urlscan.io logo urlscan.io
SecurityTrails logo

www.paypal.com Open in urlscan Pro
2.18.232.222  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3y...
Effective URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Submission: On May 02 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 6 countries across 16 domains to perform 51 HTTP transactions. The main IP is 2.18.232.222, located in European Union and belongs to AKAMAI-AS - Akamai Technologies, Inc., US. The main domain is www.paypal.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on August 14th 2018. Valid for: 2 years.
This is the only time www.paypal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 3 2606:4700:30:... 13335 (CLOUDFLAR...)
2 18.185.191.84 16509 (AMAZON-02)
1 195.181.174.3 60068 (CDN77)
1 172.217.23.162 15169 (GOOGLE)
1 4 2a00:1450:400... 15169 (GOOGLE)
6 2a03:2880:f02... 32934 (FACEBOOK)
1 5 2a02:6b8::1:119 13238 (YANDEX)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f12... 32934 (FACEBOOK)
1 1 2606:4700:30:... 13335 (CLOUDFLAR...)
2 25 2.18.232.222 16625 (AKAMAI-AS)
1 1 23.67.137.8 20940 (AKAMAI-ASN1)
1 2 176.120.18.70 198911 (BML-AS)
1 2a02:26f0:f1:... 20940 (AKAMAI-ASN1)
51 15
3    2606:4700:30::681f:4fcd (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
legionfarm.com
2    18.185.191.84 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-185-191-84.eu-central-1.compute.amazonaws.com
widget.manychat.com
manychat.com
1    195.181.174.3 (United Kingdom)

ASN60068 (CDN77, GB)
PTR: frankfurt-1.cdn77.com
cdn.sendpulse.com
1    172.217.23.162 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s22-in-f2.1e100.net
www.googleadservices.com
4    2a00:1450:4001:814::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
6    2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net
staticxx.facebook.com
5    2a02:6b8::1:119 (Russian Federation)

ASN13238 (YANDEX, RU)
mc.yandex.ru
1    2a00:1450:4001:81f::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
googleads.g.doubleclick.net
2    2a00:1450:4001:819::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
2    2a00:1450:4001:81d::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.de
1    2a00:1450:400c:c0c::9a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net
1    2a00:1450:4001:81d::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
2    2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com
1    2606:4700:30::681c:126c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
api.ggrocket.ai
25    2.18.232.222 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-222.deploy.static.akamaitechnologies.com
www.paypal.com
www.paypalobjects.com
c.paypal.com
t.paypal.com
1    23.67.137.8 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-137-8.deploy.static.akamaitechnologies.com
ak1s.abmr.net
2    176.120.18.70 (United States)

ASN198911 (BML-AS, US)
b.stats.paypal.com
dub.stats.paypal.com
1    2a02:26f0:f1:295::424d (European Union)

ASN20940 (AKAMAI-ASN1, US)
c6.paypal.com
Domain Requested by
13 www.paypalobjects.com 1 redirects www.paypal.com
www.paypalobjects.com
6 www.paypal.com 1 redirects legionfarm.com
www.paypal.com
5 c.paypal.com www.paypal.com
c.paypal.com
5 mc.yandex.ru 1 redirects legionfarm.com
5 connect.facebook.net legionfarm.com
connect.facebook.net
4 www.google-analytics.com 1 redirects legionfarm.com
www.google-analytics.com
3 legionfarm.com 1 redirects legionfarm.com
2 www.facebook.com legionfarm.com
2 www.google.de legionfarm.com
2 www.google.com 1 redirects legionfarm.com
1 t.paypal.com
1 c6.paypal.com
1 dub.stats.paypal.com
1 b.stats.paypal.com 1 redirects
1 ak1s.abmr.net 1 redirects
1 api.ggrocket.ai 1 redirects
1 fonts.googleapis.com manychat.com
1 staticxx.facebook.com connect.facebook.net
1 stats.g.doubleclick.net 1 redirects
1 manychat.com widget.manychat.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com legionfarm.com
1 cdn.sendpulse.com legionfarm.com
1 widget.manychat.com legionfarm.com
51 24

This site contains no links.

Subject Issuer Validity Valid
sni215450.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-04-01 -
2019-10-08		 6 months crt.sh
widget.manychat.com
Sectigo RSA Domain Validation Secure Server CA		 2019-03-27 -
2021-03-26		 2 years crt.sh
*.sendpulse.com
COMODO RSA Domain Validation Secure Server CA		 2018-10-30 -
2020-10-29		 2 years crt.sh
www.googleadservices.com
Google Internet Authority G3		 2019-03-26 -
2019-06-18		 3 months crt.sh
*.google-analytics.com
Google Internet Authority G3		 2019-04-16 -
2019-07-09		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2019-03-08 -
2019-06-06		 3 months crt.sh
bs.yandex.ru
Yandex CA		 2018-10-03 -
2019-10-03		 a year crt.sh
*.g.doubleclick.net
Google Internet Authority G3		 2019-03-26 -
2019-06-18		 3 months crt.sh
manychat.com
COMODO RSA Domain Validation Secure Server CA		 2018-02-06 -
2021-05-05		 3 years crt.sh
www.google.com
Google Internet Authority G3		 2019-03-26 -
2019-06-18		 3 months crt.sh
www.google.de
Google Internet Authority G3		 2019-04-16 -
2019-07-09		 3 months crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-04-16 -
2019-07-09		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2018-08-14 -
2020-08-18		 2 years crt.sh
b.stats.paypal.com
DigiCert SHA2 High Assurance Server CA		 2018-02-16 -
2020-04-29		 2 years crt.sh

This page contains 4 frames:

Primary Page: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Frame ID: 29E9D660E7E4C558ABEED825BA1B0174
Requests: 44 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/d_vbiawPdxB.js?version=44
Frame ID: 6D2925EF65085CAC41E03735A04B91B5
Requests: 1 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/counter2.cgi
Frame ID: BF65F357FE468C745A9B94890AC1952D
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Frame ID: 1CD73E05C6AF5855C08708FEEEEBFED3
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign... Page URL
  2. https://legionfarm.com/payment-redirect?id=CB03B3&count_redirect=1 HTTP 302
    https://api.ggrocket.ai/order/check?code=CB03B3&id=31076 HTTP 302
    https://www.paypal.com/cgi-bin/webscr?business=payment%40ggrocket.ai&item_id=17975&item_name_1=YOUR... HTTP 302
    https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • env /^PAYPAL$/i
Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i
Overall confidence: 100%
Detected patterns
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • env /^Modernizr$/i

Page Statistics

51
Requests

100 %
HTTPS

67 %
IPv6

16
Domains

24
Subdomains

15
IPs

6
Countries

966 kB
Transfer

3261 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU Page URL
  2. https://legionfarm.com/payment-redirect?id=CB03B3&count_redirect=1 HTTP 302
    https://api.ggrocket.ai/order/check?code=CB03B3&id=31076 HTTP 302
    https://www.paypal.com/cgi-bin/webscr?business=payment%40ggrocket.ai&item_id=17975&item_name_1=YOUR+ORDER+%23CB03B3&amount_1=0&item_name_2=Not+forgotten+%28I+have+2100+glory+rank+and+luna%27s+howl%29&amount_2=245&item_name_3=PayPal+commission+%285%25%29&amount_3=12.25&upload=1&no_shipping=1&currency_code=USD&cmd=_cart&invoice=CB03B3&notify_url=https%3A%2F%2Fapi.ggrocket.ai%2Forder%2Fpayment-confirm&return=https%3A%2F%2Fapi.ggrocket.ai%2Forder%2Fgo-to%3Fcode%3DCB03B3 HTTP 302
    https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://www.google-analytics.com/r/collect?v=1&_v=j73&a=144174463&t=pageview&_s=1&dl=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&exp=UBMikZ3USD-4E2SZ5-Qrrg.0&_u=aGBAAEILQ~&jid=1392253265&gjid=1035729662&cid=201011316.1556763502&tid=UA-84657436-1&_gid=1021129385.1556763502&_r=1&cd1=201011316.1556763502&z=237093252 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-84657436-1&cid=201011316.1556763502&jid=1392253265&_gid=1021129385.1556763502&gjid=1035729662&_v=j73&z=237093252 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-84657436-1&cid=201011316.1556763502&jid=1392253265&_v=j73&z=237093252 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-84657436-1&cid=201011316.1556763502&jid=1392253265&_v=j73&z=237093252&slf_rd=1&random=464486872
Request Chain 18
  • https://mc.yandex.ru/watch/39796710?wmode=7&page-url=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&charset=utf-8&browser-info=ti%3A10%3Ans%3A1556763500118%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20190502021822%3Aet%3A1556763502%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A968667177%3Ahid%3A263616240%3Ads%3A0%2C36%2C1985%2C1%2C0%2C0%2C0%2C50%2C1%2C%2C%2C%2C2075%3Afp%3A2040%3Awn%3A60444%3Ahl%3A2%3Agdpr%3A14%3Av%3A1548%3Awv%3A2%3Ast%3A1556763502%3Au%3A1556763502807250943 HTTP 302
  • https://mc.yandex.ru/watch/39796710/1?wmode=7&page-url=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&charset=utf-8&browser-info=ti%3A10%3Ans%3A1556763500118%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20190502021822%3Aet%3A1556763502%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A968667177%3Ahid%3A263616240%3Ads%3A0%2C36%2C1985%2C1%2C0%2C0%2C0%2C50%2C1%2C%2C%2C%2C2075%3Afp%3A2040%3Awn%3A60444%3Ahl%3A2%3Agdpr%3A14%3Av%3A1548%3Awv%3A2%3Ast%3A1556763502%3Au%3A1556763502807250943
Request Chain 30
  • https://www.paypalobjects.com/images/checkout/hermes/hermes_window_sprite_v16.png HTTP 302
  • https://ak1s.abmr.net/is/www.paypalobjects.com?U=/images/checkout/hermes/hermes_window_sprite_v16.png&V=3-bGmRhlhBrFTnrByyVhBSgumrAACXZR58bYTpf7tDPXHeJYniT%2f5kcX+fHYfPGoke&I=C81459B39F1B3F0&D=paypalobjects.com&01AD=1& HTTP 302
  • https://www.paypalobjects.com/images/checkout/hermes/hermes_window_sprite_v16.png?01AD=3btuabsi2jCMO3H57zmDoul6lCbrkafAQaxaZdm7X8C3iGCM_d11w1w&01RI=C81459B39F1B3F0&01NA=na
Request Chain 41
  • https://b.stats.paypal.com/v1/counter.cgi?r=cD05VEcwNTM0MEdEODU4MTAxNCZpPTE4NS4yMjAuNzAuMjM2JnQ9MTU1Njc2MzUwNi41NzImYT0yMSZzPVVOSUZJRURfTE9HSU7oahtvyl-RCUtIcBzXxXABRQAqxQ HTTP 302
  • https://dub.stats.paypal.com/counter2.cgi

51 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
payment-redirect
legionfarm.com/ 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:4fcd , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d096ba39d024609e68b670e9a272887199f4bedad037d399dc4cc3fe61a65b59

Request headers

:method
GET
:authority
legionfarm.com
:scheme
https
:path
/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Thu, 02 May 2019 02:18:22 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=df549df20cea05bd9244748a8444f160c1556763500; expires=Fri, 01-May-20 02:18:20 GMT; path=/; domain=.legionfarm.com; HttpOnly legion-app=mr2g3rihpqe4up0hau1kufil7b; expires=Thu, 09-May-2019 02:18:22 GMT; Max-Age=604800; path=/ track=2a748d3d9943d891edfdbffb8294346de8b92748f6e30c156db3ff6ac0213f89a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22track%22%3Bi%3A1%3Ba%3A1%3A%7Bi%3A0%3Bi%3A26914%3B%7D%7D; expires=Thu, 05-Dec-2019 02:18:22 GMT; Max-Age=18748800; path=/; HttpOnly cookie_country_code=0d8c6f66baadd64ad293beeac96aa21d4228a6c5c771239fe23352fcc4e2f235a%3A2%3A%7Bi%3A0%3Bs%3A19%3A%22cookie_country_code%22%3Bi%3A1%3Bs%3A2%3A%22ZZ%22%3B%7D; path=/; HttpOnly
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
vary
Accept-Encoding
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4d068103fe24c2a4-FRA
content-encoding
br
a509f69d5c433cdbefa63b862f414d1b.js
legionfarm.com/assets/js-compress/ 		136 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://legionfarm.com/assets/js-compress/a509f69d5c433cdbefa63b862f414d1b.js?v=1554802960
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681f:4fcd , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0b3ccae5daec128e92d6eff2fa2ec7fd3319e9bdb796056d7952586a4e7dff6

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:22 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
server
cloudflare
etag
W/"21e3d-58615c6222dfb-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=604800
cf-polished
origSize=138813
last-modified
Tue, 09 Apr 2019 09:42:40 GMT
cf-ray
4d0681106aefc2a4-FRA
expires
Thu, 09 May 2019 02:18:22 GMT
1207577746055757.js
widget.manychat.com/ 		522 B
617 B 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.manychat.com/1207577746055757.js
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.185.191.84 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-185-191-84.eu-central-1.compute.amazonaws.com
Software
openresty/1.13.6.2 /
Resource Hash
d08d50c7f628eb253e2b13be4fcf3ddd270ad18f6a12da75dd6941be0932fc70

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 02 May 2019 02:18:22 GMT
Content-Encoding
gzip
Server
openresty/1.13.6.2
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=utf-8
a6976517a36b22b63c2c158296e3a179_1.js
cdn.sendpulse.com/9dae6d62c816560a842268bde2cd317d/js/push/ 		42 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sendpulse.com/9dae6d62c816560a842268bde2cd317d/js/push/a6976517a36b22b63c2c158296e3a179_1.js
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.174.3 , United Kingdom, ASN60068 (CDN77, GB),
Reverse DNS
frankfurt-1.cdn77.com
Software
CDN77-Turbo /
Resource Hash
d7b2aca649650bceaccdc6423883a5442081ce7978599e516d653172409b4521

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:22 GMT
content-encoding
br
last-modified
Mon, 22 Apr 2019 22:32:46 GMT
server
CDN77-Turbo
x-edge-location
frankfurtDE
etag
W/"a617-587260c305206"
vary
Accept-Encoding,User-Agent
x-cache
HIT
content-type
application/javascript
status
200
content-secure-policy
script-src https://optimize.google.com 'unsafe-inline'; style-src https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https://optimize.google.com; font-src https://fonts.gstatic.com; frame-src https://optimize.google.com
cache-control
max-age=31536000, max-age=604800
x-edge-ip
195.181.174.1
x-age
812
expires
Fri, 01 May 2020 02:04:49 GMT
conversion.js
www.googleadservices.com/pagead/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.23.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s22-in-f2.1e100.net
Software
cafe /
Resource Hash
7e7f4e40788a76f61e4e4d788bcef1f4cdfa0695469be38b97604077a413f4bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length
9265
x-xss-protection
0
server
cafe
etag
8645646474048400347
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 02 May 2019 02:18:22 GMT
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:814::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Jan 2019 20:01:45 GMT
server
Golfe2
age
2753
date
Thu, 02 May 2019 01:32:29 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
17543
expires
Thu, 02 May 2019 03:32:29 GMT
fbevents.js
connect.facebook.net/en_US/ 		54 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
4066dff32ea8b28dbfa208b1e098ec4953d875535fd4e38f0eb50e2e72c9c301
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
16356
x-xss-protection
0
pragma
public
x-fb-debug
EhArw1jvbnv39NP2yYYi7QHL8bUom7F20AYyNMDd46aF5qZf5nuUfZdQhCMwgb4aECPevCBQDzlBcwjQJ0XfHQ==
date
Thu, 02 May 2019 02:18:22 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
sdk.js
connect.facebook.net/ru_RU/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/ru_RU/sdk.js
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
73732ee288964a90955206fbf7e4c4c4f027eb268428f6e4e81b38e96c2b7a1d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
KWS8lLfMilU6WDtRxx3Ncw==
status
200
date
Thu, 02 May 2019 02:18:22 GMT
vary
Accept-Encoding
content-length
1780
x-fb-debug
SOpElrwSbNNpag+VbPd2LPDa9/zyDdeJzQnOIgmFSOSIK8Zcr7qyCjdSrmW8/Q90/Lme+9cB2/KQ00dQ4HB+bQ==
x-fb-content-md5
d4614a39368231d9cebf9b74faa60ed3
etag
"4c2c3869122ffd4c6002b94b022267d7"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 02 May 2019 02:32:48 GMT
tag.js
mc.yandex.ru/metrika/ 		332 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
b40168390afd721c2c0effd9b3b132b6d5334aff57106389b1aafa37a0a7af33
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 02 May 2019 02:18:22 GMT
Content-Encoding
br
Last-Modified
Mon, 29 Apr 2019 09:34:44 GMT
Server
nginx/1.12.2
ETag
"5cc6c534-1555e"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
87390
Expires
Thu, 02 May 2019 03:18:22 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/842597132/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/842597132/?random=1556763502188&cv=9&fst=1556763502188&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=ecomm_pagetype%3Dother&frm=0&url=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
8fd69200157dba4fa778eb4f038d7f61924a078630cd578bc2463f5017b7e947
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/javascript; charset=UTF-8
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length
1167
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ec.js
www.google-analytics.com/plugins/ua/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:814::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:16:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 21 Apr 2016 03:17:22 GMT
server
sffe
age
104
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
1296
x-xss-protection
0
expires
Thu, 02 May 2019 03:16:38 GMT
js
www.google-analytics.com/gtm/ 		62 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-5P9Q678&cid=201011316.1556763502
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:814::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
7aa1aa6061b77af2cc785a15e6fee7bdf8f6781faabeed029f8e9057562d7bc0
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:22 GMT
content-encoding
br
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
server
Google Tag Manager (scaffolding)
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
23010
x-xss-protection
0
expires
Thu, 02 May 2019 02:18:22 GMT
widget.js
manychat.com/110933/assets/js/ 		301 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://manychat.com/110933/assets/js/widget.js?864869
Requested by
Host: widget.manychat.com
URL: https://widget.manychat.com/1207577746055757.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.185.191.84 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-185-191-84.eu-central-1.compute.amazonaws.com
Software
openresty/1.13.6.2 /
Resource Hash
fa7b54ed7fea4d3a148fe8b1c3c25a1e727d796f12e9934b19bae874578eab3e

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 02 May 2019 02:18:22 GMT
Content-Encoding
gzip
Last-Modified
Wed, 01 May 2019 16:25:36 GMT
Server
openresty/1.13.6.2
ETag
W/"5cc9c880-4b3af"
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=utf-8
Cache-Control
max-age=432000
Connection
keep-alive
Expires
Tue, 07 May 2019 02:18:22 GMT
/
www.google.com/pagead/1p-user-list/842597132/ 		42 B
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/842597132/?random=1556763502188&cv=9&fst=1556762400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=ecomm_pagetype%3Dother&frm=0&url=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&fmt=3&cdct=2&is_vtc=1&random=999397831&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:819::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:22 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/842597132/ 		42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/842597132/?random=1556763502188&cv=9&fst=1556762400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=ecomm_pagetype%3Dother&frm=0&url=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&fmt=3&cdct=2&is_vtc=1&random=999397831&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:22 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
229012250964492
connect.facebook.net/signals/config/ 		211 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/229012250964492?v=2.8.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
249be6b4d42cf8fc64c8aba5c5fa6c5268c50c9a161fa09cfb4feb922ae2dd6e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
x-xss-protection
0
pragma
public
x-fb-debug
Gi9Ush47tdctOB+FVUMMniMRGC23xpZQOjTtlsvyvkISvdatHz41DHAItUKMDY03TNOEYsGbRxpCpw9NtjIArg==
date
Thu, 02 May 2019 02:18:22 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
sdk.js
connect.facebook.net/ru_RU/ 		194 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/ru_RU/sdk.js?hash=25c0107c693c39ee2f667ae7317cbb19&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
e4bc8ef3f3091308492492f721753bcebd25410a8a1a8779de3a36bd1a513b88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Origin
https://legionfarm.com

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
phL6yhzFKMu1kmtuNq2Vpw==
status
200
date
Thu, 02 May 2019 02:18:22 GMT
vary
Accept-Encoding
content-length
59065
x-fb-debug
xSr8sRzK3aZSuyrprunfm+tb+Um/jjI0eyQA87rlDLLo46zZJq+kCZSvTnr+eI4vMBnfd80s5eG0DxB94aNm1g==
x-fb-content-md5
d29a4b900ca0c5b3a034007a56a5a002
etag
"2666d69c4ed3b2050bcc69e3062e929a"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
expires
Fri, 01 May 2020 00:58:30 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j73&a=144174463&t=pageview&_s=1&dl=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-84657436-1&cid=201011316.1556763502&jid=1392253265&_gid=1021129385.1556763502&gjid=1035729662&_v=j73&z=237093252
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-84657436-1&cid=201011316.1556763502&jid=1392253265&_v=j73&z=237093252
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-84657436-1&cid=201011316.1556763502&jid=1392253265&_v=j73&z=237093252&slf_rd=1&random=464486872
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-84657436-1&cid=201011316.1556763502&jid=1392253265&_v=j73&z=237093252&slf_rd=1&random=464486872
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:22 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-84657436-1&cid=201011316.1556763502&jid=1392253265&_v=j73&z=237093252&slf_rd=1&random=464486872
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1
mc.yandex.ru/watch/39796710/
Redirect Chain
  • https://mc.yandex.ru/watch/39796710?wmode=7&page-url=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwA...
  • https://mc.yandex.ru/watch/39796710/1?wmode=7&page-url=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DI...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/39796710/1?wmode=7&page-url=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&charset=utf-8&browser-info=ti%3A10%3Ans%3A1556763500118%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20190502021822%3Aet%3A1556763502%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A968667177%3Ahid%3A263616240%3Ads%3A0%2C36%2C1985%2C1%2C0%2C0%2C0%2C50%2C1%2C%2C%2C%2C2075%3Afp%3A2040%3Awn%3A60444%3Ahl%3A2%3Agdpr%3A14%3Av%3A1548%3Awv%3A2%3Ast%3A1556763502%3Au%3A1556763502807250943
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 02 May 2019 02:18:22 GMT
Last-Modified
Thu, 02-May-2019 02:18:22 GMT
Server
nginx/1.12.2
Location
/watch/39796710/1?wmode=7&page-url=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&charset=utf-8&browser-info=ti%3A10%3Ans%3A1556763500118%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20190502021822%3Aet%3A1556763502%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A968667177%3Ahid%3A263616240%3Ads%3A0%2C36%2C1985%2C1%2C0%2C0%2C0%2C50%2C1%2C%2C%2C%2C2075%3Afp%3A2040%3Awn%3A60444%3Ahl%3A2%3Agdpr%3A14%3Av%3A1548%3Awv%3A2%3Ast%3A1556763502%3Au%3A1556763502807250943
Strict-Transport-Security
max-age=31536000
Access-Control-Allow-Origin
https://legionfarm.com
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 02-May-2019 02:18:22 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 02 May 2019 02:18:22 GMT
Last-Modified
Thu, 02-May-2019 02:18:22 GMT
Server
nginx/1.12.2
Access-Control-Allow-Origin
https://legionfarm.com
Strict-Transport-Security
max-age=31536000
Location
/watch/39796710/1?wmode=7&page-url=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&charset=utf-8&browser-info=ti%3A10%3Ans%3A1556763500118%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20190502021822%3Aet%3A1556763502%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A968667177%3Ahid%3A263616240%3Ads%3A0%2C36%2C1985%2C1%2C0%2C0%2C0%2C50%2C1%2C%2C%2C%2C2075%3Afp%3A2040%3Awn%3A60444%3Ahl%3A2%3Agdpr%3A14%3Av%3A1548%3Awv%3A2%3Ast%3A1556763502%3Au%3A1556763502807250943
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 02-May-2019 02:18:22 GMT
advert.gif
mc.yandex.ru/metrika/ 		43 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/metrika/advert.gif
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 02 May 2019 02:18:22 GMT
Content-Encoding
gzip
Last-Modified
Mon, 12 Oct 2015 13:09:09 GMT
Server
nginx/1.12.2
ETag
"561bb0f5-3d"
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
61
Expires
Thu, 02 May 2019 03:18:22 GMT
1
mc.yandex.ru/watch/39796710/ 		152 B
702 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/39796710/1?wmode=7&page-url=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&charset=utf-8&browser-info=ti%3A10%3Ans%3A1556763500118%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20190502021822%3Aet%3A1556763502%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A968667177%3Ahid%3A263616240%3Ads%3A0%2C36%2C1985%2C1%2C0%2C0%2C0%2C50%2C1%2C%2C%2C%2C2075%3Afp%3A2040%3Awn%3A60444%3Ahl%3A2%3Agdpr%3A14%3Av%3A1548%3Awv%3A2%3Ast%3A1556763502%3Au%3A1556763502807250943
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
e516600a9a043839af761e296adde34545fbd2a3953dacb8380f571545f5b949
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Origin
https://legionfarm.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Thu, 02 May 2019 02:18:22 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02-May-2019 02:18:22 GMT
Server
nginx/1.12.2
Strict-Transport-Security
max-age=31536000
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://legionfarm.com
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
152
X-XSS-Protection
1; mode=block
Expires
Thu, 02-May-2019 02:18:22 GMT
d_vbiawPdxB.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 6D29 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://staticxx.facebook.com/connect/xd_arbiter/r/d_vbiawPdxB.js?version=44
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/sdk.js?hash=25c0107c693c39ee2f667ae7317cbb19&ua=modern_es6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter/r/d_vbiawPdxB.js?version=44
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU

Response headers

status
200
content-type
text/html; charset=utf-8
expires
Thu, 30 Apr 2020 21:01:15 GMT
strict-transport-security
max-age=15552000; preload
content-encoding
br
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cache-control
public,max-age=31536000,immutable
x-fb-debug
7GNBA6K451pwbIwNfSHsSwRuoCEa+LcW2LZAecsU0AHOQmP99EOXLgvLZFRM9u5lkALGp3tlqARoLuMAEmplKw==
content-length
10984
date
Thu, 02 May 2019 02:18:22 GMT
inferredEvents.js
connect.facebook.net/signals/plugins/ 		1 KB
896 B 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.8.48
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
772
x-xss-protection
0
pragma
public
x-fb-debug
dnWuix2mLJh1aTe1s5OR+Du/bebBTXtVK92bkYHk5PDEx7wcqTQmhxiXnJ15NFvGCLV2gmcM49I94ubRmRGL7w==
date
Thu, 02 May 2019 02:18:22 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
css
fonts.googleapis.com/ 		1 KB
696 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:600,500,400,300
Requested by
Host: manychat.com
URL: https://manychat.com/110933/assets/js/widget.js?864869
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81d::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
d0501529abefac2b0bf0fb310e8f737af94bac3a67b9935a31a3e7ec3ef26c80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 02 May 2019 02:18:22 GMT
server
ESF
access-control-allow-origin
*
date
Thu, 02 May 2019 02:18:22 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Thu, 02 May 2019 02:18:22 GMT
/
www.facebook.com/tr/ 		44 B
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=229012250964492&ev=PageView&dl=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&rl=&if=false&ts=1556763502429&sw=1600&sh=1200&v=2.8.48&r=stable&ec=0&o=30&fbc=fb.1.1556763502428.IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&fbp=fb.1.1556763502429.2129897643&it=1556763502235&coo=false&rqm=GET
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:22 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Thu, 02 May 2019 02:18:22 GMT
Primary Request hermes
www.paypal.com/webapps/
Redirect Chain
  • https://legionfarm.com/payment-redirect?id=CB03B3&count_redirect=1
  • https://api.ggrocket.ai/order/check?code=CB03B3&id=31076
  • https://www.paypal.com/cgi-bin/webscr?business=payment%40ggrocket.ai&item_id=17975&item_name_1=YOUR+ORDER+%23CB03B3&amount_1=0&item_name_2=Not+forgotten+%28I+have+2100+glory+rank+and+luna%27s+howl%...
  • https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
147 KB
42 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
60a4c417212025876363ab484fda9dc3b4472b0349b517b087b0460f7075c2a9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-ALQUxviM+cUyXR4pBHFxW5CwXsWSmQzWFKj7XGB8/HhqibRp' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.googleusercontent.com/ https://*.paypalobjects.com https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net https://*.paypal.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://192.55.233.1 'unsafe-inline'; frame-src 'self' https://*.paypal.com https://smartlock.google.com https://*.paypalobjects.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.paypal.com
:scheme
https
:path
/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
accept-encoding
gzip, deflate, br
cookie
tsrce=xorouternodeweb; ts=vr%3D7655eee416aac1200017942bfff54279%26vreXpYrS%3D1651434281%26vteXpYrS%3D1556765304%26vt%3D7655eee816aac1200017942bfff54278; nsid=s%3AOEOUDWtrjjHWzYrgwDqbw_G3U1VnP6q1.ekQg32f3rxKl4StaevPVgxo6IyW7RtaB6P9EUZCoO%2Bc; X-PP-SILOVER=name%3DLIVE6.WEB.1%26silo_version%3D880%26app%3Dxorouternodewebxclick%26TIME%3D1884539484%26HTTP_X_PP_AZ_LOCATOR%3Ddcg13.slc; AKDC=slc-b-origin-www-2.paypal.com; akavpau_ppsd=1556764105~id=e7d8f0cdcf033d82b90bbd7f60a6ab6b
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU

Response headers

status
200
server
Apache
x-recruiting
If you are reading this, maybe you should be working at PayPal instead! Check out https://www.paypal.com/us/webapps/mpp/paypal-jobs
paypal-debug-id
3a181e705e72a 3a181e705e72a
cache-control
no-cache max-age=0, no-cache, no-store, must-revalidate
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-ALQUxviM+cUyXR4pBHFxW5CwXsWSmQzWFKj7XGB8/HhqibRp' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.googleusercontent.com/ https://*.paypalobjects.com https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net https://*.paypal.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://192.55.233.1 'unsafe-inline'; frame-src 'self' https://*.paypal.com https://smartlock.google.com https://*.paypalobjects.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
etag
W/"24c04-y0VgHX0HMStSrTkvBJGy8Qxlwq4"
http_x_pp_az_locator
dcg13.slc
content-encoding
gzip
pragma
no-cache
content-type
text/html; charset=utf-8
dc
slc-b-origin-www-2.paypal.com
x-edgeconnect-midmile-rtt
142
x-edgeconnect-origin-mex-latency
1249
date
Thu, 02 May 2019 02:18:26 GMT
vary
Accept-Encoding
set-cookie
enforce_policy=gdpr_eu; Domain=.paypal.com; Path=/; Expires=Fri, 01 May 2020 02:18:26 GMT; Secure cookie_check=yes; Domain=.paypal.com; Path=/; Expires=Wed, 02 May 2029 02:18:25 GMT; HttpOnly; Secure LANG=de_DE%3BDE; Domain=.paypal.com; Path=/; Expires=Thu, 02 May 2019 11:04:21 GMT; HttpOnly; Secure tsrce=unifiedloginnodeweb; Domain=.paypal.com; Path=/; Expires=Sun, 05 May 2019 02:18:25 GMT; HttpOnly; Secure HaC80bwXscjqZ7KM6VOxULOB534=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT x-pp-s=eyJ0IjoiMTU1Njc2MzUwNjU5NiIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure X-PP-K=1556763506:5:NA; Expires=Sat, 01 Jun 2019 02:18:26 GMT; domain=.paypal.com; path=/; Secure; HttpOnly X-PP-SILOVER=name%3DLIVE6.WEB.1%26silo_version%3D880%26app%3Dunifiedloginnodeweb%26TIME%3D1918093916%26HTTP_X_PP_AZ_LOCATOR%3Ddcg13.slc; Expires=Thu, 02 May 2019 02:48:26 GMT; domain=.paypal.com; path=/; Secure; HttpOnly X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT akavpau_ppsd=1556764106~id=de380d11d71fc3d47d3664474a317b68; Domain=www.paypal.com; Path=/; Secure; HttpOnly
strict-transport-security
max-age=63072000

Redirect headers

status
302
server
Apache
x-recruiting
If you are reading this, maybe you should be working at PayPal instead! Check out https://www.paypal.com/us/webapps/mpp/paypal-jobs
paypal-debug-id
287decfa4fc79 287decfa4fc79
cache-control
no-cache max-age=0, no-cache, no-store, must-revalidate
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
content-security-policy
default-src 'self' https://*.paypal.com; script-src 'nonce-LMhOsA563WF96i/GL2nKLoQ415ZSAsDqLWgOuWetYivr6P9J' 'self' https://*.paypal.com 'unsafe-inline' 'unsafe-eval'; img-src https://*.paypalobjects.com; object-src 'none'; font-src 'self' https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
http_x_pp_az_locator
dcg13.slc
location
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
content-encoding
gzip
pragma
no-cache
content-type
text/html; charset=utf-8
dc
slc-b-origin-www-2.paypal.com
content-length
175
x-edgeconnect-midmile-rtt
146
x-edgeconnect-origin-mex-latency
879
date
Thu, 02 May 2019 02:18:25 GMT
vary
Accept-Encoding
set-cookie
tsrce=xorouternodeweb; Domain=.paypal.com; Path=/; Expires=Sun, 05 May 2019 02:18:25 GMT; HttpOnly; Secure ts=vr%3D7655eee416aac1200017942bfff54279%26vreXpYrS%3D1651434281%26vteXpYrS%3D1556765304%26vt%3D7655eee816aac1200017942bfff54278; Domain=.paypal.com; Path=/; Expires=Sun, 01 May 2022 19:44:42 GMT; HttpOnly; Secure nsid=s%3AOEOUDWtrjjHWzYrgwDqbw_G3U1VnP6q1.ekQg32f3rxKl4StaevPVgxo6IyW7RtaB6P9EUZCoO%2Bc; Path=/; HttpOnly; Secure X-PP-SILOVER=name%3DLIVE6.WEB.1%26silo_version%3D880%26app%3Dxorouternodewebxclick%26TIME%3D1884539484%26HTTP_X_PP_AZ_LOCATOR%3Ddcg13.slc; Expires=Thu, 02 May 2019 02:48:25 GMT; domain=.paypal.com; path=/; Secure; HttpOnly X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT AKDC=slc-b-origin-www-2.paypal.com; expires=Thu, 02-May-2019 02:48:25 GMT; path=/; secure akavpau_ppsd=1556764105~id=e7d8f0cdcf033d82b90bbd7f60a6ab6b; Domain=www.paypal.com; Path=/; Secure; HttpOnly
strict-transport-security
max-age=63072000
/
www.facebook.com/tr/ 		44 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=229012250964492&ev=Microdata&dl=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&rl=&if=false&ts=1556763503933&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.8.48&r=stable&ec=1&o=30&fbc=fb.1.1556763502428.IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&fbp=fb.1.1556763502429.2129897643&it=1556763502235&coo=false&es=automatic&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:23 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Thu, 02 May 2019 02:18:23 GMT
contextualLogin.css
www.paypalobjects.com/web/res/196/04dccbb61801409888cdbd3d742d0/css/ 		83 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/196/04dccbb61801409888cdbd3d742d0/css/contextualLogin.css
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
fbf56c4ecb460d81cd75d70d8238748293347b6af5d77b0b6a38562bafa6d332
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 25 Apr 2019 21:04:39 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=7776000
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
14337
expires
Wed, 31 Jul 2019 02:18:26 GMT
icon-PN-check.png
www.paypalobjects.com/images/shared/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/shared/icon-PN-check.png
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:26 GMT
x-content-type-options
nosniff
last-modified
Tue, 29 Mar 2016 00:23:34 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/png
content-length
2236
expires
Thu, 02 May 2019 02:18:26 GMT
glyph_alert_critical_big-2x.png
www.paypalobjects.com/images/shared/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:26 GMT
x-content-type-options
nosniff
last-modified
Fri, 12 Sep 2014 15:08:04 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/png
content-length
5828
expires
Thu, 02 May 2019 02:18:26 GMT
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/shared/paypal-logo-129x32.svg
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/web/res/196/04dccbb61801409888cdbd3d742d0/css/contextualLogin.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 Oct 2014 22:52:57 GMT
server
Apache
access-control-allow-origin
*
vary
Accept-Encoding
content-type
image/svg+xml
status
200
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
1929
expires
Sat, 01 Jun 2019 02:18:26 GMT
hermes_window_sprite_v16.png
www.paypalobjects.com/images/checkout/hermes/
Redirect Chain
  • https://www.paypalobjects.com/images/checkout/hermes/hermes_window_sprite_v16.png
  • https://ak1s.abmr.net/is/www.paypalobjects.com?U=/images/checkout/hermes/hermes_window_sprite_v16.png&V=3-bGmRhlhBrFTnrByyVhBSgumrAACXZR58bYTpf7tDPXHeJYniT%2f5kcX+fHYfPGoke&I=C81459B39F1B3F0&D=payp...
  • https://www.paypalobjects.com/images/checkout/hermes/hermes_window_sprite_v16.png?01AD=3btuabsi2jCMO3H57zmDoul6lCbrkafAQaxaZdm7X8C3iGCM_d11w1w&01RI=C81459B39F1B3F0&01NA=na
23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/checkout/hermes/hermes_window_sprite_v16.png?01AD=3btuabsi2jCMO3H57zmDoul6lCbrkafAQaxaZdm7X8C3iGCM_d11w1w&01RI=C81459B39F1B3F0&01NA=na
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e8867e9b228e90c2c64825bf2bacaea7f283fce1176ccf849f0935a94da488dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/web/res/196/04dccbb61801409888cdbd3d742d0/css/contextualLogin.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:26 GMT
x-content-type-options
nosniff
last-modified
Tue, 16 Aug 2016 23:54:43 GMT
server
Apache
strict-transport-security
max-age=31536000
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-type
image/png
content-length
23268
expires
Thu, 02 May 2019 02:18:26 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 02 May 2019 02:18:26 GMT
P3P
policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"
Location
https://www.paypalobjects.com/images/checkout/hermes/hermes_window_sprite_v16.png?01AD=3btuabsi2jCMO3H57zmDoul6lCbrkafAQaxaZdm7X8C3iGCM_d11w1w&01RI=C81459B39F1B3F0&01NA=na
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Expires
Thu, 02 May 2019 02:18:26 GMT
icon_ot_spin_lock_skinny.png
www.paypalobjects.com/images/checkout/hermes/ 		395 B
609 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/checkout/hermes/icon_ot_spin_lock_skinny.png
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
60668cd1ce79ddd5a0615433bc913eca1f17da711f00cc0e40e14744f6cc3cb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/web/res/196/04dccbb61801409888cdbd3d742d0/css/contextualLogin.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:26 GMT
x-content-type-options
nosniff
last-modified
Fri, 29 Jul 2016 03:49:02 GMT
server
Apache
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
395
expires
Thu, 02 May 2019 02:18:26 GMT
pa.js
www.paypalobjects.com/pa/js/min/ 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/js/min/pa.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f6cf975ee3b22ae6190661d93cbed9f23ddd0e4712a2c34b6e96a1b98711b15d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:26 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
13272
last-modified
Wed, 01 May 2019 00:52:10 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Thu, 02 May 2019 03:18:26 GMT
challenge.js
www.paypal.com/auth/createchallenge/0167ef229db04fec/ 		21 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/auth/createchallenge/0167ef229db04fec/challenge.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
aa69080cd018e345139b58420560d03023463e43ba9c79fc88d46168ca057402
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-DuTjIex3LZ5fNdcn/31FseqOuG+K7z87fp/WJQ6CvvVVIiqg' 'self' https://*.paypal.com https://*.paypalobjects.com https://www.recaptcha.net https://www.gstatic.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://*.paypal.com https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.google.com https://www.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
330
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-DuTjIex3LZ5fNdcn/31FseqOuG+K7z87fp/WJQ6CvvVVIiqg' 'self' https://*.paypal.com https://*.paypalobjects.com https://www.recaptcha.net https://www.gstatic.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://*.paypal.com https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.google.com https://www.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
x-edgeconnect-midmile-rtt
146
x-recruiting
If you are reading this, maybe you should be working at PayPal instead! Check out https://www.paypal.com/us/webapps/mpp/paypal-jobs
status
200
http_x_pp_az_locator
dcg13.slc
paypal-debug-id
dc86ff4019391, dc86ff4019391
dc
slc-b-origin-www-2.paypal.com
vary
Accept-Encoding
content-length
5882
x-xss-protection
1; mode=block
pragma
no-cache
server
Apache
date
Thu, 02 May 2019 02:18:27 GMT
strict-transport-security
max-age=63072000
content-type
text/html; charset=utf-8
cache-control
no-cache, max-age=0, no-cache, no-store, must-revalidate
etag
W/"5395-8VRathFcsv4J9aDOX0DXpm9vlHM"
fb-all-prod.pp2.min.js
c.paypal.com/webstatic/r/fb/ 		58 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
eda0a3b80b9a6c146817151721cb4e4c38bb88bae41419df26f5f67156fa14b3

Request headers

Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:27 GMT
x-pad
avoid browser bug
last-modified
Wed, 04 Oct 2017 04:33:25 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-encoding
gzip
content-length
18154
expires
Fri, 03 May 2019 02:18:27 GMT
main-code-split.js
www.paypalobjects.com/web/res/e4c/da3acb64cf491210aa204cc1352b1/js/ 		889 KB
207 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/e4c/da3acb64cf491210aa204cc1352b1/js/main-code-split.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7579fcc147c182880969c3aea4a389d6244f0796ae461f0c84882d9afe564f91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Origin
https://www.paypal.com

Response headers

date
Thu, 02 May 2019 02:18:27 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
content-encoding
gzip
vary
Accept-Encoding
content-length
211262
last-modified
Tue, 30 Apr 2019 18:50:39 GMT
server
Apache
strict-transport-security
max-age=31536000
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Wed, 31 Jul 2019 02:18:27 GMT
framework-code-split.js
www.paypalobjects.com/js/xo/hermes/1.9.0/ 		353 KB
120 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/js/xo/hermes/1.9.0/framework-code-split.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a45f568535b2d233dd1d29a8eb8d9b8921af867af2416116f578a0076e51d08e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Origin
https://www.paypal.com

Response headers

date
Thu, 02 May 2019 02:18:27 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
content-encoding
gzip
vary
Accept-Encoding
content-length
122531
last-modified
Mon, 15 Oct 2018 18:02:29 GMT
server
Apache
strict-transport-security
max-age=31536000
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Wed, 31 Jul 2019 02:18:27 GMT
client-log
www.paypal.com/signin/ 		0
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/signin/client-log
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-jP7t5wk4leivBad9+F6UDGTsVztQ4ao5hqJv04FPLRqjxnZ3' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.googleusercontent.com/ https://*.paypalobjects.com https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net https://*.paypal.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://192.55.233.1 'unsafe-inline'; frame-src 'self' https://*.paypal.com https://smartlock.google.com https://*.paypalobjects.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Origin
https://www.paypal.com
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

x-edgeconnect-origin-mex-latency
97
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-jP7t5wk4leivBad9+F6UDGTsVztQ4ao5hqJv04FPLRqjxnZ3' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.googleusercontent.com/ https://*.paypalobjects.com https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net https://*.paypal.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://192.55.233.1 'unsafe-inline'; frame-src 'self' https://*.paypal.com https://smartlock.google.com https://*.paypalobjects.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
x-edgeconnect-midmile-rtt
143
x-recruiting
If you are reading this, maybe you should be working at PayPal instead! Check out https://www.paypal.com/us/webapps/mpp/paypal-jobs
status
200
http_x_pp_az_locator
dcg13.slc
paypal-debug-id
a3bfb22f139e1, a3bfb22f139e1
dc
slc-b-origin-www-2.paypal.com
vary
Accept-Encoding
content-length
26
x-xss-protection
1; mode=block
pragma
no-cache
server
Apache
x-frame-options
SAMEORIGIN
date
Thu, 02 May 2019 02:18:27 GMT
strict-transport-security
max-age=63072000
content-type
application/json; charset=utf-8
cache-control
no-cache, max-age=0, no-cache, no-store, must-revalidate
cookie-banner
www.paypal.com/signin/ 		9 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/signin/cookie-banner?flowId=9TG05340GD8581014
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0df490928c14ec0bf9665e7a32e74d9bc815c5ba8646fbd48d3a7233c1c66ae1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-P6PbBHchD1dzunwLnMLaTGzqFnr/gTGRS9sG0CmZT5t2DJmp' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.googleusercontent.com/ https://*.paypalobjects.com https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net https://*.paypal.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://192.55.233.1 'unsafe-inline'; frame-src 'self' https://*.paypal.com https://smartlock.google.com https://*.paypalobjects.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
144
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-P6PbBHchD1dzunwLnMLaTGzqFnr/gTGRS9sG0CmZT5t2DJmp' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.googleusercontent.com/ https://*.paypalobjects.com https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net https://*.paypal.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://192.55.233.1 'unsafe-inline'; frame-src 'self' https://*.paypal.com https://smartlock.google.com https://*.paypalobjects.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
x-edgeconnect-midmile-rtt
145
x-recruiting
If you are reading this, maybe you should be working at PayPal instead! Check out https://www.paypal.com/us/webapps/mpp/paypal-jobs
status
200
http_x_pp_az_locator
dcg13.slc
paypal-debug-id
710325b14c5d, 710325b14c5d
dc
slc-b-origin-www-2.paypal.com
vary
Accept-Encoding
content-length
3018
x-xss-protection
1; mode=block
pragma
no-cache
server
Apache
x-frame-options
SAMEORIGIN
date
Thu, 02 May 2019 02:18:27 GMT
strict-transport-security
max-age=63072000
content-type
application/json; charset=utf-8
cache-control
no-cache, max-age=0, no-cache, no-store, must-revalidate
etag
W/"22fd-mWMq6QPyfHSc8HGfPi1yFaNdRGI"
tealeaf-ul-prod_domcap.min.js
www.paypalobjects.com/web/res/196/04dccbb61801409888cdbd3d742d0/js/lib/ 		110 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/196/04dccbb61801409888cdbd3d742d0/js/lib/tealeaf-ul-prod_domcap.min.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
22027bb7a536c4631d05950c052600da4e4e6b697c0ffee2189da38e05857466
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:27 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
35705
last-modified
Thu, 25 Apr 2019 21:04:40 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Wed, 31 Jul 2019 02:18:27 GMT
miconfig.js
www.paypalobjects.com/pa/mi/ 		18 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/mi/miconfig.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/js/min/pa.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
601a43e06e0821b1b224fda1fd463faa176526cfaa2145956a341c9dc8ff4406
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Origin
https://www.paypal.com

Response headers

date
Thu, 02 May 2019 02:18:27 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
4297
last-modified
Wed, 01 May 2019 12:42:23 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Thu, 02 May 2019 03:18:27 GMT
counter2.cgi
dub.stats.paypal.com/ Frame BF65
Redirect Chain
  • https://b.stats.paypal.com/v1/counter.cgi?r=cD05VEcwNTM0MEdEODU4MTAxNCZpPTE4NS4yMjAuNzAuMjM2JnQ9MTU1Njc2MzUwNi41NzImYT0yMSZzPVVOSUZJRURfTE9HSU7oahtvyl-RCUtIcBzXxXABRQAqxQ
  • https://dub.stats.paypal.com/counter2.cgi
42 B
494 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dub.stats.paypal.com/counter2.cgi
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
176.120.18.70 , United States, ASN198911 (BML-AS, US),
Reverse DNS
Software
/
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 02 May 2019 02:18:27 GMT
Cache-Control
private, must-revalidate, proxy-revalidate
Server
Connection
close
ETag
"af9bdcf57c763638491e"
Content-Length
42
Content-type
image/jpeg

Redirect headers

Location
https://dub.stats.paypal.com/counter2.cgi
Date
Thu, 02 May 2019 02:18:27 GMT
Server
Connection
close
Content-Length
289
Content-Type
text/html; charset=utf-8
i
c.paypal.com/v1/r/d/ Frame 1CD7 		187 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
25fffe054cf7f48921658270315d75be019d52bf8e5fcdc59d8df79b1d5033e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
c.paypal.com
:scheme
https
:path
/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
accept-encoding
gzip, deflate, br
cookie
ts=vr%3D7655eee416aac1200017942bfff54279%26vreXpYrS%3D1651434281%26vteXpYrS%3D1556765304%26vt%3D7655eee816aac1200017942bfff54278; enforce_policy=gdpr_eu; cookie_check=yes; LANG=de_DE%3BDE; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTU1Njc2MzUwNjU5NiIsImwiOiIwIiwibSI6IjAifQ; X-PP-K=1556763506:5:NA; X-PP-SILOVER=name%3DLIVE6.WEB.1%26silo_version%3D880%26app%3Dunifiedloginnodeweb%26TIME%3D1918093916%26HTTP_X_PP_AZ_LOCATOR%3Ddcg13.slc
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79

Response headers

status
200
server
Apache
content-security-policy-report-only
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
correlation-id
ebe1685c4eccf
server_info
riskfraudnetapiserv:ppaas_1_2.v1.r.d.i.GET&CalThreadId=268&TopLevelTxnStartTime=16a74359f10&Host=dcg13riskfraudnetapiserv0263&pid=3212
x-content-type-options
nosniff
x-xss-protection
1; mode=block
http_x_pp_az_locator
dcg13.slc
paypal-debug-id
ebe1685c4eccf
pragma
no-cache
x-cnection
close
content-type
text/html;charset=UTF-8
vary
Accept-Encoding
content-encoding
gzip
content-length
160
cache-control
no-cache, no-store, must-revalidate
date
Thu, 02 May 2019 02:18:27 GMT
fb-all-prod.pp2.min.js
c.paypal.com/webstatic/r/fb/ Frame 1CD7 		58 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
eda0a3b80b9a6c146817151721cb4e4c38bb88bae41419df26f5f67156fa14b3

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 02 May 2019 02:18:27 GMT
x-pad
avoid browser bug
last-modified
Wed, 04 Oct 2017 04:33:25 GMT
server
Apache
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-encoding
gzip
content-length
18154
expires
Fri, 03 May 2019 02:18:27 GMT
p1
c.paypal.com/v1/r/d/b/ Frame 1CD7 		125 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/v1/r/d/b/p1
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
af85c93d883681dd8fd99691b722c7025476b65b860420e648a1d5724b0dae47

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Origin
https://c.paypal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:28 GMT
server_info
riskfraudnetapiserv:ppaas_1_2.v1.r.d.b.p1.POST&CalThreadId=270&TopLevelTxnStartTime=16a7655fc46&Host=dcg13riskfraudnetapiserv9516&pid=3210
correlation-id
2f2e3887bbab7
server
Apache
cache-control
max-age=0, no-cache, no-store, must-revalidate
p3p
policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
status
200
http_x_pp_az_locator
dcg13.slc
x-cnection
close
paypal-debug-id
2f2e3887bbab7
content-type
application/json
content-length
125
p2
c.paypal.com/v1/r/d/b/ Frame 1CD7 		125 B
832 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/v1/r/d/b/p2
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e09af8d11087ecaa15ad3e4944c6b8dc5eac6d38ff25a3f50f8a211b08c9b5b9

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
Origin
https://c.paypal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:27 GMT
correlation-id
d75f36db61274
server
Apache
cache-control
max-age=0, no-cache, no-store, must-revalidate, max-age=0, no-cache, no-store, must-revalidate
p3p
policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
status
200
x-cnection
close
paypal-debug-id
d75f36db61274, d75f36db61274
content-type
application/json
content-length
125
p3
c6.paypal.com/v1/r/d/b/ Frame 1CD7 		0
837 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c6.paypal.com/v1/r/d/b/p3?f=9TG05340GD8581014&s=UL_CHECKOUT_INPUT_EMAIL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:26f0:f1:295::424d , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/webstatic/r/fb/fb-all-prod.pp2.min.js
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 02 May 2019 02:18:27 GMT
SERVER_INFO
riskfraudnetapiserv:ppaas_1_2.v1.r.d.b.p3.GET&CalThreadId=77&TopLevelTxnStartTime=16a7655fa58&Host=dcg13riskfraudnetapiserv9450&pid=3211
CORRELATION-ID
2d3dba8b43435
Server
Apache
Cache-Control
max-age=0, no-cache, no-store
Content-Type
text/plain; charset=ISO-8859-1
Paypal-Debug-Id
2d3dba8b43435
HTTP_X_PP_AZ_LOCATOR
dcg13.slc
X-Cnection
close
Connection
keep-alive
Content-Length
0
Expires
Thu, 02 May 2019 02:18:27 GMT
analytics.js
www.paypalobjects.com/gajs/ 		27 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/gajs/analytics.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/js/min/pa.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
98581bf58e5c202c1742212bb1351053431567fc3da31a0ee29f4f4826bb5214
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Origin
https://www.paypal.com

Response headers

date
Thu, 02 May 2019 02:18:27 GMT
x-pad
avoid browser bug
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
content-length
11602
last-modified
Fri, 31 Aug 2018 17:26:04 GMT
server
Apache
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Fri, 03 May 2019 02:18:27 GMT
ts
t.paypal.com/ 		42 B
558 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?v=1.3.14&t=1556763507408&g=0&e=im&pgrp=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail&page=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail%3A%3A%3A&qual=input_email&pgst=1556763506490&calc=3a181e705e72a&rsta=de_DE&pgtf=Nodejs&env=live&s=ci&ccpg=DE&csci=bc1009e729934bed8c117e7a0ad755d6&comp=unifiedloginnodeweb&tsrce=xorouternodeweb&cu=0&pxpguid=7655eee416aac1200017942bfff54279&ef_policy=gdpr_eu&transition_name=ss_prepare_email&fltk=9TG05340GD8581014&flid=9TG05340GD8581014&xe=2322%2C3861%2C3798%2C4791%2C2923%2C4305%2C3862%2C3234%2C100364&xt=5566%2C9224%2C9089%2C11571%2C6993%2C10293%2C9226%2C7711%2C100913&ctx_login_ot_content=1&obex=checkout&landing_page=login&state_name=begin_email&ctx_login_content_fetch=success&ctx_login_ctxid_fetch=success%7Cparse-success&ctx_login_lang_footer=shown&ctx_login_onetouch=shown&forced_signup_offered=1&ctx_login_signup_btn=shown%7CcreateAccount&ctx_login_tag_line=shown%7CloginToPayPal&ctx_login_intent=checkout&ctx_login_flow=Express%20checkout&ctx_login_state_transition=login_loaded&post_login_redirect=returnUri&ret_url=%2Fwebapps%2Fhermes&akdc=slc-b-origin-www-2.paypal.com&view=%7B%22t10%22%3A2092%2C%22t11%22%3A4211%2C%22tcp%22%3A3638%2C%22type%22%3A%22navigate%22%7D&pt=Loggen%20Sie%20sich%20bei%20PayPal%20ein&ru=https%3A%2F%2Flegionfarm.com%2Fpayment-redirect%3Fid%3DCB03B3%26utm_source%3Dwebsite%26utm_medium%3Dpaypal%26utm_campaign%3Dother%26fbclid%3DIwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs%26h%3DAT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&t1=1&t2=1427&t3=102&t4d=233&t4=243&t4e=3&tt=3786&res=%7B%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
akka-http/10.1.7 /
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 02 May 2019 02:18:27 GMT
server
akka-http/10.1.7
p3p
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
status
200
http_x_pp_az_locator
slcb.slc
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
42
expires
Thu, 02 May 2019 02:18:27 GMT
verifychallenge
www.paypal.com/auth/ 		2 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/auth/verifychallenge
Requested by
Host: legionfarm.com
URL: https://legionfarm.com/payment-redirect?id=CB03B3&utm_source=website&utm_medium=paypal&utm_campaign=other&fbclid=IwAR3yYpmy_gZuJIRJV13UoIaEpq7B1XVHKU2xJy_MMFQJEWgMOMuqseGyzvs&h=AT1x53VVHZPjj1av6dN0qCz3I35SqHChJt3Pkt0mxDmHakgD85kMZqo1xLOkej71e2yiRzpwTDrBwhBRdgUuNldKlDN3XjiO299HAWIByIcm47z3MVa3ylJ3k5Z6t9aZaQU
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2.18.232.222 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-AOdRVoyz0Qc/3oGC5DzVoXagUxE4li9eRDIoMZ2CdQEUQOdt' 'self' https://*.paypal.com https://*.paypalobjects.com https://www.recaptcha.net https://www.gstatic.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://*.paypal.com https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.google.com https://www.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.paypal.com/webapps/hermes?token=9TG05340GD8581014&useraction=commit&mfid=1556763504882_287decfa4fc79
Origin
https://www.paypal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

x-edgeconnect-origin-mex-latency
135
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-AOdRVoyz0Qc/3oGC5DzVoXagUxE4li9eRDIoMZ2CdQEUQOdt' 'self' https://*.paypal.com https://*.paypalobjects.com https://www.recaptcha.net https://www.gstatic.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://*.paypal.com https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.google.com https://www.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
x-edgeconnect-midmile-rtt
144
x-recruiting
If you are reading this, maybe you should be working at PayPal instead! Check out https://www.paypal.com/us/webapps/mpp/paypal-jobs
status
200
http_x_pp_az_locator
dcg13.slc
paypal-debug-id
ff555f3297b70, ff555f3297b70
dc
slc-b-origin-www-2.paypal.com
vary
Accept-Encoding
content-length
28
x-xss-protection
1; mode=block
pragma
no-cache
server
Apache
date
Thu, 02 May 2019 02:18:27 GMT
strict-transport-security
max-age=63072000
content-type
text/plain; charset=utf-8
cache-control
no-cache, max-age=0, no-cache, no-store, must-revalidate
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| html5 object| Modernizr function| isEligibleIntegration object| antiClickjack object| PAYPAL function| $ object| fpti string| fptiserverurl object| _ifpti function| AjaxRequest string| PP_SERVICE_URL string| BASE_SWF_URL string| BEACON_BASE_URL string| PP_IFRAME_JS_URL string| PP_NEW_SERVICE_URL string| PP_VERSION object| Configuration object| PFB_4732Config object| PFB_4732 object| dataCollector object| fp undefined| runFb function| initTsFb object| jstz function| SwfStore function| SlvtStore object| pako object| TLT object| miconfig function| ga object| gaplugins object| gaGlobal function| postAjax function| bindGdprEvents function| hideGdprBanner function| showGdprBanner object| _0x5f1a function| _0x149f object| d function| eedcacbdcad object| err

11 Cookies

Domain/Path Name / Value
.paypal.com/ Name: X-PP-SILOVER
Value: name%3DLIVE6.WEB.1%26silo_version%3D880%26app%3Dunifiedloginnodeweb%26TIME%3D1918093916%26HTTP_X_PP_AZ_LOCATOR%3Ddcg13.slc
.paypal.com/ Name: X-PP-K
Value: 1556763506:5:NA
.paypal.com/ Name: tsrce
Value: unifiedloginnodeweb
.paypal.com/ Name: LANG
Value: de_DE%3BDE
.paypal.com/ Name: enforce_policy
Value: gdpr_eu
www.paypal.com/ Name: nsid
Value: s%3AOEOUDWtrjjHWzYrgwDqbw_G3U1VnP6q1.ekQg32f3rxKl4StaevPVgxo6IyW7RtaB6P9EUZCoO%2Bc
.paypal.com/ Name: cookie_check
Value: yes
.www.paypal.com/ Name: akavpau_ppsd
Value: 1556764106~id=de380d11d71fc3d47d3664474a317b68
www.paypal.com/ Name: AKDC
Value: slc-b-origin-www-2.paypal.com
.paypal.com/ Name: x-pp-s
Value: eyJ0IjoiMTU1Njc2MzUwNjU5NiIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/ Name: ts
Value: vr%3D7655eee416aac1200017942bfff54279%26vreXpYrS%3D1651434281%26vteXpYrS%3D1556765304%26vt%3D7655eee816aac1200017942bfff54278

1 Console Messages

Source Level URL
Text
console-api error URL: https://mc.yandex.ru/metrika/tag.js(Line 236)
Message:
FATAL [init-failed]:

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ak1s.abmr.net
api.ggrocket.ai
b.stats.paypal.com
c.paypal.com
c6.paypal.com
cdn.sendpulse.com
connect.facebook.net
dub.stats.paypal.com
fonts.googleapis.com
googleads.g.doubleclick.net
legionfarm.com
manychat.com
mc.yandex.ru
staticxx.facebook.com
stats.g.doubleclick.net
t.paypal.com
widget.manychat.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.paypal.com
www.paypalobjects.com
172.217.23.162
176.120.18.70
18.185.191.84
195.181.174.3
2.18.232.222
23.67.137.8
2606:4700:30::681c:126c
2606:4700:30::681f:4fcd
2a00:1450:4001:814::200e
2a00:1450:4001:819::2004
2a00:1450:4001:81d::2003
2a00:1450:4001:81d::200a
2a00:1450:4001:81f::2002
2a00:1450:400c:c0c::9a
2a02:26f0:f1:295::424d
2a02:6b8::1:119
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
0df490928c14ec0bf9665e7a32e74d9bc815c5ba8646fbd48d3a7233c1c66ae1
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79
22027bb7a536c4631d05950c052600da4e4e6b697c0ffee2189da38e05857466
249be6b4d42cf8fc64c8aba5c5fa6c5268c50c9a161fa09cfb4feb922ae2dd6e
25fffe054cf7f48921658270315d75be019d52bf8e5fcdc59d8df79b1d5033e5
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
4066dff32ea8b28dbfa208b1e098ec4953d875535fd4e38f0eb50e2e72c9c301
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
601a43e06e0821b1b224fda1fd463faa176526cfaa2145956a341c9dc8ff4406
60668cd1ce79ddd5a0615433bc913eca1f17da711f00cc0e40e14744f6cc3cb4
60a4c417212025876363ab484fda9dc3b4472b0349b517b087b0460f7075c2a9
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
73732ee288964a90955206fbf7e4c4c4f027eb268428f6e4e81b38e96c2b7a1d
7579fcc147c182880969c3aea4a389d6244f0796ae461f0c84882d9afe564f91
7aa1aa6061b77af2cc785a15e6fee7bdf8f6781faabeed029f8e9057562d7bc0
7e7f4e40788a76f61e4e4d788bcef1f4cdfa0695469be38b97604077a413f4bd
8fd69200157dba4fa778eb4f038d7f61924a078630cd578bc2463f5017b7e947
98581bf58e5c202c1742212bb1351053431567fc3da31a0ee29f4f4826bb5214
a45f568535b2d233dd1d29a8eb8d9b8921af867af2416116f578a0076e51d08e
aa69080cd018e345139b58420560d03023463e43ba9c79fc88d46168ca057402
af85c93d883681dd8fd99691b722c7025476b65b860420e648a1d5724b0dae47
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
b40168390afd721c2c0effd9b3b132b6d5334aff57106389b1aafa37a0a7af33
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
d0501529abefac2b0bf0fb310e8f737af94bac3a67b9935a31a3e7ec3ef26c80
d08d50c7f628eb253e2b13be4fcf3ddd270ad18f6a12da75dd6941be0932fc70
d096ba39d024609e68b670e9a272887199f4bedad037d399dc4cc3fe61a65b59
d7b2aca649650bceaccdc6423883a5442081ce7978599e516d653172409b4521
e09af8d11087ecaa15ad3e4944c6b8dc5eac6d38ff25a3f50f8a211b08c9b5b9
e0b3ccae5daec128e92d6eff2fa2ec7fd3319e9bdb796056d7952586a4e7dff6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4bc8ef3f3091308492492f721753bcebd25410a8a1a8779de3a36bd1a513b88
e516600a9a043839af761e296adde34545fbd2a3953dacb8380f571545f5b949
e8867e9b228e90c2c64825bf2bacaea7f283fce1176ccf849f0935a94da488dc
eda0a3b80b9a6c146817151721cb4e4c38bb88bae41419df26f5f67156fa14b3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6cf975ee3b22ae6190661d93cbed9f23ddd0e4712a2c34b6e96a1b98711b15d
fa7b54ed7fea4d3a148fe8b1c3c25a1e727d796f12e9934b19bae874578eab3e
fbf56c4ecb460d81cd75d70d8238748293347b6af5d77b0b6a38562bafa6d332