urlscan.io logo urlscan.io
SecurityTrails logo

www.connectandpay.com Open in urlscan Pro
18.66.147.52  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://shared.outlook.inky.com/link?domain=connectandpay.app.link&t=h.eJyNUctugzAQ_JUIqZwa8IsYR0LNpV9Q9QMWs04sjI2MqYSq_ntxTk3VQ...
Effective URL: https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firs...
Submission: On March 31 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 1 countries across 8 domains to perform 31 HTTP transactions. The main IP is 18.66.147.52, located in United States and belongs to AMAZON-02, US. The main domain is www.connectandpay.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 23rd 2023. Valid for: 5 months.
This is the only time www.connectandpay.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.214.72.57 16509 (AMAZON-02)
1 1 2600:9000:205... 16509 (AMAZON-02)
7 18.66.147.52 16509 (AMAZON-02)
3 151.101.192.176 54113 (FASTLY)
1 2600:9000:239... 16509 (AMAZON-02)
3 2606:4700::68... 13335 (CLOUDFLAR...)
10 44.240.27.26 16509 (AMAZON-02)
3 54.187.119.242 16509 (AMAZON-02)
2 99.86.4.50 16509 (AMAZON-02)
2 35.167.136.41 16509 (AMAZON-02)
31 8
1    34.214.72.57 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-214-72-57.us-west-2.compute.amazonaws.com
shared.outlook.inky.com
1    2600:9000:2057:b200:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)
connectandpay.app.link
7    18.66.147.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-52.fra60.r.cloudfront.net
www.connectandpay.com
3    151.101.192.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
1    2600:9000:2396:b200:10:474e:104a:2961 (United States)

ASN16509 (AMAZON-02, US)
cdn.auth0.com
3    2606:4700::6812:d63b (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
10    44.240.27.26 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-27-26.us-west-2.compute.amazonaws.com
tally.prod.readytouchpos.com
3    54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com
q.stripe.com
2    99.86.4.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-50.fra6.r.cloudfront.net
m.stripe.network
2    35.167.136.41 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-167-136-41.us-west-2.compute.amazonaws.com
m.stripe.com
Apex Domain
Subdomains		 Transfer
10 readytouchpos.com
tally.prod.readytouchpos.com — Cisco Umbrella Rank: 489622
5 KB
8 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1244
q.stripe.com — Cisco Umbrella Rank: 7928
m.stripe.com — Cisco Umbrella Rank: 1249
126 KB
7 connectandpay.com
www.connectandpay.com
2 MB
3 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 3575
onesignal.com — Cisco Umbrella Rank: 1243
73 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1316
16 KB
1 auth0.com
cdn.auth0.com — Cisco Umbrella Rank: 8332
32 KB
1 app.link
connectandpay.app.link
912 B
1 inky.com
shared.outlook.inky.com — Cisco Umbrella Rank: 108468
675 B
31 8
Domain Requested by
10 tally.prod.readytouchpos.com www.connectandpay.com
7 www.connectandpay.com www.connectandpay.com
3 q.stripe.com www.connectandpay.com
3 js.stripe.com www.connectandpay.com
js.stripe.com
2 m.stripe.com m.stripe.network
2 m.stripe.network js.stripe.com
m.stripe.network
2 cdn.onesignal.com www.connectandpay.com
cdn.onesignal.com
1 onesignal.com cdn.onesignal.com
1 cdn.auth0.com www.connectandpay.com
1 connectandpay.app.link 1 redirects
1 shared.outlook.inky.com 1 redirects
31 11

This site contains no links.

Subject Issuer Validity Valid
connectandpay.com
Amazon RSA 2048 M02		 2023-02-23 -
2023-07-27		 5 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2023-02-06 -
2023-05-13		 3 months crt.sh
*.auth0.com
Amazon RSA 2048 M01		 2023-02-24 -
2024-03-24		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-03 -
2023-06-02		 a year crt.sh
tally.prod.readytouchpos.com
Go Daddy Secure Certificate Authority - G2		 2022-05-06 -
2023-06-07		 a year crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-14 -
2023-06-13		 4 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-28 -
2023-07-26		 4 months crt.sh

This page contains 3 frames:

Primary Page: https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
Frame ID: 60F2A68B3FC3A14CF12A701B87E7887B
Requests: 17 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Frame ID: D8723EE52052A024CDB756361CF76144
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 0FE70418DE53148BE968C4F8B28FCBF5
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Connect & Pay

Page URL History Show full URLs

  1. https://shared.outlook.inky.com/link?domain=connectandpay.app.link&t=h.eJyNUctugzAQ_JUIqZwa8IsYR0LNpV9Q9QMWs... HTTP 303
    https://connectandpay.app.link/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540h... HTTP 307
    https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540h... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com

Page Statistics

31
Requests

100 %
HTTPS

30 %
IPv6

8
Domains

11
Subdomains

8
IPs

1
Countries

2629 kB
Transfer

9722 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://shared.outlook.inky.com/link?domain=connectandpay.app.link&t=h.eJyNUctugzAQ_JUIqZwa8IsYR0LNpV9Q9QMWs04sjI2MqYSq_ntxTk3VQw97WO3MzuzsZ7FGV5wPxS2leTnXtQ7eo07ghxm2Cua5ctaP9QdGa7bXCax7mSCOmEDrsPrUUTQt6xWHRrBBKSIHzVFxqYxqe0V1iZnU6Vu0yxNrBLmhs8Gjx3jdKh2m0ti4JA8Tdn51rnTw0AUNDjv0x_e3MoURfcdbI7ihgzzBSUrJmGDMCOxhF0WpVHk3azWkXed_lOL5UIw5BruENe0VNR5_Gq3v_i-_vddSkYEAVZI2BhvI5w9ENKrRPQfS85qeWkKparmoGpplMMv4EHF22-Ux7X1hRgwZ8eck5VfRr2-aHI56.MEUCIE-XvswQ_T1cZwFcz18Sl96A9R_-XszOUzB7ddLcWqgCAiEA6h02puAR8zp34QJsCkeBje-ViEoqjX3Qo7GbitVQMTc HTTP 303
    https://connectandpay.app.link/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799 HTTP 307
    https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request verifyEmail
www.connectandpay.com/
Redirect Chain
  • https://shared.outlook.inky.com/link?domain=connectandpay.app.link&t=h.eJyNUctugzAQ_JUIqZwa8IsYR0LNpV9Q9QMWs04sjI2MqYSq_ntxTk3VQw97WO3MzuzsZ7FGV5wPxS2leTnXtQ7eo07ghxm2Cua5ctaP9QdGa7bXCax7mSCOmEDrsP...
  • https://connectandpay.app.link/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba3...
  • https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba37...
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-52.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89644d6f38ff9f38793f2a7182f0a72811472f9d4edfd98b607ab7895525f8e9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
68646
content-encoding
gzip
content-type
text/html
date
Thu, 30 Mar 2023 05:47:18 GMT
etag
W/"22c7ed75bc0d81f525ee986f8aa31837"
last-modified
Fri, 10 Mar 2023 15:13:46 GMT
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
x-amz-cf-id
aQx8MEfLSV5ZdpcyH5BiXBN2vfo3Ydoyap26wz5GAXNojsu_jLLA6A==
x-amz-cf-pop
FRA60-P4
x-amz-server-side-encryption
AES256
x-amz-version-id
KanPInrKEKC88S2af1aXP8885kfDI2LT
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

accept-ch
Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
date
Fri, 31 Mar 2023 00:51:22 GMT
last-modified
Fri, 31 Mar 2023 00:51:22 GMT
location
https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 d07eabeb1ed60c06da1457f35fb5c8c4.cloudfront.net (CloudFront)
x-amz-cf-id
AddGW7Fk_UeozYqAKSHyimSbmDq164BdBDO3qT8qvBjpoi5LkJr1ZQ==
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
/
js.stripe.com/v3/ 		452 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
90c1754146fc632ef8649ab3f4dd672430d5f9ba8cf0024c32885838f052ba36
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Fri, 31 Mar 2023 00:51:23 GMT
via
1.1 varnish
age
45
x-cache
HIT
content-length
124550
x-request-id
d6cbde16-1018-4542-b30b-ee40a2fad38e
x-served-by
cache-fra-eddf8230133-FRA
last-modified
Thu, 30 Mar 2023 20:36:07 GMT
server
Fastly
etag
"ed997a2348184ecc5728d9c5d352fa30"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
3
auth0-spa-js.production.js
cdn.auth0.com/js/auth0-spa-js/1.20/ 		93 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.auth0.com/js/auth0-spa-js/1.20/auth0-spa-js.production.js
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2396:b200:10:474e:104a:2961 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ebf5fe084506fa53aecb68bc4d315b1e1b149b56a0465d7bc7e584ca9711c6dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id
EitoVroJxedCjH__cInQE2mReOija6xB
content-encoding
gzip
via
1.1 4f83f5e6dc65845dadaae31f510e8420.cloudfront.net (CloudFront)
date
Thu, 30 Mar 2023 22:58:26 GMT
last-modified
Mon, 07 Mar 2022 15:49:53 GMT
server
AmazonS3
x-amz-cf-pop
MCT50-P1
age
6837
etag
W/"6f0671d3b94dacd6fb2f941d42e2e623"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=10800,public
x-amz-replication-status
FAILED
x-amz-cf-id
yPQaLNF2JYA_am3np5XhQr-Q_S-cJ1ncsXatqB-hGthZimAMtC_I6g==
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
459dc02737a8127153538d8b7811fbaff4e4e0ce003936a61f2d06b3975b10e2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Fri, 31 Mar 2023 00:51:23 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
2648
etag
W/"8256f101039245592bc7dcc5496ed987"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7b049a878e4ebbe6-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Mon, 03 Apr 2023 00:51:23 GMT
runtime~app.27401809.js
www.connectandpay.com/static/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.connectandpay.com/static/js/runtime~app.27401809.js
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-52.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7656bc3ccebd611041f9484fd00713447fbad96682d02882c2737830adcd4b2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id
XvWKhupYuNuclVPhIginnlsT0TMudX0a
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
date
Fri, 31 Mar 2023 00:51:23 GMT
content-encoding
gzip
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
x-amz-server-side-encryption
AES256
age
31242
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 15:14:00 GMT
server
AmazonS3
etag
W/"43ad0db632a6bc3cc97c8a7ef39ca56c"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
x-amz-cf-id
_CiORoIVUXtZ8spgFcneiWoaWufnhBdIsnyVKgZqh4ihfve7eVFc-g==
2.646a077f.chunk.js
www.connectandpay.com/static/js/ 		6 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.connectandpay.com/static/js/2.646a077f.chunk.js
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-52.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0a68c8b058c977692390d32aa7f7186a594ca86bfd0290d0a17d55aa22401423
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id
HLB6yZoHuujpUsxs7dx1Dc1tUv17NIdM
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
date
Fri, 31 Mar 2023 00:51:23 GMT
content-encoding
gzip
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
x-amz-server-side-encryption
AES256
age
24598
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 15:13:54 GMT
server
AmazonS3
etag
W/"8ac0519828ae09ef158d58be39470115-2"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
x-amz-cf-id
syiPASnrZ2yB6211Guf25x005J6nT0uEvPNsi6pM3NrJzgrenizlrw==
app.2a38a7df.chunk.js
www.connectandpay.com/static/js/ 		2 MB
538 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.connectandpay.com/static/js/app.2a38a7df.chunk.js
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-52.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cd1f0a6b3ea18d6980b65e5ef6492c9e8d09e03e2b2462afef995dc217f24d24
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id
nJTXPHrHtQ5fq8FDft93HcC0mqavSHSS
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
date
Thu, 30 Mar 2023 13:58:32 GMT
content-encoding
gzip
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
x-amz-server-side-encryption
AES256
age
39172
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 15:13:58 GMT
server
AmazonS3
etag
W/"85ad5c128fa3373361ac8ee896023b25"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
x-amz-cf-id
IPI6BDG_m_9aIuHFxUlqMc34XAORxcUpX892AGo1LI8l6uvoB4NzxQ==
register
tally.prod.readytouchpos.com/tallyapi/auth/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/register
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.27.26 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-27-26.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://www.connectandpay.com
date
Fri, 31 Mar 2023 00:51:25 GMT
server-timing
intid;desc=a0baa6158e6c9069
x-powered-by
Express
x-request-id
11195bdd-2353-4642-9e3e-8c03ddac1a4f
FontAwesome5_Pro_Light.ttf
www.connectandpay.com/fonts/ 		481 KB
248 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.connectandpay.com/fonts/FontAwesome5_Pro_Light.ttf
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-52.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
717497bc985d1ecc01655340266562bf1bd03d6f2637c3e2b9ee56f864451f6c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.connectandpay.com/
Origin
https://www.connectandpay.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Thu, 30 Mar 2023 15:45:29 GMT
x-amz-version-id
_k9eM4NP7k_dEndKYdTj6qtJJkpODUdw
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
x-amz-server-side-encryption
AES256
age
32756
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 15:13:42 GMT
server
AmazonS3
etag
W/"0e0b8b741276d5220c847d0be486609e"
x-frame-options
DENY
vary
Accept-Encoding
content-type
font/ttf
x-amz-cf-id
Ga6zbWkrCv9AFb0wDbbeZhO6kY5XjVVhSKz25jSns9GJTpDAyWGQKw==
register
tally.prod.readytouchpos.com/tallyapi/auth/ 		91 B
474 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/register
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/static/js/2.646a077f.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.27.26 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-27-26.us-west-2.compute.amazonaws.com
Software
Jetty(9.3.5.v20151012) / Express
Resource Hash
4f3b8569a95fa6c9bbb8de29083d17f63e0f3cdfee824eb269cb489bf4345369

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 31 Mar 2023 00:51:25 GMT
server
Jetty(9.3.5.v20151012)
x-powered-by
Express
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json
access-control-allow-origin
https://www.connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=74ffad7b52ed65c1
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
91
x-request-id
df5284b7-fe1f-49e0-acda-f4f8d5a63cef
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ 		284 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151600
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19a2e703c09b3d066e18f4426c332665bf08ec02456bcccdb20d2fffe4645ab9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Fri, 31 Mar 2023 00:51:24 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
2649
etag
W/"3d37cd0d64713e75df2c67fb7c907496"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7b049a8dbacfbbe6-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Mon, 03 Apr 2023 00:51:24 GMT
m-outer-93afeeb17bc37e711759584dbfc50d47.html
js.stripe.com/v3/ Frame D872 		200 B
810 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
7436337
cache-control
max-age=31536000
content-encoding
br
content-length
122
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Fri, 31 Mar 2023 00:51:24 GMT
etag
"93afeeb17bc37e711759584dbfc50d47"
last-modified
Wed, 21 Dec 2022 18:20:45 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
432358
x-content-type-options
nosniff
x-request-id
d67dc654-598c-41fc-81bd-28c3683324cd
x-served-by
cache-fra-eddf8230133-FRA
csp-report
q.stripe.com/ Frame D872 		0
640 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 31 Mar 2023 00:51:24 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1680223884900380
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame D872 		0
641 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 31 Mar 2023 00:51:24 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1680223884900403
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
m-outer-8cb24ab2d649fd36a488d04d8c457933.js
js.stripe.com/v3/fingerprinted/js/ Frame D872 		631 B
468 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Fri, 31 Mar 2023 00:51:24 GMT
via
1.1 varnish
age
11853994
x-cache
HIT
content-length
332
x-request-id
89c1e115-7fbd-470d-9721-8fc1340eb476
x-served-by
cache-fra-eddf8230133-FRA
last-modified
Sun, 13 Nov 2022 20:03:40 GMT
server
Fastly
etag
"f8f6a4584135f737b26927596ce6e0a7"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
368317
inner.html
m.stripe.network/ Frame 0FE7 		930 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-50.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
38
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Fri, 31 Mar 2023 00:50:50 GMT
etag
"fc2e029628f163bb59adc6fa5a31161c"
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-id
JAGq7M_mdP7pBZi_QdWVqg_BcFKSsw0mk_lWhQpMCxaRuWWPWH7L5A==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
web
onesignal.com/api/v1/sync/979fc659-8f8a-42cc-b678-3ccf69ff9aa9/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/979fc659-8f8a-42cc-b678-3ccf69ff9aa9/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd92243c2a235522a37a623d29b6bd7f3637e1670d779c2ceee6ef1a0b075e87
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Fri, 31 Mar 2023 00:51:24 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
5021dd28-ed8f-4f78-ab05-54ea2523b232
x-runtime
0.028858
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"bd92243c2a235522a37a623d29b6bd7f"
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
7b049a8e0b09bbe6-FRA
access-control-allow-headers
SDK-Version
expires
Fri, 31 Mar 2023 01:51:24 GMT
csp-report
q.stripe.com/ Frame 0FE7 		0
414 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/verifyEmail?marketaccount=1ef82b93a542d9907dc3e9379f98b91c&email=chris%2540helionenergy.com&firstname=null&lastname=null&locale=en-US&token=38f43f1d76a677722422f4eba379e799&verificationtoken=38f43f1d76a677722422f4eba379e799&_branch_match_id=1170150650842006800&_branch_referrer=H4sIAAAAAAAAA42OQW6DMBAAX1PfCsF2YraS1VNeEPUBy7IuFmaNjInE75PmlluPcxjNTLWu21fbUhZhqijjikeD69qkKHN75xLDcV0wpu8Fy8wVifIu1Xccej2AwbPVI8DJjWQYjIMA%2FQAdKf6TPE0lbh%2F6bE8Tp5iFhcvv0VBeVIhlq4ILe9lTUgnfKBMm9iyfPzdV88ziTR%2BsCd3oLnhxzmlttQ6WB3xG2QGo12wkrM%2FO%2F5QHR4K24f4AAAA%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/csp-report

Response headers

x-stripe-bg-intended-route-color
green
pragma
no-cache
date
Fri, 31 Mar 2023 00:51:24 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
server
nginx
cross-origin-opener-policy
same-origin
x-stripe-client-envoy-start-time-us
1680223884900426
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
x-robots-tag
none
content-length
0
expires
0
out-4.5.42.js
m.stripe.network/ Frame 0FE7 		86 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.42.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-50.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Fri, 31 Mar 2023 00:46:30 GMT
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"21df7244385e5c0bdf32da01d0dad6c0"
age
295
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
x-amz-cf-id
-zjyR-mqPf0CURzz0IgX3xgFHeJiBPsFDa_Uf7eFu9RXg57GMqixsA==
6
m.stripe.com/ Frame 0FE7 		156 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.167.136.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-136-41.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
04082e9aa40ab939319ed9e284afb6b3a36dcf10400092450e06894f67fb58ba
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
blue
date
Fri, 31 Mar 2023 00:51:25 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1680223885006187
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
3
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1680223885005931
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
login
tally.prod.readytouchpos.com/tallyapi/auth/ 		279 B
683 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/login
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/static/js/2.646a077f.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.27.26 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-27-26.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash
61c28b3a6eeec801a24b309956055b46c64f4d4bada7863a8e2e03b99cc7cae3

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 31 Mar 2023 00:51:25 GMT
x-powered-by
Express
etag
W/"117-UfUyCa0npBZ55ThQ2wbubJs3vNQ"
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=498dc06122bf7625
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
279
x-request-id
b7855e6e-8e68-4313-ad0a-287d00b7909f
login
tally.prod.readytouchpos.com/tallyapi/auth/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/tallyapi/auth/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.27.26 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-27-26.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://www.connectandpay.com
date
Fri, 31 Mar 2023 00:51:25 GMT
server-timing
intid;desc=5174ae0d55632e84
x-powered-by
Express
x-request-id
9ddff2f6-2dc0-4666-a98c-1810cddee498
privacyversion
tally.prod.readytouchpos.com/gmaapi/gma/ 		64 B
447 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/gma/privacyversion?id=
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/static/js/2.646a077f.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.27.26 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-27-26.us-west-2.compute.amazonaws.com
Software
Jetty(9.2.30.v20200428) / Express
Resource Hash
f67ddaafea12de1f989121f23bbd4900361f4963dabb8bd1dde0699b76b861dc

Request headers

Referer
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlrZXkiOiI2YzQyY2QyNzNmNWZkNmZkYzk3NDNhZmIxNTUwMTVhOCIsInJvbGVzIjpbIjM2NXBheSJdLCJpYXQiOjE2ODAyMjM4ODUsImV4cCI6MTY4MDIzMTA4NSwic3ViIjoiNmM0MmNkMjczZjVmZDZmZGM5NzQzYWZiMTU1MDE1YTgifQ.5X5P3IF5zlZ3hPQ9ESYuIYVZMaZ0wqi97T0j-ME_BNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 31 Mar 2023 00:51:26 GMT
server
Jetty(9.2.30.v20200428)
x-powered-by
Express
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json
access-control-allow-origin
https://www.connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=adfb1ee53738b63b
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
64
x-request-id
2eae4378-50c0-4608-8f7e-204cb5ce0926
show
tally.prod.readytouchpos.com/gmaapi/mka/ 		3 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/mka/show?id=1ef82b93a542d9907dc3e9379f98b91c&app=canteen
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/static/js/2.646a077f.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.27.26 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-27-26.us-west-2.compute.amazonaws.com
Software
Jetty(9.2.30.v20200428) / Express
Resource Hash
96ebac8e8cc1ad1a38fc5831e8e8859d3c024730c76d2a735234a051f7a35896

Request headers

Referer
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlrZXkiOiI2YzQyY2QyNzNmNWZkNmZkYzk3NDNhZmIxNTUwMTVhOCIsInJvbGVzIjpbIjM2NXBheSJdLCJpYXQiOjE2ODAyMjM4ODUsImV4cCI6MTY4MDIzMTA4NSwic3ViIjoiNmM0MmNkMjczZjVmZDZmZGM5NzQzYWZiMTU1MDE1YTgifQ.5X5P3IF5zlZ3hPQ9ESYuIYVZMaZ0wqi97T0j-ME_BNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 31 Mar 2023 00:51:26 GMT
server
Jetty(9.2.30.v20200428)
x-powered-by
Express
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=eced07654c752ce8
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
3209
x-request-id
666ec53d-d90b-48cf-9632-c8373c782624
privacyversion
tally.prod.readytouchpos.com/gmaapi/gma/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/gma/privacyversion?id=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.27.26 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-27-26.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
GET
Origin
https://www.connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://www.connectandpay.com
date
Fri, 31 Mar 2023 00:51:25 GMT
server-timing
intid;desc=412dc4e3520ec300
x-powered-by
Express
x-request-id
6889da9e-8cf8-4090-aa76-e41d10313288
show
tally.prod.readytouchpos.com/gmaapi/mka/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/mka/show?id=1ef82b93a542d9907dc3e9379f98b91c&app=canteen
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.27.26 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-27-26.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
GET
Origin
https://www.connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://www.connectandpay.com
date
Fri, 31 Mar 2023 00:51:25 GMT
server-timing
intid;desc=3f6422998eeb3026
x-powered-by
Express
x-request-id
80431145-8fcc-4c4c-884a-6102815511f9
1ef82b93a542d9907dc3e9379f98b91c
tally.prod.readytouchpos.com/gmaapi/mka/ 		32 B
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/mka/1ef82b93a542d9907dc3e9379f98b91c
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/static/js/2.646a077f.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.27.26 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-27-26.us-west-2.compute.amazonaws.com
Software
Jetty(9.2.30.v20200428) / Express
Resource Hash
82c4244d50110be76e2f5f317ca3d97e3c9fedff82d589e298165dc19d0c1705

Request headers

Referer
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlrZXkiOiI2YzQyY2QyNzNmNWZkNmZkYzk3NDNhZmIxNTUwMTVhOCIsInJvbGVzIjpbIjM2NXBheSJdLCJpYXQiOjE2ODAyMjM4ODUsImV4cCI6MTY4MDIzMTA4NSwic3ViIjoiNmM0MmNkMjczZjVmZDZmZGM5NzQzYWZiMTU1MDE1YTgifQ.5X5P3IF5zlZ3hPQ9ESYuIYVZMaZ0wqi97T0j-ME_BNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 31 Mar 2023 00:51:26 GMT
server
Jetty(9.2.30.v20200428)
x-powered-by
Express
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
content-type
application/json
access-control-allow-origin
https://www.connectandpay.com
access-control-allow-credentials
true
server-timing
intid;desc=dbf29600867588e3
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
content-length
32
x-request-id
3e5dff8d-64c3-4a07-8cbc-34928ce8b5e1
1ef82b93a542d9907dc3e9379f98b91c
tally.prod.readytouchpos.com/gmaapi/mka/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tally.prod.readytouchpos.com/gmaapi/mka/1ef82b93a542d9907dc3e9379f98b91c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.27.26 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-27-26.us-west-2.compute.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
PUT
Origin
https://www.connectandpay.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Authorization
access-control-allow-methods
GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://www.connectandpay.com
date
Fri, 31 Mar 2023 00:51:26 GMT
server-timing
intid;desc=dedcd46c3176f9b3
x-powered-by
Express
x-request-id
5ea2ea04-0854-434b-8bb6-e91ebe7e5452
authenticate
www.connectandpay.com/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.connectandpay.com/authenticate?apikey=
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/static/js/2.646a077f.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-52.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89644d6f38ff9f38793f2a7182f0a72811472f9d4edfd98b607ab7895525f8e9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.connectandpay.com/
traceparent
00-54ea516f8fc64206ac67681c0f5525b4-727cce5056604951-01
request-id
|54ea516f8fc64206ac67681c0f5525b4.727cce5056604951
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type
application/json

Response headers

x-amz-version-id
KanPInrKEKC88S2af1aXP8885kfDI2LT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
date
Thu, 30 Mar 2023 05:47:18 GMT
content-encoding
gzip
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
x-amz-server-side-encryption
AES256
age
68650
x-cache
Error from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 15:13:46 GMT
server
AmazonS3
etag
W/"22c7ed75bc0d81f525ee986f8aa31837"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/html
x-amz-cf-id
pG9Qne4iUKK-jALSzw6npN75oIBvRpgyAoDcCIhk2vO55s3Axc2P7Q==
undefined
www.connectandpay.com/users/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.connectandpay.com/users/undefined?token=&newUsername=chris%40helionenergy.com&email=chris%40helionenergy.com
Requested by
Host: www.connectandpay.com
URL: https://www.connectandpay.com/static/js/2.646a077f.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-52.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89644d6f38ff9f38793f2a7182f0a72811472f9d4edfd98b607ab7895525f8e9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.connectandpay.com/
traceparent
00-54ea516f8fc64206ac67681c0f5525b4-f62a6f4f69104e90-01
request-id
|54ea516f8fc64206ac67681c0f5525b4.f62a6f4f69104e90
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type
application/json

Response headers

x-amz-version-id
KanPInrKEKC88S2af1aXP8885kfDI2LT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
date
Thu, 30 Mar 2023 05:47:18 GMT
content-encoding
gzip
via
1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
x-amz-server-side-encryption
AES256
age
68650
x-cache
Error from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 15:13:46 GMT
server
AmazonS3
etag
W/"22c7ed75bc0d81f525ee986f8aa31837"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/html
x-amz-cf-id
zrY7oq1cRPC1N5NGgFKeTqPkhU1Z5Ewt6-oLwzqVTI8AP6ntQME_0Q==
6
m.stripe.com/ Frame 0FE7 		156 B
668 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.167.136.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-136-41.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
04082e9aa40ab939319ed9e284afb6b3a36dcf10400092450e06894f67fb58ba
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
blue
date
Fri, 31 Mar 2023 00:51:28 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1680223888456342
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
3
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1680223888456057
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| webpackChunkStripeJSouter function| noop function| Stripe function| createAuth0Client function| Auth0Client object| webpackJsonp function| setImmediate function| clearImmediate object| regeneratorRuntime function| _ object| __dynProto$Gbl object| AWS function| Buffer function| Alert7 function| OneSignal object| REACT_NAVIGATION_DEVTOOLS object| __react_navigation__elements_contexts boolean| __reactResponderSystemActive number| __oneSignalSdkLoadCount function| __jp0

9 Cookies

Domain/Path Name / Value
shared.outlook.inky.com/ Name: AWSALB
Value: 8PevshNLT0WZEZdKtt3+RNGL8O9RPs3YLqTj03v6rZXnv0n+w66WMcvumPvkr1urlo5GgSzcsn4Zbx8yaYD1vr4pMTlzHeHgfanDaJ+PssmFfynWIPXKtNM3CYoW
shared.outlook.inky.com/ Name: AWSALBCORS
Value: 8PevshNLT0WZEZdKtt3+RNGL8O9RPs3YLqTj03v6rZXnv0n+w66WMcvumPvkr1urlo5GgSzcsn4Zbx8yaYD1vr4pMTlzHeHgfanDaJ+PssmFfynWIPXKtNM3CYoW
.app.link/ Name: _s
Value: fkamTy9Ja8NBYZflx3YxxhkcS9CyNxyIWoK2SFRbfF39jkkFCVcNuoPqhWvYz1ET
.onesignal.com/ Name: __cf_bm
Value: eakfhbwK2ABDFZI2MlkohAD3wBFzcRn4HFv7DPrd24w-1680223883-0-AcS1VERIHyERrpQ1dV6Jmzygg5GRZ8q2PoPRLgQzelHpiPab9rXxjVLMlOQJo5UL9SlTxwZoAH4Fc6pWTzN4h4U=
www.connectandpay.com/ Name: ai_user
Value: 7TxvjGEiOLp6kLKQuNeb0S|2023-03-31T00:51:24.133Z
www.connectandpay.com/ Name: ai_session
Value: 8m0+GTVVriIzagtKka6fQS|1680223884379|1680223884379
m.stripe.com/ Name: m
Value: 37a81799-6c2a-4c96-882a-ddfd9242a8655d0254
.www.connectandpay.com/ Name: __stripe_mid
Value: 9a21e67e-97c7-4552-b81c-e50419482821b9caf1
.www.connectandpay.com/ Name: __stripe_sid
Value: 0e2d7791-5266-4efb-98f6-183b3790374d1ad7b1

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.auth0.com
cdn.onesignal.com
connectandpay.app.link
js.stripe.com
m.stripe.com
m.stripe.network
onesignal.com
q.stripe.com
shared.outlook.inky.com
tally.prod.readytouchpos.com
www.connectandpay.com
151.101.192.176
18.66.147.52
2600:9000:2057:b200:19:9934:6a80:93a1
2600:9000:2396:b200:10:474e:104a:2961
2606:4700::6812:d63b
34.214.72.57
35.167.136.41
44.240.27.26
54.187.119.242
99.86.4.50
04082e9aa40ab939319ed9e284afb6b3a36dcf10400092450e06894f67fb58ba
0a68c8b058c977692390d32aa7f7186a594ca86bfd0290d0a17d55aa22401423
19a2e703c09b3d066e18f4426c332665bf08ec02456bcccdb20d2fffe4645ab9
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
459dc02737a8127153538d8b7811fbaff4e4e0ce003936a61f2d06b3975b10e2
4f3b8569a95fa6c9bbb8de29083d17f63e0f3cdfee824eb269cb489bf4345369
61c28b3a6eeec801a24b309956055b46c64f4d4bada7863a8e2e03b99cc7cae3
717497bc985d1ecc01655340266562bf1bd03d6f2637c3e2b9ee56f864451f6c
82c4244d50110be76e2f5f317ca3d97e3c9fedff82d589e298165dc19d0c1705
89644d6f38ff9f38793f2a7182f0a72811472f9d4edfd98b607ab7895525f8e9
90c1754146fc632ef8649ab3f4dd672430d5f9ba8cf0024c32885838f052ba36
96ebac8e8cc1ad1a38fc5831e8e8859d3c024730c76d2a735234a051f7a35896
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
bd92243c2a235522a37a623d29b6bd7f3637e1670d779c2ceee6ef1a0b075e87
cd1f0a6b3ea18d6980b65e5ef6492c9e8d09e03e2b2462afef995dc217f24d24
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebf5fe084506fa53aecb68bc4d315b1e1b149b56a0465d7bc7e584ca9711c6dc
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
f67ddaafea12de1f989121f23bbd4900361f4963dabb8bd1dde0699b76b861dc
f7656bc3ccebd611041f9484fd00713447fbad96682d02882c2737830adcd4b2