urlscan.io logo urlscan.io
SecurityTrails logo

my.paidy.com Open in urlscan Pro
54.192.150.44  Public Scan

Go To Rescan Add Verdict Report
URL: https://my.paidy.com/s/r7BQZolt3e
Submission: On November 11 via manual from IN — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 3 countries across 8 domains to perform 18 HTTP transactions. The main IP is 54.192.150.44, located in United States and belongs to AMAZON-02, US. The main domain is my.paidy.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on August 8th 2023. Valid for: a year.
This is the only time my.paidy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 54.192.150.44 16509 (AMAZON-02)
2 34.120.195.249 396982 (GOOGLE-CL...)
1 23.46.16.183 20940 (AKAMAI-ASN1)
2 142.251.12.97 15169 (GOOGLE)
2 76.223.4.74 16509 (AMAZON-02)
2 52.213.254.236 16509 (AMAZON-02)
1 216.239.38.181 15169 (GOOGLE)
1 18.203.58.141 16509 (AMAZON-02)
1 35.186.241.51 ()
18 10
5    54.192.150.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-150-44.sin2.r.cloudfront.net
my.paidy.com
2    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o56970.ingest.sentry.io
1    23.46.16.183 (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-46-16-183.deploy.static.akamaitechnologies.com
websdk.appsflyer.com
2    142.251.12.97 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f97.1e100.net
www.googletagmanager.com
2    76.223.4.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: afb2a0217d91c6dbd.awsglobalaccelerator.com
apis.paidy.com
2    52.213.254.236 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-254-236.eu-west-1.compute.amazonaws.com
wa.onelink.me
1    216.239.38.181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    18.203.58.141 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-58-141.eu-west-1.compute.amazonaws.com
wa.appsflyer.com
1    35.186.241.51 (None, )

ASN- ()
api-js.mixpanel.com
Apex Domain
Subdomains		 Transfer
7 paidy.com
my.paidy.com
apis.paidy.com
848 KB
2 onelink.me
wa.onelink.me — Cisco Umbrella Rank: 10569
813 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
149 KB
2 appsflyer.com
websdk.appsflyer.com — Cisco Umbrella Rank: 4680
wa.appsflyer.com — Cisco Umbrella Rank: 7008
15 KB
2 sentry.io
o56970.ingest.sentry.io
423 B
1 mixpanel.com
api-js.mixpanel.com
360 B
1 google.com
analytics.google.com — Cisco Umbrella Rank: 157
252 B
0 google.com.au Failed
www.google.com.au Failed
18 8
Domain Requested by
5 my.paidy.com my.paidy.com
2 wa.onelink.me my.paidy.com
2 apis.paidy.com my.paidy.com
2 www.googletagmanager.com my.paidy.com
www.googletagmanager.com
2 o56970.ingest.sentry.io my.paidy.com
1 api-js.mixpanel.com my.paidy.com
1 wa.appsflyer.com my.paidy.com
1 analytics.google.com www.googletagmanager.com
1 websdk.appsflyer.com my.paidy.com
0 www.google.com.au Failed my.paidy.com
18 10

This site contains no links.

Subject Issuer Validity Valid
*.paidy.com
Amazon RSA 2048 M03		 2023-08-08 -
2024-09-04		 a year crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-02 -
2024-12-02		 a year crt.sh
*.appsflyer.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-07-27 -
2024-07-27		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.onelink.me
Amazon RSA 2048 M02		 2023-02-04 -
2024-03-04		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.sdk.af-sdk.io
Amazon RSA 2048 M02		 2023-09-26 -
2024-10-25		 a year crt.sh
*.mixpanel.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2023-02-13 -
2024-03-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://my.paidy.com/s/r7BQZolt3e
Frame ID: B3E225CAB22361F662C6E12B754B6E95
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

お支払い | MyPaidy

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

18
Requests

94 %
HTTPS

0 %
IPv6

8
Domains

10
Subdomains

10
IPs

3
Countries

1014 kB
Transfer

3782 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request r7BQZolt3e
my.paidy.com/s/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.paidy.com/s/r7BQZolt3e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.150.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-150-44.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2c2d46e526ec848253cdcd356f86a1a3df04ad6c4b2f3df7f0f8965ce4edb6de
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com; font-src https://cdn.appsflyer.com https://fonts.gstatic.com data:; img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net *.appsflyer.com https://static.ads-twitter.com https://s.yimg.jp https://am.yahoo.co.jp https://tagmanager.google.com https://*.googletagmanager.com; style-src 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src https://www.google.com https://www.recaptcha.net; https://www.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.co.jp https://www.google.com; frame-ancestors 'none'; base-uri 'none'; form-action https://bc-pay.jp; media-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

content-encoding
gzip
content-security-policy
upgrade-insecure-requests; default-src 'none'; connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com; font-src https://cdn.appsflyer.com https://fonts.gstatic.com data:; img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net *.appsflyer.com https://static.ads-twitter.com https://s.yimg.jp https://am.yahoo.co.jp https://tagmanager.google.com https://*.googletagmanager.com; style-src 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src https://www.google.com https://www.recaptcha.net; https://www.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.co.jp https://www.google.com; frame-ancestors 'none'; base-uri 'none'; form-action https://bc-pay.jp; media-src 'self'
content-type
text/html
date
Sat, 11 Nov 2023 16:08:27 GMT
etag
W/"b4ec5eb6792417614f027d2a4d691a97"
last-modified
Tue, 07 Nov 2023 09:13:17 GMT
referrer-policy
no-referrer-when-downgrade
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 0ab36911ca4960d388d49f382630062c.cloudfront.net (CloudFront)
x-amz-cf-id
B-GTaqrpz4x2fc4CCIAWuumX0_hKqSO4NlqRAyKqGz57c184WjWiVg==
x-amz-cf-pop
SIN2-C1
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
runtime~app.2e9f1821.js
my.paidy.com/static/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.paidy.com/static/js/runtime~app.2e9f1821.js
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/s/r7BQZolt3e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.150.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-150-44.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf5179307dc84ec5a14ccca0239492462451e615bcf862c4d6a16bde628f5553
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com; font-src https://cdn.appsflyer.com https://fonts.gstatic.com data:; img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net *.appsflyer.com https://static.ads-twitter.com https://s.yimg.jp https://am.yahoo.co.jp https://tagmanager.google.com https://*.googletagmanager.com; style-src 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src https://www.google.com https://www.recaptcha.net; https://www.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.co.jp https://www.google.com; frame-ancestors 'none'; base-uri 'none'; form-action https://bc-pay.jp; media-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://my.paidy.com/s/r7BQZolt3e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sat, 11 Nov 2023 16:08:28 GMT
content-encoding
gzip
via
1.1 0ab36911ca4960d388d49f382630062c.cloudfront.net (CloudFront)
content-security-policy
upgrade-insecure-requests; default-src 'none'; connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com; font-src https://cdn.appsflyer.com https://fonts.gstatic.com data:; img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net *.appsflyer.com https://static.ads-twitter.com https://s.yimg.jp https://am.yahoo.co.jp https://tagmanager.google.com https://*.googletagmanager.com; style-src 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src https://www.google.com https://www.recaptcha.net; https://www.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.co.jp https://www.google.com; frame-ancestors 'none'; base-uri 'none'; form-action https://bc-pay.jp; media-src 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
SIN2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 07 Nov 2023 09:13:17 GMT
server
AmazonS3
etag
W/"10e90ab684dc31670ad8db85ead20410"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
x-amz-cf-id
_iTPe4Ee3fsIl1WiOIjNiQbTUr1_OaEFaV1xvVEMO-3q_aLlecjwKg==
2.8c8b6062.chunk.js
my.paidy.com/static/js/ 		2 MB
628 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.paidy.com/static/js/2.8c8b6062.chunk.js
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/s/r7BQZolt3e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.150.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-150-44.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a5935c4fa8135e7daf56941a7d79c1a98074d2b35b29e1cd0fe9090655f474f2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com; font-src https://cdn.appsflyer.com https://fonts.gstatic.com data:; img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net *.appsflyer.com https://static.ads-twitter.com https://s.yimg.jp https://am.yahoo.co.jp https://tagmanager.google.com https://*.googletagmanager.com; style-src 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src https://www.google.com https://www.recaptcha.net; https://www.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.co.jp https://www.google.com; frame-ancestors 'none'; base-uri 'none'; form-action https://bc-pay.jp; media-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://my.paidy.com/s/r7BQZolt3e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sat, 11 Nov 2023 16:08:28 GMT
content-encoding
gzip
via
1.1 0ab36911ca4960d388d49f382630062c.cloudfront.net (CloudFront)
content-security-policy
upgrade-insecure-requests; default-src 'none'; connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com; font-src https://cdn.appsflyer.com https://fonts.gstatic.com data:; img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net *.appsflyer.com https://static.ads-twitter.com https://s.yimg.jp https://am.yahoo.co.jp https://tagmanager.google.com https://*.googletagmanager.com; style-src 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src https://www.google.com https://www.recaptcha.net; https://www.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.co.jp https://www.google.com; frame-ancestors 'none'; base-uri 'none'; form-action https://bc-pay.jp; media-src 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
SIN2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 07 Nov 2023 09:13:17 GMT
server
AmazonS3
etag
W/"15eab391591bcd8d78509e57964204b3"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
x-amz-cf-id
vBfsAz7znSnkx6bZ6ZJRLG2s68wzpbnOVhRshG2laKkjDF1gE470ZQ==
app.2fe3882b.chunk.js
my.paidy.com/static/js/ 		784 KB
207 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.paidy.com/static/js/app.2fe3882b.chunk.js
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/s/r7BQZolt3e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.150.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-150-44.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
538cf2941e7ee60adf2fcaf37d4d626724848d44cdf3974ba4a8273fe486a20c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com; font-src https://cdn.appsflyer.com https://fonts.gstatic.com data:; img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net *.appsflyer.com https://static.ads-twitter.com https://s.yimg.jp https://am.yahoo.co.jp https://tagmanager.google.com https://*.googletagmanager.com; style-src 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src https://www.google.com https://www.recaptcha.net; https://www.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.co.jp https://www.google.com; frame-ancestors 'none'; base-uri 'none'; form-action https://bc-pay.jp; media-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://my.paidy.com/s/r7BQZolt3e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sat, 11 Nov 2023 16:08:28 GMT
content-encoding
gzip
via
1.1 0ab36911ca4960d388d49f382630062c.cloudfront.net (CloudFront)
content-security-policy
upgrade-insecure-requests; default-src 'none'; connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com; font-src https://cdn.appsflyer.com https://fonts.gstatic.com data:; img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net *.appsflyer.com https://static.ads-twitter.com https://s.yimg.jp https://am.yahoo.co.jp https://tagmanager.google.com https://*.googletagmanager.com; style-src 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src https://www.google.com https://www.recaptcha.net; https://www.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.co.jp https://www.google.com; frame-ancestors 'none'; base-uri 'none'; form-action https://bc-pay.jp; media-src 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
SIN2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 07 Nov 2023 09:13:17 GMT
server
AmazonS3
etag
W/"a824ebc5a7849599ba300b714cb767ee"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
x-amz-cf-id
pcnjE66SEFAbonNioX0T_TjPG_jVilbSRHeJh0YW3ufyYkm7GOhCbA==
/
o56970.ingest.sentry.io/api/6327384/envelope/ 		2 B
324 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o56970.ingest.sentry.io/api/6327384/envelope/?sentry_key=95d2f3934beb442fad6af98c3f4228fa&sentry_version=7&sentry_client=sentry.javascript.react%2F7.37.2
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/static/js/2.8c8b6062.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://my.paidy.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 11 Nov 2023 16:08:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
/
websdk.appsflyer.com/ 		51 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://websdk.appsflyer.com/?st=banners,pba&
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/static/js/app.2fe3882b.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.46.16.183 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-46-16-183.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
ce6d7f008824d9f6af00150bf70a49369a24381165b5808efa74e68518e6d58d

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://my.paidy.com/s/r7BQZolt3e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Sat, 11 Nov 2023 16:08:28 GMT
Content-Encoding
gzip
x-amz-request-id
S75ZK80VA8WCWQZM
x-amz-server-side-encryption
AES256
Connection
keep-alive
Content-Length
14450
x-amz-id-2
RhaWM+RvMUyuq9E/bVMt+fGoHQfchqL51+7W6lEUBJvZ2A+0eYoxgCoB+mBncW5CGLqaHeAFuFg=
Last-Modified
Wed, 14 Jun 2023 06:58:46 GMT
Server
AmazonS3
ETag
"ad6e8ace01357e7c84957fc6fc296d42"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=3387
Accept-Ranges
bytes
X-DataStream-Cache-Status
1
Expires
Sat, 11 Nov 2023 17:04:55 GMT
gtm.js
www.googletagmanager.com/ 		180 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-K3BK4J7&l=dataLayer
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/static/js/app.2fe3882b.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
c57dd1913a5907f52e1092237e0519b7107e665af72b18f7d1e4cbadda702431
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://my.paidy.com/s/r7BQZolt3e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sat, 11 Nov 2023 16:08:28 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64651
x-xss-protection
0
last-modified
Sat, 11 Nov 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 11 Nov 2023 16:08:28 GMT
public
apis.paidy.com/paidy/consumers/graphql/ 		390 B
909 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apis.paidy.com/paidy/consumers/graphql/public
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/static/js/2.8c8b6062.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.4.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb2a0217d91c6dbd.awsglobalaccelerator.com
Software
Paidy /
Resource Hash
2170b103b48027b94d2ff83ba86549342a1f9d5dd3ce005ddcb863b89bfa3401
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

App-Version
3.30.2
accept
*/*
Device-Type
WEB
Referer
https://my.paidy.com/s/r7BQZolt3e
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type
application/json

Response headers

date
Sat, 11 Nov 2023 16:08:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-datadog-parent-id
0
content-length
390
x-datadog-sampling-decision
0
server
Paidy
access-control-max-age
1800
access-control-allow-methods
DELETE,GET,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
https://my.paidy.com
x-frame-options
SAMEORIGIN
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
x-datadog-trace-id
111392778423426878
access-control-allow-headers
Authorization,Content-Type,Accept,Origin,App-Version,Device-Id,Device-Model,Device-Manufacturer,Device-Type,*
logo.fe4b4eb4.png
my.paidy.com/static/media/ 		6 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.paidy.com/static/media/logo.fe4b4eb4.png
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/s/r7BQZolt3e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.150.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-150-44.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2dfac4041986bb7c375c642799c09a2c342aacb19e1d260c1d6b67b5c3ab611a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com; font-src https://cdn.appsflyer.com https://fonts.gstatic.com data:; img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net *.appsflyer.com https://static.ads-twitter.com https://s.yimg.jp https://am.yahoo.co.jp https://tagmanager.google.com https://*.googletagmanager.com; style-src 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src https://www.google.com https://www.recaptcha.net; https://www.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.co.jp https://www.google.com; frame-ancestors 'none'; base-uri 'none'; form-action https://bc-pay.jp; media-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://my.paidy.com/s/r7BQZolt3e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sat, 11 Nov 2023 16:08:29 GMT
via
1.1 0ab36911ca4960d388d49f382630062c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests; default-src 'none'; connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com; font-src https://cdn.appsflyer.com https://fonts.gstatic.com data:; img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net *.appsflyer.com https://static.ads-twitter.com https://s.yimg.jp https://am.yahoo.co.jp https://tagmanager.google.com https://*.googletagmanager.com; style-src 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src https://www.google.com https://www.recaptcha.net; https://www.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.co.jp https://www.google.com; frame-ancestors 'none'; base-uri 'none'; form-action https://bc-pay.jp; media-src 'self'
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
SIN2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
6010
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 07 Nov 2023 09:13:20 GMT
server
AmazonS3
etag
"ad1067aaeb219f9ac403f1e60e0fcba2"
x-frame-options
DENY
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
7dZYD57ASnhckjLGMAPiSxZuOalLuLR4cB0Na-NjT6Hak0wGgqvhyQ==
public
apis.paidy.com/paidy/consumers/graphql/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://apis.paidy.com/paidy/consumers/graphql/public
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.4.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb2a0217d91c6dbd.awsglobalaccelerator.com
Software
Paidy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Access-Control-Request-Headers
app-version,content-type,device-type
Access-Control-Request-Method
POST
Origin
https://my.paidy.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Authorization,Content-Type,Accept,Origin,App-Version,Device-Id,Device-Model,Device-Manufacturer,Device-Type,*
access-control-allow-methods
DELETE,GET,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://my.paidy.com
access-control-max-age
1800
content-length
383
content-type
text/html; charset=utf-8
date
Sat, 11 Nov 2023 16:08:28 GMT
permissions-policy
interest-cohort=()
server
Paidy
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
js
www.googletagmanager.com/gtag/ 		248 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-BY9KVJNH1N&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K3BK4J7&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
f67f0cffca82904a18c78511b5f92e5e8b63808682b81957fca2953332cd4c79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://my.paidy.com/s/r7BQZolt3e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sat, 11 Nov 2023 16:08:28 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
87398
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 11 Nov 2023 16:08:28 GMT
onelink
wa.onelink.me/v1/ 		13 B
314 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wa.onelink.me/v1/onelink
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/static/js/2.8c8b6062.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.213.254.236 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-254-236.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://my.paidy.com/s/r7BQZolt3e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://my.paidy.com
Date
Sat, 11 Nov 2023 16:08:29 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
13
Content-Type
application/json
collect
analytics.google.com/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-BY9KVJNH1N&gtm=45je3b81v9122386389z89118931610&_p=1699718907814&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1854392770.1699718909&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1699718908&sct=1&seg=0&dl=https%3A%2F%2Fmy.paidy.com%2Fs%2Fr7BQZolt3e&dt=%E3%81%8A%E6%94%AF%E6%89%95%E3%81%84%20%7C%20MyPaidy&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=my.paidy.com%2Fs%2F__code__&tfd=3165
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BY9KVJNH1N&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.38.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://my.paidy.com/s/r7BQZolt3e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 11 Nov 2023 16:08:29 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://my.paidy.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com.au/ads/ 		0
0
truncated
/ 		454 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5d28c13a046575288d00155b10c2b4e5305d424ce4fa616f038460fb8f1025c3

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		306 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7294d90fa7b84e0d159053800ea8e9762f9019838297372eceebbcd55e9c221d

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type
image/png
events
wa.appsflyer.com/ 		73 B
516 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wa.appsflyer.com/events?site-id=fceb3877-f4b3-4bcd-ab1b-adce7a7e3eba
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/static/js/2.8c8b6062.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.203.58.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-203-58-141.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
088135e87d603218e70b6e6f940662f70462b4c1c4713a20ddf313ddc9f096a1

Request headers

Referer
https://my.paidy.com/s/r7BQZolt3e
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-type
text/plain

Response headers

Access-Control-Allow-Origin
https://my.paidy.com
Date
Sat, 11 Nov 2023 16:08:30 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
73
Content-Type
application/json
onelink
wa.onelink.me/v1/ 		51 B
499 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wa.onelink.me/v1/onelink?af_id=adc5431b-fab8-4147-afe8-32e1b5d599a6-p
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/static/js/2.8c8b6062.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.213.254.236 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-254-236.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4f7304fa0923d9cc0b7c998dbd7cb53d559667918edfa0a897c223429caf7f9b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://my.paidy.com/s/r7BQZolt3e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://my.paidy.com
Date
Sat, 11 Nov 2023 16:08:30 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
51
Content-Type
application/json
/
o56970.ingest.sentry.io/api/6327384/envelope/ 		41 B
99 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o56970.ingest.sentry.io/api/6327384/envelope/?sentry_key=95d2f3934beb442fad6af98c3f4228fa&sentry_version=7&sentry_client=sentry.javascript.react%2F7.37.2
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/static/js/2.8c8b6062.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e040f28df8e4fbbe0b845ccd7cb78d85d0b4a9cb0eab2938926dfd5fcc0f9ec7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://my.paidy.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 11 Nov 2023 16:08:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
/
api-js.mixpanel.com/track/ 		25 B
360 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-js.mixpanel.com/track/?verbose=1&ip=1&_=1699718912798
Requested by
Host: my.paidy.com
URL: https://my.paidy.com/static/js/2.8c8b6062.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.241.51 -, , ASN (),
Reverse DNS
Software
envoy /
Resource Hash
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

Referer
https://my.paidy.com/s/r7BQZolt3e
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=604800; includeSubDomains
date
Sat, 11 Nov 2023 16:08:33 GMT
via
1.1 google
server
envoy
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://my.paidy.com
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
33
access-control-allow-headers
X-Requested-With
content-length
25
alt-svc
clear

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.com.au
URL
https://www.google.com.au/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-BY9KVJNH1N&cid=1854392770.1699718909&gtm=45je3b81v9122386389z89118931610&aip=1&dma=0&gcd=11l1l1l1l1&z=530227554

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| webpackJsonp object| regeneratorRuntime object| __SENTRY__ function| setImmediate function| clearImmediate function| _ string| AppsFlyerSdkObject function| AF object| dataLayer boolean| __reactResponderSystemActive object| google_tag_manager object| google_tag_data object| AF_cleanupMethods object| AF_SDK function| onYouTubeIframeAPIReady object| gaGlobal

7 Cookies

Domain/Path Name / Value
.paidy.com/ Name: mp_ed67017e77857eaee53344b82d3f4293_mixpanel
Value: %7B%22distinct_id%22%3A%20%2218bbf2447991f2-0e73528ea9c618-66385e53-1d4c00-18bbf24479b7be%22%2C%22%24device_id%22%3A%20%2218bbf2447991f2-0e73528ea9c618-66385e53-1d4c00-18bbf24479b7be%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22Platform%22%3A%20%22Web%22%2C%22Product%22%3A%20%22Paidy%20Web%202.0%22%2C%22JS%20Version%22%3A%20%223.30.2%22%7D
.paidy.com/ Name: _ga_BY9KVJNH1N
Value: GS1.1.1699718908.1.0.1699718908.60.0.0
.paidy.com/ Name: _ga
Value: GA1.1.1854392770.1699718909
.appsflyer.com/ Name: af_id
Value: adc5431b-fab8-4147-afe8-32e1b5d599a6-p
.paidy.com/ Name: afUserId
Value: adc5431b-fab8-4147-afe8-32e1b5d599a6-p
.onelink.me/ Name: af_id
Value: adc5431b-fab8-4147-afe8-32e1b5d599a6-p
.paidy.com/ Name: AF_SYNC
Value: 1699718911082

5 Console Messages

Source Level URL
Text
network error URL: https://my.paidy.com/s/r7BQZolt3e
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://my.paidy.com/s/r7BQZolt3e
Message:
The Content-Security-Policy directive name 'https://www.google.com' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security error URL: https://my.paidy.com/s/r7BQZolt3e
Message:
Ignoring duplicate Content-Security-Policy directive 'img-src'.
security error URL: https://www.googletagmanager.com/gtag/js?id=G-BY9KVJNH1N&l=dataLayer&cx=c(Line 170)
Message:
Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-BY9KVJNH1N&cid=1854392770.1699718909&gtm=45je3b81v9122386389z89118931610&aip=1&dma=0&gcd=11l1l1l1l1' because it violates the following Content Security Policy directive: "connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com".
security error URL: https://my.paidy.com/s/r7BQZolt3e
Message:
Refused to load the image 'https://www.google.com.au/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-BY9KVJNH1N&cid=1854392770.1699718909&gtm=45je3b81v9122386389z89118931610&aip=1&dma=0&gcd=11l1l1l1l1&z=530227554' because it violates the following Content Security Policy directive: "img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests; default-src 'none'; connect-src https://apis.paidy.com https://paidy.com/contentful-data/auto-debit-date.json https://o56970.ingest.sentry.io https://api-js.mixpanel.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://wa.appsflyer.com https://wa.onelink.me https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com; font-src https://cdn.appsflyer.com https://fonts.gstatic.com data:; img-src 'self' data: https://store.storeimages.cdn-apple.com https://as-images.apple.com https://images.ctfassets.net https://impressions.onelink.me https://analytics.twitter.com https://t.co https://www.google.com https://www.google.co.jp www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/enterprise.js https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net *.appsflyer.com https://static.ads-twitter.com https://s.yimg.jp https://am.yahoo.co.jp https://tagmanager.google.com https://*.googletagmanager.com; style-src 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src https://www.google.com https://www.recaptcha.net; https://www.google.com; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.co.jp https://www.google.com; frame-ancestors 'none'; base-uri 'none'; form-action https://bc-pay.jp; media-src 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
api-js.mixpanel.com
apis.paidy.com
my.paidy.com
o56970.ingest.sentry.io
wa.appsflyer.com
wa.onelink.me
websdk.appsflyer.com
www.google.com.au
www.googletagmanager.com
www.google.com.au
142.251.12.97
18.203.58.141
216.239.38.181
23.46.16.183
34.120.195.249
35.186.241.51
52.213.254.236
54.192.150.44
76.223.4.74
088135e87d603218e70b6e6f940662f70462b4c1c4713a20ddf313ddc9f096a1
2170b103b48027b94d2ff83ba86549342a1f9d5dd3ce005ddcb863b89bfa3401
2c2d46e526ec848253cdcd356f86a1a3df04ad6c4b2f3df7f0f8965ce4edb6de
2dfac4041986bb7c375c642799c09a2c342aacb19e1d260c1d6b67b5c3ab611a
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4f7304fa0923d9cc0b7c998dbd7cb53d559667918edfa0a897c223429caf7f9b
538cf2941e7ee60adf2fcaf37d4d626724848d44cdf3974ba4a8273fe486a20c
5d28c13a046575288d00155b10c2b4e5305d424ce4fa616f038460fb8f1025c3
7294d90fa7b84e0d159053800ea8e9762f9019838297372eceebbcd55e9c221d
a5935c4fa8135e7daf56941a7d79c1a98074d2b35b29e1cd0fe9090655f474f2
c57dd1913a5907f52e1092237e0519b7107e665af72b18f7d1e4cbadda702431
ce6d7f008824d9f6af00150bf70a49369a24381165b5808efa74e68518e6d58d
cf5179307dc84ec5a14ccca0239492462451e615bcf862c4d6a16bde628f5553
e040f28df8e4fbbe0b845ccd7cb78d85d0b4a9cb0eab2938926dfd5fcc0f9ec7
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f67f0cffca82904a18c78511b5f92e5e8b63808682b81957fca2953332cd4c79