urlscan.io logo urlscan.io
SecurityTrails logo

customer.prd.eca.fcl.cloud Open in urlscan Pro
2600:9000:2156:fe00:1e:9db8:8c00:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://customer.prd.eca.fcl.cloud/
Submission: On June 27 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 8 domains to perform 17 HTTP transactions. The main IP is 2600:9000:2156:fe00:1e:9db8:8c00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is customer.prd.eca.fcl.cloud.
TLS certificate: Issued by Amazon on July 25th 2019. Valid for: a year.
This is the only time customer.prd.eca.fcl.cloud was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 2600:9000:215... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::c6... 13335 (CLOUDFLAR...)
2 104.111.228.123 16625 (AKAMAI-AS)
1 213.52.172.68 15830 (EQUINIX-C...)
1 2a00:1450:400... 15169 (GOOGLE)
1 23.8.7.81 20940 (AKAMAI-ASN1)
17 8
7    2600:9000:2156:fe00:1e:9db8:8c00:93a1 (United States)

ASN16509 (AMAZON-02, US)
customer.prd.eca.fcl.cloud
2    2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2606:4700::c6d9:fbfb (United States)

ASN13335 (CLOUDFLARENET, US)
songbird.cardinalcommerce.com
2    104.111.228.123 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com
www.paypalobjects.com
www.paypal.com
1    213.52.172.68 (United Kingdom)

ASN15830 (EQUINIX-CONNECT-EMEA, GB)
checkoutshopper-live.adyen.com
1    2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    23.8.7.81 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-8-7-81.deploy.static.akamaitechnologies.com
t.paypal.com
Domain Requested by
7 customer.prd.eca.fcl.cloud customer.prd.eca.fcl.cloud
2 songbird.cardinalcommerce.com customer.prd.eca.fcl.cloud
songbird.cardinalcommerce.com
2 fonts.googleapis.com customer.prd.eca.fcl.cloud
1 t.paypal.com customer.prd.eca.fcl.cloud
1 www.paypal.com www.paypalobjects.com
1 fonts.gstatic.com customer.prd.eca.fcl.cloud
1 checkoutshopper-live.adyen.com customer.prd.eca.fcl.cloud
1 www.paypalobjects.com customer.prd.eca.fcl.cloud
1 www.googletagmanager.com customer.prd.eca.fcl.cloud
17 9

This site contains no links.

Subject Issuer Validity Valid
prd.eca.fcl.cloud
Amazon		 2019-07-25 -
2020-08-25		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-06-10 -
2020-09-02		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-06-10 -
2020-09-02		 3 months crt.sh
*.cardinalcommerce.com
Thawte RSA CA 2018		 2020-05-07 -
2022-05-07		 2 years crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2020-01-09 -
2022-01-12		 2 years crt.sh
*.adyen.com
Thawte TLS RSA CA G1		 2020-01-08 -
2022-04-08		 2 years crt.sh
*.gstatic.com
GTS CA 1O1		 2020-06-10 -
2020-09-02		 3 months crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2020-01-09 -
2022-01-12		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://customer.prd.eca.fcl.cloud/
Frame ID: C2FB46B5BC806EC4C2FFF6632BC3AC22
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Trip Review and Payment

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

17
Requests

100 %
HTTPS

63 %
IPv6

8
Domains

9
Subdomains

8
IPs

4
Countries

1658 kB
Transfer

3502 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
customer.prd.eca.fcl.cloud/ 		2 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://customer.prd.eca.fcl.cloud/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2156:fe00:1e:9db8:8c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0025ca03737ab7fc727d0025b80df71ed9727dd6b22b7b9500d41acd05af2204
Security Headers
Name Value
Content-Security-Policy style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
customer.prd.eca.fcl.cloud
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
text/html
Content-Length
2256
Connection
keep-alive
Date
Fri, 26 Jun 2020 05:44:47 GMT
Last-Modified
Wed, 24 Jun 2020 10:10:58 GMT
ETag
"aa7e7e4a814f6024ef446cc68baa1239"
Accept-Ranges
bytes
Server
AmazonS3
X-XSS-Protection
1; mode=block
Content-Security-Policy
style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
Via
1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA50-C1
X-Amz-Cf-Id
hWiJo-mdkrSuKUizjLIsA36A8d802-tSooGjUe4KZ_xNmV8wJ3COjw==
Age
72149
css
fonts.googleapis.com/ 		7 KB
824 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d3838febe02ee1538a1336ac01f452a6fe7682106cd21b46cda9c40092c8e3aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 27 Jun 2020 01:45:31 GMT
server
ESF
date
Sat, 27 Jun 2020 01:47:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 27 Jun 2020 01:47:15 GMT
icon
fonts.googleapis.com/ 		574 B
442 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c641585cda99a8eb716625c70422a47d1ed8ce72b87370678175515bb2c465b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 27 Jun 2020 01:47:15 GMT
server
ESF
date
Sat, 27 Jun 2020 01:47:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 27 Jun 2020 01:47:15 GMT
main.fe389c33.chunk.css
customer.prd.eca.fcl.cloud/static/css/ 		31 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://customer.prd.eca.fcl.cloud/static/css/main.fe389c33.chunk.css
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2156:fe00:1e:9db8:8c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
17340c75a2eff8ac9d58e7934fffc1e408458d7b51aaee6a11b1e7bc190b6a17
Security Headers
Name Value
Content-Security-Policy style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 26 Jun 2020 13:29:41 GMT
Via
1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Age
44255
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
31241
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 24 Jun 2020 10:10:58 GMT
Server
AmazonS3
ETag
"17c48b7a2ffb58d76bddde441a650b3e"
Content-Type
text/css
Content-Security-Policy
style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
X-Amz-Cf-Pop
FRA50-C1
Accept-Ranges
bytes
X-Amz-Cf-Id
10bmLftcM8NGtX31hdQIqWn1mh0420BVcdZwEv4SgVTmTgSodjZCiw==
2.4d575a58.chunk.js
customer.prd.eca.fcl.cloud/static/js/ 		889 KB
891 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://customer.prd.eca.fcl.cloud/static/js/2.4d575a58.chunk.js
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2156:fe00:1e:9db8:8c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cb4ed4d0d2bea01ac204480973182911c197f0d1536c3d29f8edce214b773c48
Security Headers
Name Value
Content-Security-Policy style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
Via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Age
80054
X-Cache
Hit from cloudfront
Date
Fri, 26 Jun 2020 03:33:02 GMT
Connection
keep-alive
Content-Length
910807
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 24 Jun 2020 10:10:58 GMT
Server
AmazonS3
ETag
"6fc19951e482ebb308b99dfe0f589f93"
Content-Type
application/javascript
X-Amz-Cf-Pop
FRA50-C1
Accept-Ranges
bytes
X-Amz-Cf-Id
fbu2nKPLwuB81Oq12a9iLc4W2R8OR5iUZQWV8y_js5PHSvYw_4eLFw==
main.1530ed8f.chunk.js
customer.prd.eca.fcl.cloud/static/js/ 		164 KB
165 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://customer.prd.eca.fcl.cloud/static/js/main.1530ed8f.chunk.js
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2156:fe00:1e:9db8:8c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4455f47f19dbd411bb8559f2055853040483600fdfe60e662bb9f25ec86b4909
Security Headers
Name Value
Content-Security-Policy style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 26 Jun 2020 13:29:41 GMT
Via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Age
44255
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
167884
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 24 Jun 2020 10:10:58 GMT
Server
AmazonS3
ETag
"7cb036756f14206a100ee23ad3bf011c"
Content-Type
application/javascript
Content-Security-Policy
style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
X-Amz-Cf-Pop
FRA50-C1
Accept-Ranges
bytes
X-Amz-Cf-Id
EyGHdTs6dMhA0KQKA7A8tEaZ0d9T0JUZZ8MnMBuQTlN0EydDJ0aOkw==
gtm.js
www.googletagmanager.com/ 		85 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-58SN4SL&l=PageDataLayer&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
241c680428b832a984a2256d4723aef0496974fdb0926f3577bfd0bb73433234
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 27 Jun 2020 01:47:15 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30004
x-xss-protection
0
last-modified
Sat, 27 Jun 2020 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 27 Jun 2020 01:47:15 GMT
songbird.js
songbird.cardinalcommerce.com/edge/v1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://songbird.cardinalcommerce.com/edge/v1/songbird.js
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/static/js/main.1530ed8f.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e2dd81d97dd91e8ed037b369f96d6c794df676e38a69b851b457186bc474f4e

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 27 Jun 2020 01:47:15 GMT
content-encoding
gzip
cf-cache-status
HIT
age
142
status
200
cf-request-id
03950e2b930000beb5ae2b5200000001
last-modified
Thu, 26 Mar 2020 23:45:58 GMT
server
cloudflare
etag
W/"07facb2c83d61:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript
access-control-allow-origin
*
expires
Sat, 27 Jun 2020 05:47:15 GMT
cache-control
public, max-age=14400
cf-ray
5a9b7fbf5e8ebeb5-FRA
cf-bgj
minify
checkout.js
www.paypalobjects.com/api/ 		1 MB
232 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/api/checkout.js
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/static/js/main.1530ed8f.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
be033eda33b5540c6a5112b5abef964f8e5d6933960526e2da624b385e17c75b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 27 Jun 2020 01:47:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
236637
last-modified
Tue, 23 Jun 2020 22:05:57 GMT
server
Apache
strict-transport-security
max-age=31536000
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Sun, 28 Jun 2020 01:47:15 GMT
adyen.js
checkoutshopper-live.adyen.com/checkoutshopper/sdk/3.4.0/ 		425 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkoutshopper-live.adyen.com/checkoutshopper/sdk/3.4.0/adyen.js
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/static/js/main.1530ed8f.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.52.172.68 , United Kingdom, ASN15830 (EQUINIX-CONNECT-EMEA, GB),
Reverse DNS
Software
Apache /
Resource Hash
3b8ef028eda2e030965d3ffdd723a1c66b6145903cf0238cfeb83d60c6fb2122

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 27 Jun 2020 01:47:15 GMT
Content-Encoding
gzip
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF8
Access-Control-Allow-Origin
*
Cache-Control
max-age=600
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
logo-h.de0d45d6.svg
customer.prd.eca.fcl.cloud/static/media/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customer.prd.eca.fcl.cloud/static/media/logo-h.de0d45d6.svg
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2156:fe00:1e:9db8:8c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
19bb997fbd311cc2a3b8317fd0c950d86aa942426ea77a6d0c8574c186ac32f1
Security Headers
Name Value
Content-Security-Policy style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 27 Jun 2020 01:47:17 GMT
Via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Wed, 24 Jun 2020 10:10:58 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA50-C1
ETag
"de0d45d69f586654874f420577662133"
X-Cache
Miss from cloudfront
Content-Type
image/svg+xml
Content-Security-Policy
style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
16436
X-XSS-Protection
1; mode=block
X-Amz-Cf-Id
uV1mR4Pc6dytwedaKszbWi8K7vKuWlE7RTRqEl6UI4vAarhzsWJI-A==
error24px.b9553735.svg
customer.prd.eca.fcl.cloud/static/media/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customer.prd.eca.fcl.cloud/static/media/error24px.b9553735.svg
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2156:fe00:1e:9db8:8c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
29a97a6afe0016b98f19f29e8e25fea4f48d4e9417fb8724ab2a077ba5a4f0fb
Security Headers
Name Value
Content-Security-Policy style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
Via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Wed, 24 Jun 2020 10:10:58 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA50-C1
Date
Sat, 27 Jun 2020 01:47:17 GMT
X-Cache
RefreshHit from cloudfront
Content-Type
image/svg+xml
X-XSS-Protection
1; mode=block
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1788
ETag
"b9553735485e82d34e85908fe02cb18a"
X-Amz-Cf-Id
UBvOhFpRITSJN8u-4kgVHWdaYVuE2mQl4qqhEj0GGfwzppckLcRA2g==
logo-f.b8295b01.svg
customer.prd.eca.fcl.cloud/static/media/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://customer.prd.eca.fcl.cloud/static/media/logo-f.b8295b01.svg
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2156:fe00:1e:9db8:8c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
43c54ffbd51a9dcba5831b194b322ad64a065b98bf6af81cb4cbe48b0ae19bd2
Security Headers
Name Value
Content-Security-Policy style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 27 Jun 2020 01:47:17 GMT
Via
1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Wed, 24 Jun 2020 10:10:58 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA50-C1
ETag
"b8295b017abf9076d7710bf36e9ced75"
X-Cache
Miss from cloudfront
Content-Type
image/svg+xml
Content-Security-Policy
style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8147
X-XSS-Protection
1; mode=block
X-Amz-Cf-Id
KdflqeW1mikme_6d4b3lcQHGT7e7_MWJzqQipGYqUr02QCxEaJhKBg==
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500
Origin
https://customer.prd.eca.fcl.cloud

Response headers

date
Fri, 12 Jun 2020 20:41:36 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
1227939
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11016
x-xss-protection
0
expires
Sat, 12 Jun 2021 20:41:36 GMT
1.91ae5edca378ad3af82e.songbird.js
songbird.cardinalcommerce.com/edge/v1/91ae5edca378ad3af82e/ 		387 KB
161 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://songbird.cardinalcommerce.com/edge/v1/91ae5edca378ad3af82e/1.91ae5edca378ad3af82e.songbird.js
Requested by
Host: songbird.cardinalcommerce.com
URL: https://songbird.cardinalcommerce.com/edge/v1/songbird.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5830c31f9528c4d1f8a72863a63111363e44a31903053fa3ac4c97a231af6c91

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://customer.prd.eca.fcl.cloud/
Origin
https://customer.prd.eca.fcl.cloud

Response headers

date
Sat, 27 Jun 2020 01:47:15 GMT
content-encoding
gzip
cf-cache-status
MISS
status
200
cf-request-id
03950e2bbe0000dfbf4a818200000001
last-modified
Thu, 26 Mar 2020 23:45:58 GMT
server
cloudflare
etag
"07facb2c83d61:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=15552000
cf-ray
5a9b7fbf99d5dfbf-FRA
expires
Thu, 24 Dec 2020 01:47:15 GMT
pptm.js
www.paypal.com/tagmanager/ 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=customer.prd.eca.fcl.cloud&source=checkoutjs&t=xo&v=4.0.315
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-228-123.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7d42fd2cf7adef6e2ca9b9b706eef67e44e0f120c1435ea233807b8eda62fc55
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-+EJ7UdkfYXNefkGluWd7Xwzij8HkGYsNkJLjPRbnvWYUNlTI' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline'; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
209
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-+EJ7UdkfYXNefkGluWd7Xwzij8HkGYsNkJLjPRbnvWYUNlTI' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline'; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
x-edgeconnect-midmile-rtt
5
status
200
paypal-debug-id
cf02d15fb1886
dc
ccg11-origin-www-2.paypal.com
vary
Accept-Encoding
content-length
4456
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
date
Sat, 27 Jun 2020 01:47:16 GMT
strict-transport-security
max-age=63072000
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=3600
etag
W/"310f-FGviSVLWgsmjFEfYfieMcNrYi0M"
ts
t.paypal.com/ 		42 B
846 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Ageneric%3Aanalytics%3A%3Amerchant&page=muse%3Ageneric%3Aanalytics%3A%3Amerchant%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&fltp=analytics-generic&pt=Trip%20Review%20and%20Payment&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1593222436076&g=-120&completeurl=https%3A%2F%2Fcustomer.prd.eca.fcl.cloud%2F&sinfo=%7B%22partners%22%3A%7B%22ecwid%22%3A%7B%7D%2C%22bigCommerce%22%3A%7B%7D%2C%22shopify%22%3A%7B%7D%2C%22wix%22%3A%7B%7D%2C%22bigCartel%22%3A%7B%7D%7D%7D
Requested by
Host: customer.prd.eca.fcl.cloud
URL: https://customer.prd.eca.fcl.cloud/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.8.7.81 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a23-8-7-81.deploy.static.akamaitechnologies.com
Software
akka-http/10.1.11 /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer
https://customer.prd.eca.fcl.cloud/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Jun 2020 01:47:16 GMT
Server
akka-http/10.1.11
P3P
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
HTTP_X_PP_AZ_LOCATOR
slcb.slc
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Sat, 27 Jun 2020 01:47:16 GMT

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| webpackJsonpeca-customer-web function| setImmediate function| clearImmediate object| regeneratorRuntime number| 2f1acc6c3a606b082e5eef5e54414ffb object| PageDataLayer object| google_tag_manager function| songbirdLoader object| Cardinal object| __postRobot__ object| __zoid__ function| onLegacyPaymentAuthorize function| watchForLegacyFallback function| onLegacyFallback string| LOG_LEVEL function| __pptmLoadedWithNoContent object| paypal object| PAYPAL object| ppxo string| _a$checkoutShopperUrl string| _a$hppUrl object| core function| AdyenCheckout object| paypalDDL

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; script-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.cardinalcommerce.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://www.paypal.com; frame-src https://*.cardinalcommerce.com https://www.sandbox.paypal.com https://www.paypal.com https://checkoutshopper-test.adyen.com; connect-src https://customer-api.prd.eca.fcl.cloud https://eca-customer-tempbucket-prod.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://*.cardinalcommerce.com https://www.paypal.com; object-src 'none'; default-src 'self'; report-uri https://customer-api.prd.eca.fcl.cloud/csp/report?v=2.14.0;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

checkoutshopper-live.adyen.com
customer.prd.eca.fcl.cloud
fonts.googleapis.com
fonts.gstatic.com
songbird.cardinalcommerce.com
t.paypal.com
www.googletagmanager.com
www.paypal.com
www.paypalobjects.com
104.111.228.123
213.52.172.68
23.8.7.81
2600:9000:2156:fe00:1e:9db8:8c00:93a1
2606:4700::c6d9:fbfb
2a00:1450:4001:801::200a
2a00:1450:4001:819::2003
2a00:1450:4001:824::2008
0025ca03737ab7fc727d0025b80df71ed9727dd6b22b7b9500d41acd05af2204
17340c75a2eff8ac9d58e7934fffc1e408458d7b51aaee6a11b1e7bc190b6a17
19bb997fbd311cc2a3b8317fd0c950d86aa942426ea77a6d0c8574c186ac32f1
241c680428b832a984a2256d4723aef0496974fdb0926f3577bfd0bb73433234
29a97a6afe0016b98f19f29e8e25fea4f48d4e9417fb8724ab2a077ba5a4f0fb
3b8ef028eda2e030965d3ffdd723a1c66b6145903cf0238cfeb83d60c6fb2122
43c54ffbd51a9dcba5831b194b322ad64a065b98bf6af81cb4cbe48b0ae19bd2
4455f47f19dbd411bb8559f2055853040483600fdfe60e662bb9f25ec86b4909
5830c31f9528c4d1f8a72863a63111363e44a31903053fa3ac4c97a231af6c91
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e2dd81d97dd91e8ed037b369f96d6c794df676e38a69b851b457186bc474f4e
7d42fd2cf7adef6e2ca9b9b706eef67e44e0f120c1435ea233807b8eda62fc55
be033eda33b5540c6a5112b5abef964f8e5d6933960526e2da624b385e17c75b
c641585cda99a8eb716625c70422a47d1ed8ce72b87370678175515bb2c465b3
cb4ed4d0d2bea01ac204480973182911c197f0d1536c3d29f8edce214b773c48
d3838febe02ee1538a1336ac01f452a6fe7682106cd21b46cda9c40092c8e3aa