urlscan.io logo urlscan.io
SecurityTrails logo

hci.best2pay.net Open in urlscan Pro
91.142.90.106  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://hci.best2pay.net/
Effective URL: https://hci.best2pay.net/index.html
Submission: On December 18 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 91.142.90.106, located in St Petersburg, Russian Federation and belongs to MIRAN-AS Miran DC, RU. The main domain is hci.best2pay.net.
TLS certificate: Issued by Thawte RSA CA 2018 on July 22nd 2020. Valid for: 2 years.
This is the only time hci.best2pay.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 91.142.90.106 41722 (MIRAN-AS ...)
2 91.142.91.134 41722 (MIRAN-AS ...)
12 3
Apex Domain
Subdomains		 Transfer
13 best2pay.net
hci.best2pay.net
test.best2pay.net
768 KB
12 1
Domain Requested by
11 hci.best2pay.net 1 redirects hci.best2pay.net
2 test.best2pay.net hci.best2pay.net
12 2

This site contains links to these domains. Also see Links.

Domain
www.paygine.com
Subject Issuer Validity Valid
hci.best2pay.net
Thawte RSA CA 2018		 2020-07-22 -
2022-09-20		 2 years crt.sh
test.best2pay.net
Thawte RSA CA 2018		 2020-02-05 -
2022-05-06		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://hci.best2pay.net/index.html
Frame ID: 4566DD9069E9DF4285FD4DD48AF18E46
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://hci.best2pay.net/ HTTP 301
    https://hci.best2pay.net/index.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

1
Countries

767 kB
Transfer

757 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hci.best2pay.net/ HTTP 301
    https://hci.best2pay.net/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
hci.best2pay.net/
Redirect Chain
  • https://hci.best2pay.net/
  • https://hci.best2pay.net/index.html
6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hci.best2pay.net/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.90.106 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
17329.vds.miran.ru
Software
Apache/2.2.15 (CentOS) /
Resource Hash
fbb95d7e82cd20cf046dccd790c2147f43a4e22ebd5ae7337b3c8d0e01253cb5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Host
hci.best2pay.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:02 GMT
Server
Apache/2.2.15 (CentOS)
Last-Modified
Mon, 22 Jun 2015 09:40:21 GMT
ETag
"a079a-1945-519180ffb8919"
Accept-Ranges
bytes
Content-Length
6469
Strict-Transport-Security
max-age=63072000
Cache-Control
no-cache,no-store,must-revalidate
Content-Security-Policy
default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Fri, 18 Dec 2020 07:05:02 GMT
Server
Apache/2.2.15 (CentOS)
Location
https://hci.best2pay.net/index.html
Content-Length
326
Keep-Alive
timeout=15, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
default.css
hci.best2pay.net/index_files/ 		8 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hci.best2pay.net/index_files/default.css
Requested by
Host: hci.best2pay.net
URL: https://hci.best2pay.net/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.90.106 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
17329.vds.miran.ru
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e71e6433204b4b8c7c3c58adeed21c53edab49f9b1723448773825c5f19b687b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hci.best2pay.net/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Apr 2015 08:38:36 GMT
Server
Apache/2.2.15 (CentOS)
ETag
"a2e53-1f87-51423db1bdb00"
X-Frame-Options
sameorigin
Connection
Keep-Alive
Content-Type
text/css
Cache-Control
no-cache,no-store,must-revalidate
Content-Security-Policy
default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security
max-age=63072000
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=98
Content-Length
8071
X-XSS-Protection
1; mode=block
fixpng.js
hci.best2pay.net/index_files/ 		602 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hci.best2pay.net/index_files/fixpng.js
Requested by
Host: hci.best2pay.net
URL: https://hci.best2pay.net/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.90.106 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
17329.vds.miran.ru
Software
Apache/2.2.15 (CentOS) /
Resource Hash
8e9a1333f93ed1ffd7274e830f20aac047d73cf2c5069ba0f7ee33ea2cb02df5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hci.best2pay.net/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Apr 2015 08:38:36 GMT
Server
Apache/2.2.15 (CentOS)
ETag
"a2e4b-25a-51423db1bdb00"
X-Frame-Options
sameorigin
Connection
Keep-Alive
Content-Type
text/javascript
Cache-Control
no-cache,no-store,must-revalidate
Content-Security-Policy
default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security
max-age=63072000
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
602
X-XSS-Protection
1; mode=block
calendar.js
hci.best2pay.net/index_files/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hci.best2pay.net/index_files/calendar.js
Requested by
Host: hci.best2pay.net
URL: https://hci.best2pay.net/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.90.106 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
17329.vds.miran.ru
Software
Apache/2.2.15 (CentOS) /
Resource Hash
9bc4499fe18c6d06eed77fed6e6e9267ce86703936b572282e7da65a27ded40a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hci.best2pay.net/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Apr 2015 08:38:36 GMT
Server
Apache/2.2.15 (CentOS)
ETag
"a2e45-1171-51423db1bdb00"
X-Frame-Options
sameorigin
Connection
Keep-Alive
Content-Type
text/javascript
Cache-Control
no-cache,no-store,must-revalidate
Content-Security-Policy
default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security
max-age=63072000
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
4465
X-XSS-Protection
1; mode=block
jquery-ui-1.css
hci.best2pay.net/index_files/ 		31 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hci.best2pay.net/index_files/jquery-ui-1.css
Requested by
Host: hci.best2pay.net
URL: https://hci.best2pay.net/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.90.106 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
17329.vds.miran.ru
Software
Apache/2.2.15 (CentOS) /
Resource Hash
823aacd2d9585db7f18d32acbf72344a6bccc8f598025989e0ccb8b66afe06d4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hci.best2pay.net/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Apr 2015 08:38:36 GMT
Server
Apache/2.2.15 (CentOS)
ETag
"a2e43-7d15-51423db1bdb00"
X-Frame-Options
sameorigin
Connection
Keep-Alive
Content-Type
text/css
Cache-Control
no-cache,no-store,must-revalidate
Content-Security-Policy
default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security
max-age=63072000
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=97
Content-Length
32021
X-XSS-Protection
1; mode=block
jquery-1.js
hci.best2pay.net/index_files/ 		262 KB
263 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hci.best2pay.net/index_files/jquery-1.js
Requested by
Host: hci.best2pay.net
URL: https://hci.best2pay.net/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.90.106 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
17329.vds.miran.ru
Software
Apache/2.2.15 (CentOS) /
Resource Hash
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hci.best2pay.net/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Apr 2015 08:38:36 GMT
Server
Apache/2.2.15 (CentOS)
ETag
"a2e46-4185d-51423db1bdb00"
X-Frame-Options
sameorigin
Connection
Keep-Alive
Content-Type
text/javascript
Cache-Control
no-cache,no-store,must-revalidate
Content-Security-Policy
default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security
max-age=63072000
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
268381
X-XSS-Protection
1; mode=block
jquery-ui-1.js
hci.best2pay.net/index_files/ 		426 KB
427 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hci.best2pay.net/index_files/jquery-ui-1.js
Requested by
Host: hci.best2pay.net
URL: https://hci.best2pay.net/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.90.106 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
17329.vds.miran.ru
Software
Apache/2.2.15 (CentOS) /
Resource Hash
afb111a8f7aa1034a52b6d545e54db35431c2b4cfe8b6c768d933260b8729e37
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hci.best2pay.net/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:03 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Apr 2015 08:38:36 GMT
Server
Apache/2.2.15 (CentOS)
ETag
"a2e40-6a9eb-51423db1bdb00"
X-Frame-Options
sameorigin
Connection
Keep-Alive
Content-Type
text/javascript
Cache-Control
no-cache,no-store,must-revalidate
Content-Security-Policy
default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security
max-age=63072000
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
436715
X-XSS-Protection
1; mode=block
best2pay.js
test.best2pay.net/webapi/js/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://test.best2pay.net/webapi/js/best2pay.js
Requested by
Host: hci.best2pay.net
URL: https://hci.best2pay.net/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.91.134 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
vl2017.ds.miran.ru
Software
Apache /
Resource Hash
dd09e9073593cf5fdc127d06ffde6dbf2d636ffbd5c1fe4c06138caed19fa9c3
Security Headers
Name Value
Content-Security-Policy default-src 'self' http://stage.vozrozhdenie.vpool.qsoft.ru/* https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com https://localhost:4435; script-src 'self' https://pay.google.com 'unsafe-inline' 'unsafe-eval' https://www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hci.best2pay.net/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:03 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 12 Sep 2017 13:12:16 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/javascript; charset=UTF8
Cache-Control
no-cache,no-store,must-revalidate
Content-Security-Policy
default-src 'self' http://stage.vozrozhdenie.vpool.qsoft.ru/* https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com https://localhost:4435; script-src 'self' https://pay.google.com 'unsafe-inline' 'unsafe-eval' https://www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src *
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3493
X-XSS-Protection
1; mode=block
best2pay-p2p.js
test.best2pay.net/webapi/js/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://test.best2pay.net/webapi/js/best2pay-p2p.js
Requested by
Host: hci.best2pay.net
URL: https://hci.best2pay.net/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.91.134 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
vl2017.ds.miran.ru
Software
Apache /
Resource Hash
840af24a3d1308db473fb96c7ba79732402a14bcb4b4633a60d0bbe045812591
Security Headers
Name Value
Content-Security-Policy default-src 'self' http://stage.vozrozhdenie.vpool.qsoft.ru/* https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com https://localhost:4435; script-src 'self' https://pay.google.com 'unsafe-inline' 'unsafe-eval' https://www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hci.best2pay.net/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:03 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 12 Sep 2017 13:12:15 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/javascript; charset=UTF8
Cache-Control
no-cache,no-store,must-revalidate
Content-Security-Policy
default-src 'self' http://stage.vozrozhdenie.vpool.qsoft.ru/* https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com https://localhost:4435; script-src 'self' https://pay.google.com 'unsafe-inline' 'unsafe-eval' https://www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src *
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3526
X-XSS-Protection
1; mode=block
logo.png
hci.best2pay.net/index_files/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hci.best2pay.net/index_files/logo.png
Requested by
Host: hci.best2pay.net
URL: https://hci.best2pay.net/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.90.106 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
17329.vds.miran.ru
Software
Apache/2.2.15 (CentOS) /
Resource Hash
c3679f3a0ee37b55e88ecb2878f76a0ae4c39470dcaa54bed90ff43db52feb17
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hci.best2pay.net/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:03 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Apr 2015 08:38:36 GMT
Server
Apache/2.2.15 (CentOS)
ETag
"a2e4e-29e1-51423db1bdb00"
X-Frame-Options
sameorigin
Connection
Keep-Alive
Content-Type
image/png
Cache-Control
no-cache,no-store,must-revalidate
Content-Security-Policy
default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security
max-age=63072000
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
10721
X-XSS-Protection
1; mode=block
bullet_go.png
hci.best2pay.net/index_files/ 		410 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hci.best2pay.net/index_files/bullet_go.png
Requested by
Host: hci.best2pay.net
URL: https://hci.best2pay.net/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.90.106 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
17329.vds.miran.ru
Software
Apache/2.2.15 (CentOS) /
Resource Hash
5f50b70fab62abe4b97c631bf8506f42ae5a5108820f3aeefb91cb7c28182461
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hci.best2pay.net/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:03 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Apr 2015 08:38:36 GMT
Server
Apache/2.2.15 (CentOS)
ETag
"a2e50-19a-51423db1bdb00"
X-Frame-Options
sameorigin
Connection
Keep-Alive
Content-Type
image/png
Cache-Control
no-cache,no-store,must-revalidate
Content-Security-Policy
default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security
max-age=63072000
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
410
X-XSS-Protection
1; mode=block
ui-bg_flat_75_ffffff_40x100.png
hci.best2pay.net/index_files/images/ 		331 B
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hci.best2pay.net/index_files/images/ui-bg_flat_75_ffffff_40x100.png
Requested by
Host: hci.best2pay.net
URL: https://hci.best2pay.net/index_files/jquery-ui-1.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.142.90.106 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS
17329.vds.miran.ru
Software
Apache/2.2.15 (CentOS) /
Resource Hash
4b32a1acf12b9b9aae3dd54a3e06b0917df366be4cfcac3b1d77db705a2bfd0d

Request headers

Referer
https://hci.best2pay.net/index_files/jquery-ui-1.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 18 Dec 2020 07:05:03 GMT
Server
Apache/2.2.15 (CentOS)
Connection
Keep-Alive
Keep-Alive
timeout=15, max=99
Content-Length
331
Content-Type
text/html; charset=iso-8859-1
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| fixPNG function| leapYear function| getDays function| getMonthName function| setCal function| drawCal function| $ function| jQuery function| Best2Pay function| Best2PayP2P object| payment function| pay259 function| pay261

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://*.best2pay.net https://*.yandex.ru https://*.webmoney.ru https://*.qiwi.com https://*.visa3dsecure.com https://*.securecode.com https://*.paysecure.ru https://paymaster.ru https://*.wmtransfer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.best2pay.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; frame-src *
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block