www.contra-corona.de Open in urlscan Pro
178.254.50.207 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://contra-corona.org/
Effective URL:
http://www.contra-corona.de/
Submission Tags: falconsandbox
Submission: On May 27 via api (May 27th 2021, 9:42:49 am UTC) from US

Summary HTTP 31 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 31 HTTP transactions. The main IP is 178.254.50.207, located in Germany and belongs to EVANZOAS, DE. The main domain is www.contra-corona.de.

This is the only time www.contra-corona.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	95.128.203.9 95.128.203.9	33828 (IPTOX-AS) (IPTOX-AS)
1	178.254.50.207 178.254.50.207	42730 (EVANZOAS) (EVANZOAS)
14	87.238.197.76 87.238.197.76	42730 (EVANZOAS) (EVANZOAS)
3	2a00:1450:400... 2a00:1450:400c:c1b::5c	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
31	6

1 95.128.203.9 (Germany) 1 redirects

ASN33828 (IPTOX-AS, DE)
PTR: host-95-128-203-9.in-addr.iptox.net

contra-corona.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.254.50.207 (Germany)

ASN42730 (EVANZOAS, DE)
PTR: pp3.greatnet.de

www.contra-corona.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 87.238.197.76 (Germany)

ASN42730 (EVANZOAS, DE)
PTR: kinoheld.de

www.kinoheld.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
graph.kinoheld.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c1b::5c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

pay.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	kinoheld.de www.kinoheld.de graph.kinoheld.de	311 KB
10	google.com pay.google.com play.google.com	384 KB
5	gstatic.com www.gstatic.com	101 KB
1	google-analytics.com www.google-analytics.com	19 KB
1	contra-corona.de www.contra-corona.de	594 B
1	contra-corona.org 1 redirects contra-corona.org	237 B
31	6

	Domain	Requested by
12	www.kinoheld.de	www.contra-corona.de www.kinoheld.de
7	play.google.com	www.gstatic.com
5	www.gstatic.com	pay.google.com www.gstatic.com
3	pay.google.com	www.kinoheld.de pay.google.com www.gstatic.com
2	graph.kinoheld.de	www.kinoheld.de
1	www.google-analytics.com	www.gstatic.com
1	www.contra-corona.de
1	contra-corona.org	1 redirects
31	8

This site contains no links.

Subject Issuer	Validity	Valid
*.kinoheld.de Starfield Secure Certificate Authority - G2	`2020-11-24` - `2021-12-24`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh

This page contains 3 frames:

Primary Page: http://www.contra-corona.de/
Frame ID: 8DE07FC76BC25176A6E5A8E8F02E5512
Requests: 1 HTTP requests in this frame

Frame: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
Frame ID: 5F07291D458D84056BF1119F37244874
Requests: 14 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwww.kinoheld.de&mid=
Frame ID: CE5C519E8781A0036E5F4128C02F7080
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://contra-corona.org/ HTTP 302
http://www.contra-corona.de/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

31
Requests

97 %
HTTPS

57 %
IPv6

6
Domains

8
Subdomains

6
IPs

2
Countries

816 kB
Transfer

3357 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://contra-corona.org/ HTTP 302
http://www.contra-corona.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.contra-corona.de/
Redirect Chain

http://contra-corona.org/
http://www.contra-corona.de/

310 B
594 B

120ms
82ms

Document
text/html

178.254.50.207
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.contra-corona.de/
Protocol: HTTP/1.1
Server: 178.254.50.207 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: pp3.greatnet.de
Software: Apache / PleskLin
Resource Hash: e9f72131a52e6dba493fcf21d5e25958b0f70848307e3a326ca6b920ceb3e809

Request headers

Host: www.contra-corona.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 27 May 2021 09:42:19 GMT
Server: Apache
Last-Modified: Thu, 04 Feb 2021 12:55:10 GMT
ETag: "136-5ba8236bc1e9b-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 249
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Date: Thu, 27 May 2021 09:42:19 GMT
Server: Apache
Location: http://www.contra-corona.de
Content-Length: 278
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 2362692696 Show response
www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/ Frame 5F07 74 KB
18 KB 10552ms
10226ms Document
text/html 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
Requested by: Host: www.contra-corona.de
URL: http://www.contra-corona.de/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: 48e5f3b832a3f5c0c3668ef5054d1cfe039f310040febae557583211f7962df8

Request headers

:method: GET
:authority: www.kinoheld.de
:scheme: https
:path: /kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: frame
referer: http://www.contra-corona.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.contra-corona.de/

Response headers

server: nginx
date: Thu, 27 May 2021 09:42:30 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: rb=true; path=/; secure; SameSite=None
content-encoding: gzip
x-b: web1
x-varnish: 394027495
age: 0
x-cache-action: MISS
accept-ranges: bytes

GET
H2 200 13b4553f2f4540a5624e.min.css
www.kinoheld.de/dist/widget/599/ Frame 5F07 147 KB
25 KB 131ms
130ms Stylesheet
text/css 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.kinoheld.de/dist/widget/599/13b4553f2f4540a5624e.min.css
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: 77af2758711aa95fa979bb7cf9c93363a7c1d8a33ec796123180a5c3cce7cf50

Request headers

Referer: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 09:42:30 GMT
content-encoding: gzip
x-b: web1
server: nginx
age: 0
x-cache-action: MISS
vary: Accept-Encoding
x-varnish: 394027498
cache-control: max-age=31104000, public
accept-ranges: bytes
content-type: text/css; charset=utf-8

GET
H2 200 payment_paypal.svg
www.kinoheld.de/images/payment/ Frame 5F07 3 KB
1 KB 55ms
54ms Image
image/svg+xml 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kinoheld.de/images/payment/payment_paypal.svg
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: f6c5b3c643af4a656cc60170a516b2f68c232f9039634b76cfc67b61e9da6797

Request headers

Referer: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 09:42:30 GMT
content-encoding: gzip
x-b: web1
last-modified: Tue, 02 May 2017 17:59:04 GMT
server: nginx
age: 1933
etag: W/"5908c8e8-cb6"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
x-varnish: 393050657 394569360
accept-ranges: bytes
content-length: 1260
x-cache-action: HIT
x-cache-hits: 142

GET
H2 200 payment_google_pay.svg
www.kinoheld.de/images/payment/ Frame 5F07 2 KB
1 KB 57ms
56ms Image
image/svg+xml 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kinoheld.de/images/payment/payment_google_pay.svg
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: 533d3b4525a72a057ef92a6c790d5ab2dd0d89bfbed45ee269087648b83a6dca

Request headers

Referer: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 09:42:30 GMT
content-encoding: gzip
x-b: web1
last-modified: Mon, 27 Jan 2020 22:24:02 GMT
server: nginx
age: 1913
etag: W/"5e2f6302-626"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
x-varnish: 394150574 394347053
accept-ranges: bytes
content-length: 857
x-cache-action: HIT
x-cache-hits: 110

GET
H2 200 payment_amazon.svg
www.kinoheld.de/images/payment/ Frame 5F07 3 KB
2 KB 56ms
56ms Image
image/svg+xml 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kinoheld.de/images/payment/payment_amazon.svg
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: ef0aacc2c998071716c0676f5a64679dd84fde59a5a34a3928ac8f4a8ea59bc4

Request headers

Referer: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 09:42:30 GMT
content-encoding: gzip
x-b: web1
last-modified: Mon, 27 Jan 2020 22:24:02 GMT
server: nginx
age: 1913
etag: W/"5e2f6302-d30"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
x-varnish: 393050659 394195646
accept-ranges: bytes
content-length: 1438
x-cache-action: HIT
x-cache-hits: 131

GET
H2 200 payment_creditcards.svg
www.kinoheld.de/images/payment/ Frame 5F07 4 KB
2 KB 56ms
56ms Image
image/svg+xml 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kinoheld.de/images/payment/payment_creditcards.svg
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: 94d745bff5123cf6a6acce21a929ebd2ddde2d489e17baee7b693cf62c83d028

Request headers

Referer: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 09:42:30 GMT
content-encoding: gzip
x-b: web1
last-modified: Mon, 27 Jan 2020 22:24:02 GMT
server: nginx
age: 1933
etag: W/"5e2f6302-ef0"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
x-varnish: 394150576 394532088
accept-ranges: bytes
content-length: 1576
x-cache-action: HIT
x-cache-hits: 142

GET
H2 200 payment_klarna_lastschrift.svg
www.kinoheld.de/images/payment/ Frame 5F07 5 KB
2 KB 56ms
56ms Image
image/svg+xml 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kinoheld.de/images/payment/payment_klarna_lastschrift.svg
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: 21510e502f9af79172468d637ea6c43b3bc0fe72878f398349112e2c938c4a79

Request headers

Referer: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 09:42:30 GMT
content-encoding: gzip
x-b: web1
last-modified: Mon, 27 Jan 2020 22:24:02 GMT
server: nginx
age: 1913
etag: W/"5e2f6302-13d6"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
x-varnish: 393050661 394692168
accept-ranges: bytes
content-length: 2149
x-cache-action: HIT
x-cache-hits: 99

GET
H2 200 payment_sofort.svg
www.kinoheld.de/images/payment/ Frame 5F07 4 KB
2 KB 106ms
104ms Image
image/svg+xml 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kinoheld.de/images/payment/payment_sofort.svg
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: f4c4ca8ca6f00d7f9dfe319d734158c7398b5bddae07cf448ab9d6be6a10e1c3

Request headers

Referer: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 09:42:30 GMT
content-encoding: gzip
x-b: web1
last-modified: Mon, 27 Jan 2020 22:24:02 GMT
server: nginx
age: 1933
etag: W/"5e2f6302-1085"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
x-varnish: 393050663 394569363
accept-ranges: bytes
content-length: 1956
x-cache-action: HIT
x-cache-hits: 129

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ Frame 5F07 92 KB
30 KB 95ms
66ms Script
application/javascript 2a00:1450:400c:c1b::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: www.kinoheld.de
URL: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9fb7f41e8dc19a17182b1e0afdc766bf9ca70316fccb8b8aba792413c8501732

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Fx/1UfPkY0n14bt789FTzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-Fx/1UfPkY0n14bt789FTzA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.kinoheld.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 09:42:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
cross-origin-opener-policy: same-origin; report-to="InstantbuyFrontendHttp"
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"InstantbuyFrontendHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendHttp/external"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=600
content-security-policy: script-src 'report-sample' 'nonce-Fx/1UfPkY0n14bt789FTzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-Fx/1UfPkY0n14bt789FTzA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
expires: Thu, 27 May 2021 09:42:30 GMT

GET
H2 200 0de600d1146392c7b1e5.min.js Show response
www.kinoheld.de/dist/widget/ Frame 5F07 372 KB
122 KB 59ms
58ms Script
application/javascript 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.kinoheld.de/dist/widget/0de600d1146392c7b1e5.min.js
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: c5e307ad18b5a2ba70951d50a4628f8042d5d8f7bca11b5996cabd45b46e9ed3

Request headers

Referer: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 09:42:30 GMT
content-encoding: gzip
x-b: web1
last-modified: Thu, 27 May 2021 04:09:01 GMT
server: nginx
age: 1947
etag: W/"60af1b5d-5ceab"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
x-varnish: 394150578 394692087
accept-ranges: bytes
content-length: 124541
x-cache-action: HIT
x-cache-hits: 476

GET
H2 200 c17804bca77c02d8694b.min.js Show response
www.kinoheld.de/dist/widget/ Frame 5F07 471 KB
108 KB 105ms
104ms Script
application/javascript 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.kinoheld.de/dist/widget/c17804bca77c02d8694b.min.js
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: b49daf1c1bd376ab5952c8018d430fc97102dccb137a4919d03b2dfc521b2ddd

Request headers

Referer: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 09:42:30 GMT
content-encoding: gzip
x-b: web1
last-modified: Thu, 27 May 2021 04:09:01 GMT
server: nginx
age: 1947
etag: W/"60af1b5d-75c50"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
x-varnish: 394694664 393956396
accept-ranges: bytes
content-length: 109976
x-cache-action: HIT
x-cache-hits: 474

POST
H2 200 getSeats Show response
www.kinoheld.de/ajax/ Frame 5F07 537 KB
21 KB 6790ms
6789ms Fetch
application/json 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.kinoheld.de/ajax/getSeats
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/dist/widget/0de600d1146392c7b1e5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: b351c930578464936a93877a68945194d6221a4c41b645e2d9f548c6145828bf

Request headers

Accept: application/json
Referer: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCsRCjYbWfNUrWB4E

Response headers

date: Thu, 27 May 2021 09:42:37 GMT
content-encoding: br
x-b: web1
server: nginx
age: 0
x-cache-action: MISS
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.kinoheld.de
access-control-allow-credentials: true
x-varnish: 394694666
accept-ranges: bytes
access-control-allow-headers: content-type

GET
H2 200 icons.6c668e1a092e34ea.json Show response
www.kinoheld.de/dist/icons/ Frame 5F07 18 KB
6 KB 57ms
57ms XHR
application/json 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.kinoheld.de/dist/icons/icons.6c668e1a092e34ea.json
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/dist/widget/0de600d1146392c7b1e5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: 687b4b7a9095d32f467d33e1d21cbacc7b4e9e064f68978ac206af1580433619

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.kinoheld.de/kino-esslingen/kino-auf-der-burg-esslingen/vorstellung/2362692696?layout=shows&mode=widget&cid=MTkyMzQ0NA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 09:42:31 GMT
content-encoding: gzip
x-b: web1
last-modified: Tue, 11 May 2021 14:49:38 GMT
server: nginx
age: 101
etag: "609a9982-4977"
vary: Accept-Encoding
content-type: application/json
cache-control: max-age=31104000, public
x-varnish: 393050665 357489911
accept-ranges: bytes
content-length: 6314
x-cache-action: HIT
x-cache-hits: 33

GET
H2 200 payframe Show response
pay.google.com/gp/p/ui/ Frame CE5C 20 KB
8 KB 219ms
218ms Document
text/html 2a00:1450:400c:c1b::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwww.kinoheld.de&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5f9d6c07400b894dd8585491cb1402b5a477c37b38ff8b08684dc20a3f73ec5b

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-8Q0IjfsJa/aLr8MCVE3qNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-8Q0IjfsJa/aLr8MCVE3qNg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pay.google.com
:scheme: https
:path: /gp/p/ui/payframe?origin=https%3A%2F%2Fwww.kinoheld.de&mid=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.kinoheld.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.kinoheld.de/

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
expires: Thu, 27 May 2021 09:42:31 GMT
date: Thu, 27 May 2021 09:42:31 GMT
cache-control: private, max-age=3600
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000
content-security-policy: require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-8Q0IjfsJa/aLr8MCVE3qNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-8Q0IjfsJa/aLr8MCVE3qNg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=216=ooYhCBQAcLITxfLUR18q1kUjSP-89nK3eoMG2Rc7S4iiDUo09oE3zr_z1QbRhVM2ZxDTMukns1senjIGLpGPVhmIZHaYanhzZOdbdqtQN3YaHiG1n3GchgmQvZpi7Pq5dEuqN7wwCD8I9DJWtfRpdYBgHo4xdnJ4sTQtLBLVPhU; expires=Fri, 26-Nov-2021 09:42:31 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/am=AkA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrj_fE... Frame CE5C 146 KB
51 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/am=AkA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrj_fEzb9SSa9erRZnyijrjbPadnGA/m=_b,_tp

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwww.kinoheld.de&mid=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08b45566853a784437c70422045e678fec13d1b441cc9918ada7fab89fa7f092

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 16:38:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 26 May 2021 05:25:55 GMT
server: sffe
age: 61457
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52280
x-xss-protection: 0
expires: Thu, 26 May 2022 16:38:14 GMT

GET
H3-29 200 m=byfTOb,lsjVmc,LEikZe Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.mfm... Frame CE5C 36 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.mfmyFJkmzco.L.B1.O/am=AkA/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/rs=AMitfrhG9Jmh3WyX4AMXWIFGj8vubjV0XA/m=byfTOb,lsjVmc,LEikZe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/am=AkA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrj_fEzb9SSa9erRZnyijrjbPadnGA/m=_b,_tp

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e10dd3a79e5bcd30b7e01e860acef59e4353ba72f27afc694be8b1ba2e4be27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 16:38:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 May 2021 21:00:33 GMT
server: sffe
age: 61457
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13331
x-xss-protection: 0
expires: Thu, 26 May 2022 16:38:14 GMT

GET
H3-29 200 m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.mfm... Frame CE5C 73 KB
26 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.mfmyFJkmzco.L.B1.O/am=AkA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/ed=1/wt=2/rs=AMitfrhG9Jmh3WyX4AMXWIFGj8vubjV0XA/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/am=AkA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrj_fEzb9SSa9erRZnyijrjbPadnGA/m=_b,_tp

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25651a825db4f1fa15724f2f93b3f5a5b2c6d60525a529191f698a9c5a550960

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 16:38:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 May 2021 21:00:33 GMT
server: sffe
age: 61457
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26921
x-xss-protection: 0
expires: Thu, 26 May 2022 16:38:14 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame CE5C 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.mfmyFJkmzco.L.B1.O/am=AkA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/ed=1/wt=2/rs=AMitfrhG9Jmh3WyX4AMXWIFGj8vubjV0XA/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 4539
date: Thu, 27 May 2021 08:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Thu, 27 May 2021 10:26:52 GMT

GET
H3-29 200 pay Show response
pay.google.com/gp/p/ui/ Frame CE5C 1 MB
345 KB 608ms
595ms XHR
text/html 2a00:1450:400c:c1b::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/am=AkA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrj_fEzb9SSa9erRZnyijrjbPadnGA/m=_b,_tp

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c1b::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

887a86de044ecdc39f48c356dd2009dbc6bfe359e5b6420fc5f7a47d45c44ed3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-X5bADrNBRry1iM6Yrn+OGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-X5bADrNBRry1iM6Yrn+OGg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge
server: ESF
cross-origin-opener-policy: unsafe-none
date: Thu, 27 May 2021 09:42:31 GMT
x-frame-options: DENY
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=3600
content-security-policy: script-src 'report-sample' 'nonce-X5bADrNBRry1iM6Yrn+OGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-X5bADrNBRry1iM6Yrn+OGg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
expires: Thu, 27 May 2021 09:42:31 GMT

POST
H3-29 200 log Show response
play.google.com/ Frame CE5C 131 B
154 B 55ms
42ms XHR
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/am=AkA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrj_fEzb9SSa9erRZnyijrjbPadnGA/m=_b,_tp

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 27 May 2021 09:42:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Thu, 27 May 2021 09:42:31 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 57ms
38ms Preflight
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Thu, 27 May 2021 09:42:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 09:42:31 GMT
cache-control: private

POST
H3-29 200 log Show response
play.google.com/ Frame CE5C 131 B
154 B 53ms
41ms XHR
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/am=AkA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrj_fEzb9SSa9erRZnyijrjbPadnGA/m=_b,_tp

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 27 May 2021 09:42:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Thu, 27 May 2021 09:42:31 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 49ms
38ms Preflight
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Thu, 27 May 2021 09:42:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 09:42:31 GMT
cache-control: private

POST
H3-29 200 log Show response
play.google.com/ Frame CE5C 131 B
154 B 52ms
40ms XHR
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/am=AkA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrj_fEzb9SSa9erRZnyijrjbPadnGA/m=_b,_tp

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 27 May 2021 09:42:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Thu, 27 May 2021 09:42:31 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 41ms
38ms Preflight
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Thu, 27 May 2021 09:42:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 27 May 2021 09:42:31 GMT
cache-control: private

GET
H3-29 200 m=Wt6vjf,_latency,FCpbqb,WhJNk,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.mfm... Frame CE5C 25 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.mfmyFJkmzco.L.B1.O/am=AkA/d=1/exm=Das5Le,IZT63,LEikZe,NpD4ec,PrPYRd,Ru0Pgb,SF3gsd,Y2UGcc,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/ed=1/wt=2/rs=AMitfrhG9Jmh3WyX4AMXWIFGj8vubjV0XA/m=Wt6vjf,_latency,FCpbqb,WhJNk,EFQ78c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/am=AkA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrj_fEzb9SSa9erRZnyijrjbPadnGA/m=_b,_tp

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d88dd1cadd750565f87f463556102f55736845f9af3203576d082fb3bb223309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 16:38:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 May 2021 21:00:33 GMT
server: sffe
age: 61457
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10206
x-xss-protection: 0
expires: Thu, 26 May 2022 16:38:14 GMT

GET
H3-29 200 m=lwddkf Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.mfm... Frame CE5C 260 B
191 B 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.mfmyFJkmzco.L.B1.O/am=AkA/d=1/exm=Das5Le,EFQ78c,FCpbqb,IZT63,LEikZe,NpD4ec,PrPYRd,Ru0Pgb,SF3gsd,WhJNk,Wt6vjf,Y2UGcc,ZyYHPb,_b,_latency,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/ed=1/wt=2/rs=AMitfrhG9Jmh3WyX4AMXWIFGj8vubjV0XA/m=lwddkf

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/am=AkA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrj_fEzb9SSa9erRZnyijrjbPadnGA/m=_b,_tp

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26b6a29d18339a5cf68bc6d4e17b6a52c2f0de7cbe79ea9d74a4886e57995561

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 16:38:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 May 2021 21:00:33 GMT
server: sffe
age: 61457
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 168
x-xss-protection: 0
expires: Thu, 26 May 2022 16:38:14 GMT

POST
H2 200 log Show response
play.google.com/ Frame CE5C 131 B
407 B 41ms
41ms XHR
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.eNeC0dqb0Ug.es5.O/am=AkA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrj_fEzb9SSa9erRZnyijrjbPadnGA/m=_b,_tp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 27 May 2021 09:42:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Thu, 27 May 2021 09:42:31 GMT

POST
H2 200 query Show response
graph.kinoheld.de/graphql/v1/ Frame 5F07 116 B
496 B 251ms
250ms XHR
application/json 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://graph.kinoheld.de/graphql/v1/query?lang=en
Requested by: Host: www.kinoheld.de
URL: https://www.kinoheld.de/dist/widget/0de600d1146392c7b1e5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash: 50137f53694231db474df74fde448c60fba1796c3f02758a34ccecd868e22b36

Request headers

Accept: application/json
Referer: https://www.kinoheld.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 27 May 2021 09:42:39 GMT
content-encoding: br
x-b: web1
age: 0
content-length: 101
pragma: no-cache
server: nginx
x-cache-action: MISS
vary: Accept-Encoding
x-varnish: 393856265
access-control-allow-origin: https://www.kinoheld.de
access-control-expose-headers: date
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/json; charset=utf-8
access-control-allow-headers: content-type, x-forwarded-for
expires: Thu, 19 Nov 1981 08:52:00 GMT

OPTIONS
H2 200 query
graph.kinoheld.de/graphql/v1/ Frame 0
0 180ms
60ms Preflight
text/html 87.238.197.76
EVANZOAS

General

Check archive.org

Show headers Download Go to

Full URL: https://graph.kinoheld.de/graphql/v1/query?lang=en
Protocol: H2
Server: 87.238.197.76 , Germany, ASN42730 (EVANZOAS, DE),
Reverse DNS: kinoheld.de
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.kinoheld.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Thu, 27 May 2021 09:42:38 GMT
content-type: text/html; charset=utf-8
content-length: 1
vary: Accept-Encoding
access-control-allow-origin: https://www.kinoheld.de
access-control-allow-credentials: true
access-control-allow-headers: content-type, x-forwarded-for
access-control-expose-headers: date
content-encoding: br
x-b: web1
x-varnish: 393856262
age: 0
x-cache-action: MISS
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.google.com/	1970-01-19 22:58:39	Name: NID Value: 216=ooYhCBQAcLITxfLUR18q1kUjSP-89nK3eoMG2Rc7S4iiDUo09oE3zr_z1QbRhVM2ZxDTMukns1senjIGLpGPVhmIZHaYanhzZOdbdqtQN3YaHiG1n3GchgmQvZpi7Pq5dEuqN7wwCD8I9DJWtfRpdYBgHo4xdnJ4sTQtLBLVPhU

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://www.kinoheld.de/dist/widget/0de600d1146392c7b1e5.min.js(Line 98) Message: Local storage is not supported

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

contra-corona.org
graph.kinoheld.de
pay.google.com
play.google.com
www.contra-corona.de
www.google-analytics.com
www.gstatic.com
www.kinoheld.de
178.254.50.207
2a00:1450:4001:801::200e
2a00:1450:4001:827::200e
2a00:1450:4001:831::2003
2a00:1450:400c:c1b::5c
87.238.197.76
95.128.203.9
08b45566853a784437c70422045e678fec13d1b441cc9918ada7fab89fa7f092
21510e502f9af79172468d637ea6c43b3bc0fe72878f398349112e2c938c4a79
25651a825db4f1fa15724f2f93b3f5a5b2c6d60525a529191f698a9c5a550960
26b6a29d18339a5cf68bc6d4e17b6a52c2f0de7cbe79ea9d74a4886e57995561
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
3e10dd3a79e5bcd30b7e01e860acef59e4353ba72f27afc694be8b1ba2e4be27
48e5f3b832a3f5c0c3668ef5054d1cfe039f310040febae557583211f7962df8
50137f53694231db474df74fde448c60fba1796c3f02758a34ccecd868e22b36
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
533d3b4525a72a057ef92a6c790d5ab2dd0d89bfbed45ee269087648b83a6dca
5f9d6c07400b894dd8585491cb1402b5a477c37b38ff8b08684dc20a3f73ec5b
687b4b7a9095d32f467d33e1d21cbacc7b4e9e064f68978ac206af1580433619
77af2758711aa95fa979bb7cf9c93363a7c1d8a33ec796123180a5c3cce7cf50
887a86de044ecdc39f48c356dd2009dbc6bfe359e5b6420fc5f7a47d45c44ed3
94d745bff5123cf6a6acce21a929ebd2ddde2d489e17baee7b693cf62c83d028
9fb7f41e8dc19a17182b1e0afdc766bf9ca70316fccb8b8aba792413c8501732
b351c930578464936a93877a68945194d6221a4c41b645e2d9f548c6145828bf
b49daf1c1bd376ab5952c8018d430fc97102dccb137a4919d03b2dfc521b2ddd
c5e307ad18b5a2ba70951d50a4628f8042d5d8f7bca11b5996cabd45b46e9ed3
d88dd1cadd750565f87f463556102f55736845f9af3203576d082fb3bb223309
e9f72131a52e6dba493fcf21d5e25958b0f70848307e3a326ca6b920ceb3e809
ef0aacc2c998071716c0676f5a64679dd84fde59a5a34a3928ac8f4a8ea59bc4
f4c4ca8ca6f00d7f9dfe319d734158c7398b5bddae07cf448ab9d6be6a10e1c3
f6c5b3c643af4a656cc60170a516b2f68c232f9039634b76cfc67b61e9da6797

www.contra-corona.de Open in urlscan Pro 178.254.50.207 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

31 Requests

97 %HTTPS

57 %IPv6

6 Domains

8 Subdomains

6 IPs

2 Countries

816 kBTransfer

3357 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.contra-corona.de Open in urlscan Pro
178.254.50.207 Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

97 %
HTTPS

57 %
IPv6

6
Domains

8
Subdomains

6
IPs

2
Countries

816 kB
Transfer

3357 kB
Size

1
Cookies

31 HTTP transactions
0 data transactions