9M-1697971879-0-AYZdNmy2aK+Doa9VvCQsQj9rkWKSFJG3B0K+rpF9MTgefQPIUKAiEAbxi7JX6fXxs+YZPmQB+FipM3nHrTaY7O0=
.globalvisapay.com/ Name: _ga
Value: GA1.1.329203465.1697971881
.globalvisapay.com/ Name: _ga_JDK6PLVHDW
Value: GS1.1.1697971880.1.0.1697971880.0.0.0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

immi.homeaffairs.gov.au
payment.globalvisapay.com
region1.google-analytics.com
www.googletagmanager.com
www.sos.state.co.us
104.17.67.26
104.247.108.50
2001:4860:4802:32::36
2a00:1450:4001:831::2008
2a02:26f0:c6::211:16b3
327efaa8e9c79fd15296ab323d7d0f893016696df4585a184d53e29c90c15616
3bc6502a1cb11feab43da0f3f27ed769b52f6e45c8585df652c2a58d5d8b9190
40509d57086c720aa07557e34ae53097bd9cdd44a362da9d523ff00893d49537
434dac2a141a98ca010872b4bd15fe2e8c7d75cb3b2be25f83fbcf29473c51ac
47e3423d47d6fb0f9cf84c12689b2cefba28f0e08b9b0a6a5be70cf09dc093c4
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
7a2edfc198a1a4f4573ba0147a0ef8cc9f4ac40f9b5f8bfbccdd0356efcc0625
87672c3881c40be148b737176e84b7f09b6491c92fdb1e5142492793dd56cd88
8b34ff7e90893824d5247cab284ff67981a301894a3061c3f020d5f71fe347a7
99d02c2df8caf8fa07a68d82e7a63a112635c73f03367665786b056c972e1334
aa9101c9cca8cab009d3d92e8a6b4f119aeb4dfab9522fcb80aca481010dd4b9
aeff63228b57cfd6aff1c86fd1d0cb7f0a249ddbbf3399b4a90462c1ca88aefb
afbce1c25fdf5a53db2a70243137b571d7ff67b11ae0365e6cb2dbc23bdd39c3
b2617024bb21d03de130e2cc97bcc41625891460a4403b18932e9ef1239950ef
cc4cf8ecd7785ac0a40104030db695928ad3960e2f4da77361baeeebb1ebf257
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e905ffb004e884decc0118b5596596fe6fb88fefde62113402f3f8e1ac3bba8a