www.kangaroturf.c4s.online Open in urlscan Pro
2001:41d0:301::20 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.kangaroturf.c4s.online/
Submission: On May 31 via manual (May 31st 2023, 1:10:57 am UTC) from MA — Scanned from FR

Summary HTTP 41 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 16 IPs in 3 countries across 12 domains to perform 41 HTTP transactions. The main IP is 2001:41d0:301::20, located in France and belongs to OVH, FR. The main domain is www.kangaroturf.c4s.online.

This is the only time www.kangaroturf.c4s.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	2001:41d0:301... 2001:41d0:301::20	16276 (OVH) (OVH)
5 5	2606:4700:303... 2606:4700:3038::6815:ea1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	37.59.45.66 37.59.45.66	16276 (OVH) (OVH)
3 3	2606:4700:303... 2606:4700:3038::6815:ea1b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	212.27.63.154 212.27.63.154	12322 (PROXAD) (PROXAD)
2	46.105.57.169 46.105.57.169	16276 (OVH) (OVH)
2 4	194.150.236.236 194.150.236.236	44976 (HIWIT_AS) (HIWIT_AS)
3	2001:41d0:301... 2001:41d0:301::28	16276 (OVH) (OVH)
13	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	151.101.130.133 151.101.130.133	54113 (FASTLY) (FASTLY)
1	151.101.193.35 151.101.193.35	54113 (FASTLY) (FASTLY)
1 2	64.4.245.84 64.4.245.84	17012 (PAYPAL) (PAYPAL)
1	2a04:4e42::291 2a04:4e42::291	54113 (FASTLY) (FASTLY)
41	16

9 2001:41d0:301::20 (France)

ASN16276 (OVH, FR)

www.kangaroturf.c4s.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.pmu-net.lachezvos.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kangaroturf.c4s.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.mini-turf.c4s.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.erfolg.c4s.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3038::6815:ea1a (United States) 5 redirects

ASN13335 (CLOUDFLARENET, US)

img.root-top.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.59.45.66 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ns3048900.ip-37-59-45.eu

nsa39.casimages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3038::6815:ea1b (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

img.root-top.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

4.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.27.63.154 (France)

ASN12322 (PROXAD, FR)
PTR: perso154-g5.free.fr

lemagicienduturf.free.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.105.57.169 (France)

ASN16276 (OVH, FR)
PTR: cluster020.hosting.ovh.net

pronosgratuit.lachezvos.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.extra-derby.c4s.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 194.150.236.236 (France) 2 redirects

ASN44976 (HIWIT_AS, FR)
PTR: ns76.hiwit.net

www.ogalopcourse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:41d0:301::28 (France)

ASN16276 (OVH, FR)

www.dueldescracks.siteneti.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jeuxsurs.siteneti.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.133 (United States)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.4.245.84 (United States) 1 redirects

ASN17012 (PAYPAL, US)

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dub.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::291 (United States)

ASN54113 (FASTLY, US)

c6.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	paypal.com 1 redirects www.paypal.com — Cisco Umbrella Rank: 2338 t.paypal.com — Cisco Umbrella Rank: 3072 c.paypal.com — Cisco Umbrella Rank: 5288 b.stats.paypal.com — Cisco Umbrella Rank: 4823 dub.stats.paypal.com — Cisco Umbrella Rank: 21859 c6.paypal.com — Cisco Umbrella Rank: 6204	304 KB
9	c4s.online www.kangaroturf.c4s.online kangaroturf.c4s.online www.mini-turf.c4s.online www.erfolg.c4s.online www.extra-derby.c4s.online	1 MB
8	root-top.com 8 redirects img.root-top.com	4 KB
4	ogalopcourse.com 2 redirects www.ogalopcourse.com	16 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30 region1.google-analytics.com — Cisco Umbrella Rank: 2230	21 KB
3	siteneti.net www.dueldescracks.siteneti.net jeuxsurs.siteneti.net	383 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2231	5 KB
2	lachezvos.pro www.pmu-net.lachezvos.pro pronosgratuit.lachezvos.pro	19 KB
2	casimages.com 1 redirects nsa39.casimages.com	14 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	73 KB
1	free.fr lemagicienduturf.free.fr
1	blogspot.com 4.bp.blogspot.com — Cisco Umbrella Rank: 13734	22 KB
41	12

	Domain	Requested by
8	www.paypal.com	www.kangaroturf.c4s.online www.paypal.com
8	img.root-top.com	8 redirects
5	c.paypal.com	www.paypal.com c.paypal.com
4	www.ogalopcourse.com	2 redirects www.kangaroturf.c4s.online
3	kangaroturf.c4s.online	www.kangaroturf.c4s.online
3	www.kangaroturf.c4s.online	www.kangaroturf.c4s.online
2	www.paypalobjects.com	www.kangaroturf.c4s.online
2	www.google-analytics.com	www.kangaroturf.c4s.online www.google-analytics.com
2	jeuxsurs.siteneti.net	www.kangaroturf.c4s.online
2	nsa39.casimages.com	1 redirects www.kangaroturf.c4s.online
1	c6.paypal.com
1	dub.stats.paypal.com	www.paypal.com
1	b.stats.paypal.com	1 redirects
1	t.paypal.com	www.kangaroturf.c4s.online
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	www.google-analytics.com
1	www.extra-derby.c4s.online	www.kangaroturf.c4s.online
1	www.erfolg.c4s.online	www.kangaroturf.c4s.online
1	www.mini-turf.c4s.online	www.kangaroturf.c4s.online
1	www.dueldescracks.siteneti.net	www.kangaroturf.c4s.online
1	pronosgratuit.lachezvos.pro	www.kangaroturf.c4s.online
1	www.pmu-net.lachezvos.pro	www.kangaroturf.c4s.online
1	lemagicienduturf.free.fr	www.kangaroturf.c4s.online
1	4.bp.blogspot.com	www.kangaroturf.c4s.online
41	24

This site contains links to these domains. Also see Links.

Domain
www.root-top.com
www.ogalopcourse.com
www.expertduturf.net
www.lemagicienduturf.siteneti.net
www.dueldescracks.siteneti.net
www.ivressedesgains.siteneti.net
www.mini-turf.c4s.online
www.erfolg.c4s.online
www.extra-derby.c4s.online
jeuxsurs.siteneti.net
www.snap-turf.lachezvos.pro
www.prin-turf.lachezvos.pro
www.kriturf.lachezvos.pro
www.stephturf.lachezvos.pro
www.echo-pmu.lachezvos.pro
www.six-partants.c4s.online
www.turfpatron.lachezvos.pro
www.tourdegarde.c4s.online
www.herosturf.c4s.online
www.a-turf.lachezvos.pro
www.espace-turf.c4s.online

Subject Issuer	Validity	Valid
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-11-09` - `2023-12-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA	`2022-10-13` - `2023-11-13`	a year	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-10-19` - `2023-11-19`	a year	crt.sh

This page contains 5 frames:

Primary Page: http://www.kangaroturf.c4s.online/
Frame ID: C2D73149780D0AA0E55317ED025A1510
Requests: 27 HTTP requests in this frame

Frame: https://www.paypal.com/smart/buttons?style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.377&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhXUGxqU1JfVjIxUXBfVnZFeVg0Z2x3R0U0WnBUb1hMbWVGYURDZEhMcTJaQVBsUno1aXNGVE9sRWJQal85bllabUdMbGlUVWtUYldscmQmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&sdkCorrelationID=f835355c4485e&storageID=uid_f4022abfeb_mde6mta6nti&sessionID=uid_3abe0cb53e_mde6mta6nti&buttonSessionID=uid_c2519200eb_mde6mta6nti&env=production&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwid2VjaGF0cGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInBheXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmxpayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ0cnVzdGx5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm94eG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfSwic2F0aXNwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGFpZHkiOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Frame ID: DFE245A0084749E713A53C5CC7CEF944
Requests: 7 HTTP requests in this frame

Frame: https://www.paypalobjects.com/js-sdk-logos/2.2.7/paypal-blue.svg
Frame ID: E06A45CE1CD2A0DFA2007CBB4663AB14
Requests: 2 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: 76072834CBDCDE6D3D953DF4A086B2F4
Requests: 5 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_3abe0cb53e_mde6mta6nti&s=SMART_PAYMENT_BUTTONS
Frame ID: 69827ADB347F4F5A60F9ABD55C382849
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gratuit KANGARO-TURF

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

41
Requests

51 %
HTTPS

53 %
IPv6

12
Domains

24
Subdomains

16
IPs

3
Countries

2169 kB
Transfer

3094 kB
Size

13
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: http://www.root-top.com/topsite/topgenie/in.php?ID=30

Search URL Search Domain Scan URL

URL: http://www.root-top.com/topsite/topturfjs/in.php?ID=1683

Search URL Search Domain Scan URL

URL: http://www.root-top.com/topsite/exelturf/in.php?ID=365

Search URL Search Domain Scan URL

URL: http://www.root-top.com/topsite/pmuchampion/in.php?ID=152

Search URL Search Domain Scan URL

URL: http://www.root-top.com/topsite/astropmu/in.php?ID=164

Search URL Search Domain Scan URL

URL: http://www.ogalopcourse.com//vote.php?id=1799

Search URL Search Domain Scan URL

URL: https://www.expertduturf.net/

Search URL Search Domain Scan URL

URL: http://www.lemagicienduturf.siteneti.net/

Search URL Search Domain Scan URL

URL: http://www.dueldescracks.siteneti.net/

Search URL Search Domain Scan URL

URL: http://www.ivressedesgains.siteneti.net/

Search URL Search Domain Scan URL

URL: http://www.mini-turf.c4s.online/

Search URL Search Domain Scan URL

URL: http://www.root-top.com/topsite/pmuchampion

Search URL Search Domain Scan URL

URL: http://www.erfolg.c4s.online/

Search URL Search Domain Scan URL

URL: http://www.extra-derby.c4s.online/

Search URL Search Domain Scan URL

URL: http://jeuxsurs.siteneti.net/

Search URL Search Domain Scan URL

URL: http://www.snap-turf.lachezvos.pro/index.php
Title: Snap-turf

Search URL Search Domain Scan URL

URL: http://www.prin-turf.lachezvos.pro/index.php
Title: Prin-turf

Search URL Search Domain Scan URL

URL: http://www.kriturf.lachezvos.pro/
Title: Kriturf

Search URL Search Domain Scan URL

URL: http://www.stephturf.lachezvos.pro/
Title: Stephturf

Search URL Search Domain Scan URL

URL: http://www.echo-pmu.lachezvos.pro/
Title: Echo-Pmu

Search URL Search Domain Scan URL

URL: http://www.six-partants.c4s.online/index.php
Title: Six-partants

Search URL Search Domain Scan URL

URL: http://www.turfpatron.lachezvos.pro/index.php
Title: Turf-Patron

Search URL Search Domain Scan URL

URL: http://www.tourdegarde.c4s.online/index.php
Title: Tourdegarde

Search URL Search Domain Scan URL

URL: http://www.herosturf.c4s.online/
Title: Heros-turf

Search URL Search Domain Scan URL

URL: http://www.a-turf.lachezvos.pro/
Title: A-TURF

Search URL Search Domain Scan URL

URL: http://www.espace-turf.c4s.online/
Title: Espaceturf

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://img.root-top.com/topsite/topgenie/banner.gif HTTP 302
http://nsa39.casimages.com/img/2018/02/02/180202113201382213.gif HTTP 301
https://nsa39.casimages.com/img/2018/02/02/180202113201382213.gif

Request Chain 2

http://img.root-top.com/topsite/topturfjs/banner.gif HTTP 301
https://img.root-top.com/topsite/topturfjs/banner.gif HTTP 302
https://4.bp.blogspot.com/-9rgHikzhRtk/WaBw8I7Z2DI/AAAAAAAAEis/uMbu7FpqG1oPo5ccQXvThtIpcLRuvZW1QCLcBGAs/s1600/TOPSITE0.gif

Request Chain 3

http://img.root-top.com/topsite/exelturf/banner.gif HTTP 301
https://img.root-top.com/topsite/exelturf/banner.gif HTTP 302
http://lemagicienduturf.free.fr/images/exelturf.jpg

Request Chain 4

http://img.root-top.com/topsite/pmuchampion/banner.gif HTTP 301
https://img.root-top.com/topsite/pmuchampion/banner.gif HTTP 302
http://www.pmu-net.lachezvos.pro/image/pmuchmpi.gif

Request Chain 5

https://img.root-top.com/topsite/astropmu/banner.gif HTTP 302
https://pronosgratuit.lachezvos.pro/image/ASTRO

Request Chain 6

http://www.ogalopcourse.com//logo.gif HTTP 301
https://www.ogalopcourse.com/logo.gif

Request Chain 17

http://www.ogalopcourse.com/img/new.gif HTTP 301
https://www.ogalopcourse.com/img/new.gif

Request Chain 33

https://b.stats.paypal.com/v2/counter.cgi?p=uid_3abe0cb53e_mde6mta6nti&s=SMART_PAYMENT_BUTTONS HTTP 302
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_3abe0cb53e_mde6mta6nti&s=SMART_PAYMENT_BUTTONS

41 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.kangaroturf.c4s.online/ 12 KB
4 KB 123ms
22ms Document
text/html 2001:41d0:301::20
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 2001:41d0:301::20 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache / PHP/5.6
Resource Hash: 313463daf18556ba27111226c07ed8d148e97e032e5facc3a69205e8edb0740e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 31 May 2023 01:10:51 GMT
server: Apache
transfer-encoding: chunked
vary: Accept-Encoding
x-iplb-instance: 38229
x-iplb-request-id: 200141D0000D364D0000000000000007:D58C_200141D0030100000000000000000020:0050_64769E9B_7317:2EB88
x-powered-by: PHP/5.6

GET
H/1.1 200
OK jeux.css
www.kangaroturf.c4s.online/css/ 5 KB
2 KB 16ms
16ms Stylesheet
text/css 2001:41d0:301::20
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.kangaroturf.c4s.online/css/jeux.css
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 2001:41d0:301::20 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: aca399ee8d009651a2fa7bd4605a2cb13d62fb076654880a35ece5e711cf0017

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:51 GMT
content-encoding: gzip
last-modified: Wed, 18 May 2022 10:43:42 GMT
server: Apache
x-iplb-request-id: 200141D0000D364D0000000000000007:D58C_200141D0030100000000000000000020:0050_64769E9B_731C:2EB88
x-iplb-instance: 38229
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=900
accept-ranges: bytes
content-length: 1218
expires: Wed, 31 May 2023 01:25:51 GMT

GET
H/1.1

200
OK

180202113201382213.gif
nsa39.casimages.com/img/2018/02/02/
Redirect Chain

https://img.root-top.com/topsite/topgenie/banner.gif
http://nsa39.casimages.com/img/2018/02/02/180202113201382213.gif
https://nsa39.casimages.com/img/2018/02/02/180202113201382213.gif

14 KB
14 KB

72ms
16ms

Image
image/gif

37.59.45.66
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nsa39.casimages.com/img/2018/02/02/180202113201382213.gif

Requested by

Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/

Protocol

HTTP/1.1

Server

37.59.45.66 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3048900.ip-37-59-45.eu

Software

Apache /

Resource Hash

185959e38219251738be2a2c8b1340f4533cfe2f86b3dc01a8faf13e34f53744

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Wed, 31 May 2023 01:15:25 GMT
Strict-Transport-Security: max-age=31556926
Last-Modified: Fri, 02 Feb 2018 10:28:20 GMT
Server: Apache
ETag: "436d286-36c8-564382bd6d900"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 14024

Redirect headers

Location: https://nsa39.casimages.com/img/2018/02/02/180202113201382213.gif
Date: Wed, 31 May 2023 01:15:25 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1

GET
H2

200

TOPSITE0.gif
4.bp.blogspot.com/-9rgHikzhRtk/WaBw8I7Z2DI/AAAAAAAAEis/uMbu7FpqG1oPo5ccQXvThtIpcLRuvZW1QCLcBGAs/s1600/
Redirect Chain

http://img.root-top.com/topsite/topturfjs/banner.gif
https://img.root-top.com/topsite/topturfjs/banner.gif
https://4.bp.blogspot.com/-9rgHikzhRtk/WaBw8I7Z2DI/AAAAAAAAEis/uMbu7FpqG1oPo5ccQXvThtIpcLRuvZW1QCLcBGAs/s1600/TOPSITE0.gif

21 KB
22 KB

106ms
26ms

Image
image/gif

2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://4.bp.blogspot.com/-9rgHikzhRtk/WaBw8I7Z2DI/AAAAAAAAEis/uMbu7FpqG1oPo5ccQXvThtIpcLRuvZW1QCLcBGAs/s1600/TOPSITE0.gif

Requested by

Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/

Protocol

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

cf9ffb799d5f1da8a6cb532f4bc6e62f294d1d717dd5e6471723755d38b032a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 00:36:51 GMT
x-content-type-options: nosniff
age: 2041
content-disposition: inline;filename="TOPSITE0.gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21771
x-xss-protection: 0
server: fife
etag: "v122d"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 01 Jun 2023 00:36:51 GMT

Redirect headers

date: Wed, 31 May 2023 01:10:52 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2M5as1RhU%2FR3LicPvt%2FwnlqMb%2BtHCwpJGnT3W1%2BTcvs83GVjPKstqYBkQl%2Bvl5Kr057yyXtsw9ULXO97hDkMRL1TQqDO5SlXgth%2BPpcU0jHVTtlEwvU17q%2FeyBf2aylOTmiv5779XPJzQYdjsaqZ"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: https://4.bp.blogspot.com/-9rgHikzhRtk/WaBw8I7Z2DI/AAAAAAAAEis/uMbu7FpqG1oPo5ccQXvThtIpcLRuvZW1QCLcBGAs/s1600/TOPSITE0.gif
cf-ray: 7cfb56ef0e78f0fc-CDG
alt-svc: h3=":443"; ma=86400

GET
H/1.1

403
Forbidden

exelturf.jpg
lemagicienduturf.free.fr/images/
Redirect Chain

http://img.root-top.com/topsite/exelturf/banner.gif
https://img.root-top.com/topsite/exelturf/banner.gif
http://lemagicienduturf.free.fr/images/exelturf.jpg

0
0

74ms
19ms

Image
text/html

212.27.63.154
PROXAD

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://lemagicienduturf.free.fr/images/exelturf.jpg
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 212.27.63.154 , France, ASN12322 (PROXAD, FR),
Reverse DNS: perso154-g5.free.fr
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Redirect headers

date: Wed, 31 May 2023 01:10:52 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AaThQ6KCOKRgY2Q8r%2B9j5ZDgkoA1DlCUG8WiMcGBVxyG1%2BtvlWw%2BaDmRxf27aPzNKr0KkIRGpbYcUy1tZvT%2FzXF5QkdbZSf2umqYzX3pbrHPUsqEkmGjyk%2F8H717qJj3Uvtx6v9doBbz1P1z9oX7"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: http://lemagicienduturf.free.fr/images/exelturf.jpg
cf-ray: 7cfb56ef0e7af0fc-CDG
alt-svc: h3=":443"; ma=86400

GET
H/1.1

200
OK

pmuchmpi.gif
www.pmu-net.lachezvos.pro/image/
Redirect Chain

http://img.root-top.com/topsite/pmuchampion/banner.gif
https://img.root-top.com/topsite/pmuchampion/banner.gif
http://www.pmu-net.lachezvos.pro/image/pmuchmpi.gif

9 KB
9 KB

182ms
16ms

Image
image/gif

2001:41d0:301::20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.pmu-net.lachezvos.pro/image/pmuchmpi.gif
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 2001:41d0:301::20 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: aed59e8323afae6683109f7202e812c6641c3775e23aac648097cf702f462d1a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:52 GMT
last-modified: Sun, 01 Dec 2019 13:31:47 GMT
server: Apache
x-iplb-request-id: 200141D0000D364D0000000000000007:D5B8_200141D0030100000000000000000020:0050_64769E9C_1E8D:1063B
x-iplb-instance: 17196
content-type: image/gif
cache-control: max-age=900
accept-ranges: bytes
content-length: 9008
expires: Wed, 31 May 2023 01:25:52 GMT

Redirect headers

date: Wed, 31 May 2023 01:10:51 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2FhL6%2FRZr6%2FW8cQ812NSzR78d85Q0m9KKQqxqFFvJ0IFsI%2FkLfcIUld82wJ95UwVISzd2cDy65jgc2C1Gc9y2FdnL%2Bk1bJOGAeOTRZwbHBpZHhf6Jru2mg1NPvtDcSAS0W7CmVyc7uZhrtve9OUx"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: http://www.pmu-net.lachezvos.pro/image/pmuchmpi.gif
cf-ray: 7cfb56ee9e2af0fc-CDG
alt-svc: h3=":443"; ma=86400

GET
H2

200

ASTRO
pronosgratuit.lachezvos.pro/image/
Redirect Chain

https://img.root-top.com/topsite/astropmu/banner.gif
https://pronosgratuit.lachezvos.pro/image/ASTRO

10 KB
10 KB

453ms
272ms

Image
image/gif

46.105.57.169
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pronosgratuit.lachezvos.pro/image/ASTRO
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: H2
Server: 46.105.57.169 , France, ASN16276 (OVH, FR),
Reverse DNS: cluster020.hosting.ovh.net
Software: Apache /
Resource Hash: 000127d6fa63290a03f275ce0701147e784eb23a91f5246d92fd8bcfad252b21

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:52 GMT
last-modified: Fri, 03 Mar 2023 18:12:41 GMT
server: Apache
vary: negotiate
content-type: image/gif
cache-control: max-age=900
tcn: choice
accept-ranges: bytes
content-location: ASTRO.gif
content-length: 10179
expires: Wed, 31 May 2023 01:25:52 GMT

Redirect headers

date: Wed, 31 May 2023 01:10:51 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kjH95HgeKZE%2FT0%2BUAE6V5i%2Bz%2BijZsWGwz2dMuypzd3se4dzS5n81LaDV4A3vjPc8mW4kCJbHYQ3jLa7F%2FNB6OqSbWUvPNW1riTAqB5hn5BlZ6H7IG2r%2BWuYG0UagFrAhc85OxmQA516px1MlIE04"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: https://pronosgratuit.lachezvos.pro/image/ASTRO
cf-ray: 7cfb56ee7e1ef0fc-CDG
alt-svc: h3=":443"; ma=86400

GET
H/1.1

200
OK

logo.gif
www.ogalopcourse.com/
Redirect Chain

http://www.ogalopcourse.com//logo.gif
https://www.ogalopcourse.com/logo.gif

12 KB
12 KB

105ms
24ms

Image
image/gif

194.150.236.236
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ogalopcourse.com/logo.gif

Requested by

Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/

Protocol

HTTP/1.1

Server

194.150.236.236 , France, ASN44976 (HIWIT_AS, FR),

Reverse DNS

ns76.hiwit.net

Software

Apache /

Resource Hash

dd112777fc359a6685659e7c18782167c3995a9d75f5d5a39a4098bf36ad11a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Wed, 31 May 2023 01:10:52 GMT
Strict-Transport-Security: max-age=15768000
Last-Modified: Sun, 07 Aug 2022 16:40:22 GMT
Server: Apache
ETag: "28e945b-2f72-5e5a95af82980"
Vary: Host
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 12146

Redirect headers

Date: Wed, 31 May 2023 01:10:51 GMT
X-Pad: avoid browser bug
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Location: https://www.ogalopcourse.com/logo.gif
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Content-Length: 245

GET
H/1.1 200
OK expertduturf.gif
kangaroturf.c4s.online/image/ 26 KB
26 KB 51ms
16ms Image
image/gif 2001:41d0:301::20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://kangaroturf.c4s.online/image/expertduturf.gif
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 2001:41d0:301::20 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 5eab03e0bb9a776cffe4e912fc45550c384c2ad112b48b331dddd43a0303022a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:51 GMT
last-modified: Mon, 13 Mar 2023 12:22:16 GMT
server: Apache
x-iplb-request-id: 200141D0000D364D0000000000000007:D596_200141D0030100000000000000000020:0050_64769E9B_159E:1063A
x-iplb-instance: 17196
content-type: image/gif
cache-control: max-age=900
accept-ranges: bytes
content-length: 26267
expires: Wed, 31 May 2023 01:25:51 GMT

GET
H/1.1 200
OK lemagicienduturf.gif
kangaroturf.c4s.online/image/ 53 KB
53 KB 51ms
16ms Image
image/gif 2001:41d0:301::20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://kangaroturf.c4s.online/image/lemagicienduturf.gif
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 2001:41d0:301::20 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 23118bf6eebbbc12d6544b73bf5fcb46ff0290e3b6afa5c1e332ae186b7ee56b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:51 GMT
last-modified: Thu, 06 Apr 2023 19:59:42 GMT
server: Apache
x-iplb-request-id: 200141D0000D364D0000000000000007:D5A0_200141D0030100000000000000000020:0050_64769E9B_07E0:10637
x-iplb-instance: 17196
content-type: image/gif
cache-control: max-age=900
accept-ranges: bytes
content-length: 54195
expires: Wed, 31 May 2023 01:25:51 GMT

GET
H/1.1 200
OK dueldescracks.gif
www.dueldescracks.siteneti.net/ 36 KB
36 KB 101ms
43ms Image
image/gif 2001:41d0:301::28
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.dueldescracks.siteneti.net/dueldescracks.gif
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 2001:41d0:301::28 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 359a7a4381cf4c25ffb63b281e93b98b7f43d664dbc00e12cc3a065596e95516

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:51 GMT
last-modified: Thu, 06 Apr 2023 18:29:01 GMT
server: Apache
x-iplb-request-id: 200141D0000D364D0000000000000007:B8D8_200141D0030100000000000000000028:0050_64769E9B_111A:112D3
x-iplb-instance: 32678
content-type: image/gif
cache-control: max-age=900
accept-ranges: bytes
content-length: 36694
expires: Wed, 31 May 2023 01:25:51 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ 269 KB
76 KB 590ms
518ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&enable-funding=venmo&currency=USD

Requested by

Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/35CB) /

Resource Hash

23dd32e28f2813953b96cce78c5da9c3a5b28e0ab371c4f84230a4960d0c2e69

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-2FeV9Pq6/q8JUqLt/WxN3rZy9q9k0Gpuslo0Hq18gHTZCYo+' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-2FeV9Pq6/q8JUqLt/WxN3rZy9q9k0Gpuslo0Hq18gHTZCYo+' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-2FeV9Pq6/q8JUqLt/WxN3rZy9q9k0Gpuslo0Hq18gHTZCYo+' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-2FeV9Pq6/q8JUqLt/WxN3rZy9q9k0Gpuslo0Hq18gHTZCYo+' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 31 May 2023 01:10:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
p3p: true
paypal-debug-id: 05b288090b278
server-timing: traceparent;desc="00-000000000000000000005b288090b278-365644832ae5267d-01", content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 75792
x-xss-protection: 1; mode=block
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server: ECAcc (lhd/35CB)
traceparent: 00-000000000000000000005b288090b278-996259d1ece277e8-01
etag: W/"12810-KUf/1ux+Liw2qoSxQByXZP+U5WA"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin: *

GET
H/1.1 200
OK ivressedesgains.gif
kangaroturf.c4s.online/image/ 100 KB
100 KB 41ms
16ms Image
image/gif 2001:41d0:301::20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://kangaroturf.c4s.online/image/ivressedesgains.gif
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 2001:41d0:301::20 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: df71cf0774d4371a24620b26bc37304db8f4e58a0ce1204be218d49c00bbaca8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:51 GMT
last-modified: Thu, 20 Apr 2023 08:56:24 GMT
server: Apache
x-iplb-request-id: 200141D0000D364D0000000000000007:D5AC_200141D0030100000000000000000020:0050_64769E9B_1E57:36EF
x-iplb-instance: 38228
content-type: image/gif
cache-control: max-age=900
accept-ranges: bytes
content-length: 102417
expires: Wed, 31 May 2023 01:25:51 GMT

GET
H/1.1 200
OK mini%20turf.jpg
www.mini-turf.c4s.online/banniere/ 278 KB
278 KB 49ms
15ms Image
image/jpeg 2001:41d0:301::20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.mini-turf.c4s.online/banniere/mini%20turf.jpg
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 2001:41d0:301::20 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 3b4d7c223f67b89c4d51f5a523f1e27b78bd5f559a7f7042309fe97f43085c8b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:51 GMT
last-modified: Thu, 29 Mar 2018 09:10:41 GMT
server: Apache
x-iplb-request-id: 200141D0000D364D0000000000000007:D5B2_200141D0030100000000000000000020:0050_64769E9B_0FF4:39D4
x-iplb-instance: 18163
content-type: image/jpeg
cache-control: max-age=900
accept-ranges: bytes
content-length: 284220
expires: Wed, 31 May 2023 01:25:51 GMT

GET
H/1.1 200
OK PMUCH.gif
jeuxsurs.siteneti.net/image/ 37 KB
37 KB 49ms
18ms Image
image/gif 2001:41d0:301::28
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://jeuxsurs.siteneti.net/image/PMUCH.gif
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 2001:41d0:301::28 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 853003068526c8290a08b44e300be0151e9e9a433699d18f436fcbf0e07ae9ae

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:51 GMT
last-modified: Sat, 30 Nov 2019 14:57:16 GMT
server: Apache
x-iplb-request-id: 200141D0000D364D0000000000000007:B8CA_200141D0030100000000000000000028:0050_64769E9B_A42C:112DB
x-iplb-instance: 32678
content-type: image/gif
cache-control: max-age=900
accept-ranges: bytes
content-length: 37913
expires: Wed, 31 May 2023 01:25:51 GMT

GET
H/1.1 200
OK erfolg.png
www.erfolg.c4s.online/banniere/ 305 KB
306 KB 75ms
16ms Image
image/png 2001:41d0:301::20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.erfolg.c4s.online/banniere/erfolg.png
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 2001:41d0:301::20 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 284477d57113b864ab1c02e58d2f616555afa49abc77f7641d941d78eb38f853

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:51 GMT
last-modified: Sun, 15 Jul 2018 17:37:22 GMT
server: Apache
x-iplb-request-id: 200141D0000D364D0000000000000007:D5B6_200141D0030100000000000000000020:0050_64769E9B_9CF5:2EB89
x-iplb-instance: 38229
content-type: image/png
cache-control: max-age=900
accept-ranges: bytes
content-length: 312534
expires: Wed, 31 May 2023 01:25:51 GMT

GET
H/1.1 200
OK Extra%20derby.gif
www.extra-derby.c4s.online/banniere/ 204 KB
204 KB 93ms
33ms Image
image/gif 46.105.57.169
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.extra-derby.c4s.online/banniere/Extra%20derby.gif
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 46.105.57.169 , France, ASN16276 (OVH, FR),
Reverse DNS: cluster020.hosting.ovh.net
Software: Apache /
Resource Hash: 09800505d37a8c898f371e77d71724667a748de947a00292cb4c92bf4ae754de

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:51 GMT
last-modified: Thu, 17 Nov 2016 17:50:38 GMT
server: Apache
x-iplb-request-id: 5CDED410:82FA_2E6939A9:0050_64769E9B_14BA:36ED
x-iplb-instance: 38228
content-type: image/gif
cache-control: max-age=900
accept-ranges: bytes
content-length: 208675
expires: Wed, 31 May 2023 01:25:51 GMT

GET
H/1.1 200
OK JEUXSUR.png
jeuxsurs.siteneti.net/banniere/ 309 KB
309 KB 47ms
16ms Image
image/png 2001:41d0:301::28
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://jeuxsurs.siteneti.net/banniere/JEUXSUR.png
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/
Protocol: HTTP/1.1
Server: 2001:41d0:301::28 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 5ec1d1f767b7a3a3e6964755ea526e1657576b5a7c8d968a9208ffd6b1333786

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:51 GMT
last-modified: Sat, 30 Nov 2019 14:56:59 GMT
server: Apache
x-iplb-request-id: 200141D0000D364D0000000000000007:B8CC_200141D0030100000000000000000028:0050_64769E9B_DEFB:29823
x-iplb-instance: 32679
content-type: image/png
cache-control: max-age=900
accept-ranges: bytes
content-length: 316336
expires: Wed, 31 May 2023 01:25:51 GMT

GET
H/1.1

200
OK

new.gif
www.ogalopcourse.com/img/
Redirect Chain

http://www.ogalopcourse.com/img/new.gif
https://www.ogalopcourse.com/img/new.gif

3 KB
3 KB

104ms
22ms

Image
image/gif

194.150.236.236
HIWIT_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ogalopcourse.com/img/new.gif

Requested by

Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/

Protocol

HTTP/1.1

Server

194.150.236.236 , France, ASN44976 (HIWIT_AS, FR),

Reverse DNS

ns76.hiwit.net

Software

Apache /

Resource Hash

f94d68bd074ac3a9138d954a5ba91b444aeef97de2d067c636da0579cda3668e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Wed, 31 May 2023 01:10:52 GMT
Strict-Transport-Security: max-age=15768000
Last-Modified: Sun, 07 Aug 2022 16:40:35 GMT
Server: Apache
ETag: "28e95eb-a52-5e5a95bbe86c0"
Vary: Host
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 2642

Redirect headers

Location: https://www.ogalopcourse.com/img/new.gif
Date: Wed, 31 May 2023 01:10:51 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Content-Length: 248
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 91ms
31ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 31 May 2023 00:35:34 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 2117
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Wed, 31 May 2023 02:35:34 GMT

GET
H/1.1 200
OK kangaro%20turf.png
www.kangaroturf.c4s.online/banniere/ 340 KB
340 KB 17ms
16ms Image
image/png 2001:41d0:301::20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.kangaroturf.c4s.online/banniere/kangaro%20turf.png
Requested by: Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/css/jeux.css
Protocol: HTTP/1.1
Server: 2001:41d0:301::20 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 132c512a566d83d6fe75b3388231eb3e9191a65d3e6ad9dc0279d5702c2e7a59

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/css/jeux.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:51 GMT
last-modified: Sat, 06 Apr 2019 08:44:13 GMT
server: Apache
x-iplb-request-id: 200141D0000D364D0000000000000007:D58C_200141D0030100000000000000000020:0050_64769E9B_7320:2EB88
x-iplb-instance: 38229
content-type: image/png
cache-control: max-age=900
accept-ranges: bytes
content-length: 348249
expires: Wed, 31 May 2023 01:25:51 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
228 B 39ms
38ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=189337299&t=pageview&_s=1&dl=http%3A%2F%2Fwww.kangaroturf.c4s.online%2F&ul=en-us&de=UTF-8&dt=Gratuit%20KANGARO-TURF&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=117185152&gjid=928143221&cid=1478447653.1685495452&tid=UA-86810374-1&_gid=974827418.1685495452&_r=1&_slc=1&z=913306367

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b60c71b98dbb4ab180c55a78ff2394f96ef77648368d6d3e8301c15bd69289e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.kangaroturf.c4s.online/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 May 2023 01:10:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://www.kangaroturf.c4s.online
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 203 KB
73 KB 101ms
42ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-G8VKCZ1Q8K&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

caf6e3f64d1863f42c8786cd5861198d6c6e47b03df957ad152807cab15fbfba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 74726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 31 May 2023 01:10:52 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
261 B 68ms
23ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-G8VKCZ1Q8K&gtm=45je35o0&_p=189337299&cid=1478447653.1685495452&ul=en-us&sr=1600x1200&_eu=ABA&ngs=1&_s=1&sid=1685495452&sct=1&seg=0&dl=http%3A%2F%2Fwww.kangaroturf.c4s.online%2F&dt=Gratuit%20KANGARO-TURF&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G8VKCZ1Q8K&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 May 2023 01:10:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://www.kangaroturf.c4s.online
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 12 KB
5 KB 22ms
21ms Script
application/x-javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=www.kangaroturf.c4s.online&t=xo&v=5.0.377&source=payments_sdk&client_id=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&vault=false

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&enable-funding=venmo&currency=USD

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (paa/6F71) /

Resource Hash

25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-VzUHUl0kQ5CumCzkbOdEoYW9JqrEuFzwV6taarKBwAIaIDYL' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-VzUHUl0kQ5CumCzkbOdEoYW9JqrEuFzwV6taarKBwAIaIDYL' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 31 May 2023 01:10:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 21846
x-cache: HIT
paypal-debug-id: 058b7a7763802
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 4299
x-xss-protection: 1; mode=block
last-modified: Tue, 30 May 2023 19:06:47 GMT
accept-ch: Sec-CH-UA-Full
server: ECAcc (paa/6F71)
traceparent: 00-0000000000000000000058b7a7763802-5b4bfc2e8f5263d0-01
etag: W/"2f34-zQQ0FVqIlbkbuS4WgpPW/nUPXC4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 buttons Show response
www.paypal.com/smart/ Frame DFE2 386 KB
97 KB 616ms
615ms Document
text/html 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/smart/buttons?style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.377&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhXUGxqU1JfVjIxUXBfVnZFeVg0Z2x3R0U0WnBUb1hMbWVGYURDZEhMcTJaQVBsUno1aXNGVE9sRWJQal85bllabUdMbGlUVWtUYldscmQmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&sdkCorrelationID=f835355c4485e&storageID=uid_f4022abfeb_mde6mta6nti&sessionID=uid_3abe0cb53e_mde6mta6nti&buttonSessionID=uid_c2519200eb_mde6mta6nti&env=production&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwid2VjaGF0cGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInBheXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmxpayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ0cnVzdGx5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm94eG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfSwic2F0aXNwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGFpZHkiOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&enable-funding=venmo&currency=USD

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/35ED) /

Resource Hash

62c36aa286b992692e7387b0dfb66031ccd2d2eb5c5bd2bbc2a8f24d6013ce10

Security Headers

Name	Value
Content-Security-Policy	form-action 'self' https://.paypal.com https://.cardinalcommerce.com; default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com: https://.paypalobjects.com https://.googleapis.com https://.firebaseio.com wss://.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://.qualtrics.com; frame-src 'self' https://.paypal.com:* https://.paypalobjects.com https://.cardinalcommerce.com https://.firebaseapp.com https://.qualtrics.com; script-src 'self' https://.paypal.com: https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://.paypal.com:* https://.paypalobjects.com 'unsafe-inline'; font-src 'self' https://.paypal.com https://.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.kangaroturf.c4s.online/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-disposition: inline
content-encoding: gzip
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
date: Wed, 31 May 2023 01:10:53 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"60930-OyW+uYQttiv7lx2uCTVBIQ5RFtc"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
p3p: true
paypal-debug-id: 0895942654759
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (lhd/35ED)
server-timing: traceparent;desc="00-00000000000000000000895942654759-31bbff6c633c270a-01" content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000895942654759-6f55c1d4bbddd2cd-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-xss-protection: 1; mode=block

GET
H2 200 paypal-blue.svg
www.paypalobjects.com/js-sdk-logos/2.2.7/ Frame E06A 3 KB
4 KB 449ms
18ms Image
image/svg+xml 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/js-sdk-logos/2.2.7/paypal-blue.svg

Requested by

Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:53 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: 73409acc740a6
dc: ccg11-origin-www-1.paypal.com
content-length: 3266
x-served-by: cache-sjc10045-SJC, cache-lcy-eglc8600027-LCY
last-modified: Tue, 04 Apr 2023 21:46:19 GMT
traceparent: 00-000000000000000000073409acc740a6-7b6717b4deab174f-01
x-timer: S1685495453.127044,VS0,VE0
etag: "642c9aab-cc2"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 396, 79116

GET
H2 200 card-white.svg
www.paypalobjects.com/js-sdk-logos/2.2.7/ Frame E06A 1 KB
1 KB 450ms
19ms Image
image/svg+xml 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/js-sdk-logos/2.2.7/card-white.svg

Requested by

Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:53 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: 25dd9cdda1478
dc: ccg11-origin-www-1.paypal.com
content-length: 1358
x-served-by: cache-sjc10049-SJC, cache-lcy-eglc8600027-LCY
last-modified: Tue, 04 Apr 2023 21:46:19 GMT
traceparent: 00-000000000000000000025dd9cdda1478-d43683d77cf76deb-01
x-timer: S1685495453.127112,VS0,VE0
etag: "642c9aab-54e"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 32, 51

GET
H2 200 ts
t.paypal.com/ 42 B
836 B 597ms
178ms Image
image/gif 151.101.193.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Ageneric%3Aanalytics%3A%3Amerchant&page=muse%3Ageneric%3Aanalytics%3A%3Amerchant%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&fltp=analytics-generic&pt=Gratuit%20KANGARO-TURF&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1685495452704&g=0&completeurl=http%3A%2F%2Fwww.kangaroturf.c4s.online%2F&sinfo=%7B%22partners%22%3A%7B%22ecwid%22%3A%7B%7D%2C%22bigCommerce%22%3A%7B%7D%2C%22shopify%22%3A%7B%7D%2C%22wix%22%3A%7B%7D%2C%22bigCartel%22%3A%7B%7D%7D%7D

Requested by

Host: www.kangaroturf.c4s.online
URL: http://www.kangaroturf.c4s.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://www.kangaroturf.c4s.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Wed, 31 May 2023 01:10:53 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: a643a8e47b8d6
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-lhr7327-LHR, cache-lcy-eglc8600035-LCY
pragma: no-cache
correlation-id: a643a8e47b8d6
traceparent: 00-0000000000000000000a643a8e47b8d6-6a5030c8a8505502-01
x-timer: S1685495453.127009,VS0,VE161
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 May 2023 01:10:53 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame DFE2 269 KB
75 KB 22ms
21ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&enable-funding=venmo&currency=USD

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.377&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhXUGxqU1JfVjIxUXBfVnZFeVg0Z2x3R0U0WnBUb1hMbWVGYURDZEhMcTJaQVBsUno1aXNGVE9sRWJQal85bllabUdMbGlUVWtUYldscmQmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&sdkCorrelationID=f835355c4485e&storageID=uid_f4022abfeb_mde6mta6nti&sessionID=uid_3abe0cb53e_mde6mta6nti&buttonSessionID=uid_c2519200eb_mde6mta6nti&env=production&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwid2VjaGF0cGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInBheXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmxpayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ0cnVzdGx5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm94eG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfSwic2F0aXNwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGFpZHkiOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (paa/6F4D) /

Resource Hash

23dd32e28f2813953b96cce78c5da9c3a5b28e0ab371c4f84230a4960d0c2e69

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-2FeV9Pq6/q8JUqLt/WxN3rZy9q9k0Gpuslo0Hq18gHTZCYo+' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-2FeV9Pq6/q8JUqLt/WxN3rZy9q9k0Gpuslo0Hq18gHTZCYo+' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.paypal.com/smart/buttons?style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.377&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhXUGxqU1JfVjIxUXBfVnZFeVg0Z2x3R0U0WnBUb1hMbWVGYURDZEhMcTJaQVBsUno1aXNGVE9sRWJQal85bllabUdMbGlUVWtUYldscmQmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&sdkCorrelationID=f835355c4485e&storageID=uid_f4022abfeb_mde6mta6nti&sessionID=uid_3abe0cb53e_mde6mta6nti&buttonSessionID=uid_c2519200eb_mde6mta6nti&env=production&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwid2VjaGF0cGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInBheXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmxpayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ0cnVzdGx5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm94eG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfSwic2F0aXNwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGFpZHkiOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-2FeV9Pq6/q8JUqLt/WxN3rZy9q9k0Gpuslo0Hq18gHTZCYo+' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-2FeV9Pq6/q8JUqLt/WxN3rZy9q9k0Gpuslo0Hq18gHTZCYo+' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 31 May 2023 01:10:53 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 2
x-cache: HIT
p3p: true
paypal-debug-id: 05b288090b278
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 75792
x-xss-protection: 1; mode=block
last-modified: Wed, 31 May 2023 01:10:52 GMT
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server: ECAcc (paa/6F4D)
traceparent: 00-000000000000000000005b288090b278-996259d1ece277e8-01
etag: W/"12810-KUf/1ux+Liw2qoSxQByXZP+U5WA"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
accept-ranges: bytes
timing-allow-origin: *

GET
DATA 200
OK truncated
/ Frame DFE2 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame DFE2 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame DFE2 60 KB
20 KB 50ms
22ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (paa/6F4F) /

Resource Hash

38a98855add87ceae220cdceb1bc4e75e6c5c05346bbedea09279c03043297f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 204092
x-cache: HIT
paypal-debug-id: 97f31044b590e
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 20654
last-modified: Fri, 12 May 2023 17:09:48 GMT
server: ECAcc (paa/6F4F)
traceparent: 00-000000000000000000097f31044b590e-4adfb366a46042ce-01
etag: "645e72dc-eeee+gzip"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jun 2023 01:10:54 GMT

GET
H2 200 i Show response
c.paypal.com/v1/r/d/ Frame 7607 160 B
1 KB 190ms
189ms Document
text/html 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/359D) /

Resource Hash

9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypal.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ch: sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-platform, sec-ch-ua-platform-version, sec-ch-ua-arch, sec-ch-ua-wow64, sec-ch-ua-bitness, sec-ch-ua-model, sec-ch-ua-full
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 141
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: b9e410a83f570
date: Wed, 31 May 2023 01:10:54 GMT
origin-trial: A0A/uBW0ogQIica1KkPCeSOoHfvTATXdyRg8F/Ka8gjK4pCprEDwF3d3wTxNzSPn1ASb5ncpd46h7RQiSqGYpA8AAACMeyJvcmlnaW4iOiJodHRwczovL2MucGF5cGFsLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY5NTUxMzU5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
paypal-debug-id: b9e410a83f570
server: ECAcc (lhd/359D)
server-timing: traceparent;desc="00-0000000000000000000b9e410a83f570-2a62bc195b14491a-01" content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000b9e410a83f570-485817c0ddc7419a-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

counter2.cgi
dub.stats.paypal.com/v2/ Frame 6982
Redirect Chain

https://b.stats.paypal.com/v2/counter.cgi?p=uid_3abe0cb53e_mde6mta6nti&s=SMART_PAYMENT_BUTTONS
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_3abe0cb53e_mde6mta6nti&s=SMART_PAYMENT_BUTTONS

42 B
299 B

139ms
43ms

Image
image/jpeg

64.4.245.84
PAYPAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_3abe0cb53e_mde6mta6nti&s=SMART_PAYMENT_BUTTONS
Requested by: Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.377&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhXUGxqU1JfVjIxUXBfVnZFeVg0Z2x3R0U0WnBUb1hMbWVGYURDZEhMcTJaQVBsUno1aXNGVE9sRWJQal85bllabUdMbGlUVWtUYldscmQmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&sdkCorrelationID=f835355c4485e&storageID=uid_f4022abfeb_mde6mta6nti&sessionID=uid_3abe0cb53e_mde6mta6nti&buttonSessionID=uid_c2519200eb_mde6mta6nti&env=production&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwid2VjaGF0cGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInBheXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmxpayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ0cnVzdGx5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm94eG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfSwic2F0aXNwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGFpZHkiOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Protocol: HTTP/1.1
Server: 64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software: PayPal-B.Stats/1.0 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Wed, 31 May 2023 01:10:54 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 42
Content-Type: image/jpeg

Redirect headers

Location: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_3abe0cb53e_mde6mta6nti&s=SMART_PAYMENT_BUTTONS
Date: Wed, 31 May 2023 01:10:54 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 0
Content-Type: application/octet-stream

POST
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame DFE2 1 KB
2 KB 267ms
266ms Ping
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/35FB) /

Resource Hash

8f08aa08dd77352e55a48b76fe0cf0731b25e38c735bb181491ac6b52ecc1508

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypal.com/smart/buttons?style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.377&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhXUGxqU1JfVjIxUXBfVnZFeVg0Z2x3R0U0WnBUb1hMbWVGYURDZEhMcTJaQVBsUno1aXNGVE9sRWJQal85bllabUdMbGlUVWtUYldscmQmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&sdkCorrelationID=f835355c4485e&storageID=uid_f4022abfeb_mde6mta6nti&sessionID=uid_3abe0cb53e_mde6mta6nti&buttonSessionID=uid_c2519200eb_mde6mta6nti&env=production&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwid2VjaGF0cGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInBheXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmxpayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ0cnVzdGx5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm94eG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfSwic2F0aXNwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGFpZHkiOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 31 May 2023 01:10:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
paypal-debug-id: 0314574644994
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 616
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server: ECAcc (lhd/35FB)
traceparent: 00-00000000000000000000314574644994-621fd54da5af6e71-01
etag: W/"400-PeHm5mNuaIgZiPGNIJ/TlZHDlfE"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin: *

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame 7607 60 KB
20 KB 21ms
21ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (paa/6F4F) /

Resource Hash

38a98855add87ceae220cdceb1bc4e75e6c5c05346bbedea09279c03043297f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 204092
x-cache: HIT
paypal-debug-id: 97f31044b590e
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 20654
last-modified: Fri, 12 May 2023 17:09:48 GMT
server: ECAcc (paa/6F4F)
traceparent: 00-000000000000000000097f31044b590e-4adfb366a46042ce-01
etag: "645e72dc-eeee+gzip"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jun 2023 01:10:54 GMT

POST
H2 200 p1 Show response
c.paypal.com/v1/r/d/b/ Frame 7607 125 B
863 B 673ms
672ms XHR
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/p1

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/359D) /

Resource Hash

6f590255126f1e5dd7653553f31eb5b7b8d236d2066abfda32f2937385dfc4a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 31 May 2023 01:10:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
correlation-id: adc0070c5a24d
server: ECAcc (lhd/359D)
traceparent: 00-0000000000000000000adc0070c5a24d-81cead2b9aa58506-01
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
access-control-allow-origin: https://www.paypal.com
paypal-debug-id: adc0070c5a24d
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json
server-timing: traceparent;desc="00-0000000000000000000adc0070c5a24d-f0640fcfedbc41a7-01", content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *
content-length: 125

POST
H2 204 e Show response
c.paypal.com/v1/r/d/b/ Frame 7607 0
175 B 187ms
187ms XHR
text/plain 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/e

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/35E6) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 31 May 2023 01:10:53 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
correlation-id: 7e9c1ffccb20
server: ECAcc (lhd/35E6)
traceparent: 00-000000000000000000007e9c1ffccb20-eeea80d183486d36-01
access-control-allow-origin: https://www.paypal.com
paypal-debug-id: 7e9c1ffccb20
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-timing: traceparent;desc="00-000000000000000000007e9c1ffccb20-3e184c0477adb9bb-01", content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *

GET
H2 200 p3
c6.paypal.com/v1/r/d/b/ Frame 7607 0
494 B 255ms
179ms Image
text/plain 2a04:4e42::291
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c6.paypal.com/v1/r/d/b/p3?f=uid_3abe0cb53e_mde6mta6nti&s=SMART_PAYMENT_BUTTONS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::291 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 31 May 2023 01:10:54 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
paypal-debug-id: 927ed2f300b0d
server-timing: "traceparent;desc="00-0000000000000000000927ed2f300b0d-7f7a25ea196c9032-01"";content-encoding;desc="",x-cdn;desc="fastly"
content-length: 0
x-served-by: cache-lhr7336-LHR, cache-lcy-eglc8600055-LCY
correlation-id: 927ed2f300b0d
traceparent: 00-0000000000000000000927ed2f300b0d-281653320051ba44-01
x-timer: S1685495454.388682,VS0,VE161
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0, 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame DFE2 995 B
1 KB 217ms
216ms XHR
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&enable-funding=venmo&currency=USD

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/35EF) /

Resource Hash

9de728e369418ac71ec8f1247bd770305b7cdb038b833cb4d8a3a43b8033901d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.paypal.com/smart/buttons?style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.377&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVhXUGxqU1JfVjIxUXBfVnZFeVg0Z2x3R0U0WnBUb1hMbWVGYURDZEhMcTJaQVBsUno1aXNGVE9sRWJQal85bllabUdMbGlUVWtUYldscmQmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&sdkCorrelationID=f835355c4485e&storageID=uid_f4022abfeb_mde6mta6nti&sessionID=uid_3abe0cb53e_mde6mta6nti&buttonSessionID=uid_c2519200eb_mde6mta6nti&env=production&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwid2VjaGF0cGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInBheXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmxpayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ0cnVzdGx5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm94eG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfSwic2F0aXNwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGFpZHkiOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
content-type: application/json

Response headers

date: Wed, 31 May 2023 01:10:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
paypal-debug-id: 016a273331b04
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 587
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server: ECAcc (lhd/35EF)
traceparent: 00-0000000000000000000016a273331b04-4a118c7430794133-01
etag: W/"3e3-oExg+GXeKe8bZVn9EL5bUTRiQg4"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin: *

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 279ms
211ms Preflight 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/3707) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://www.kangaroturf.c4s.online
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: http://www.kangaroturf.c4s.online
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Wed, 31 May 2023 01:10:54 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 05b9431217157
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (lhd/3707)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-000000000000000000005b9431217157-1cfe231f885c15b0-01
x-content-type-options: nosniff

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 1016 B
2 KB 211ms
211ms XHR
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AXWPljSR_V21Qp_VvEyX4glwGE4ZpToXLmeFaDCdHLq2ZAPlRz5isFTOlEbPj_9nYZmGLliTUkTbWlrd&enable-funding=venmo&currency=USD

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/358D) /

Resource Hash

b412ba5e7729026873cfdfc06f767fa8891b9e2554467780f36ec4b5b7f1eaca

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: http://www.kangaroturf.c4s.online/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
content-type: application/json

Response headers

date: Wed, 31 May 2023 01:10:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
paypal-debug-id: 028920236b274
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 608
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server: ECAcc (lhd/358D)
traceparent: 00-0000000000000000000028920236b274-ab35e53406e8f41c-01
etag: W/"3f8-qXKuMo9Ea2+LbM5V4I6Ra43M4BM"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: http://www.kangaroturf.c4s.online
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin: *

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.c4s.online/	1970-01-20 12:13:01	Name: _gid Value: GA1.2.974827418.1685495452
.c4s.online/	1970-01-20 12:11:35	Name: _gat Value: 1
.c4s.online/	1970-01-20 21:47:35	Name: _ga_G8VKCZ1Q8K Value: GS1.1.1685495452.1.0.1685495452.0.0.0
.c4s.online/	1970-01-20 21:47:35	Name: _ga Value: GA1.1.1478447653.1685495452
.paypal.com/	1970-01-20 12:11:37	Name: l7_az Value: dcg13.slc
.paypal.com/	1970-01-20 21:47:35	Name: ts_c Value: vr%3D6f5b91761880a1d4b6dd2fb7fd5688dc%26vt%3D6f5b91761880a1d4b6dd2fb7fd5688db
.paypal.com/	1970-01-20 20:57:11	Name: enforce_policy Value: gdpr_v2.1
.paypal.com/	1970-01-20 12:12:07	Name: LANG Value: fr_FR%3BFR
.paypal.com/	1970-01-20 12:15:54	Name: tsrce Value: loggernodeweb
.paypal.com/	1970-01-20 21:47:35	Name: ts Value: vreXpYrS%3D1780189854%26vteXpYrS%3D1685497254%26vr%3D6f5b91761880a1d4b6dd2fb7fd5688dc%26vt%3D6f5b91761880a1d4b6dd2fb7fd5688db%26vtyp%3Dnew
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTY4NTQ5NTQ1NDQ1NiIsImwiOiIwIiwibSI6IjAifQ
.c.paypal.com/	1970-01-20 21:47:35	Name: sc_f Value: 0EEGJ2q_tKIOUD22KjZwiol4dwS3eLlUyLSkGiw9RLfpnafOzluQDD1ip4qlkIe9NamMx61oRc2V7UtD_PQafm7riDQdYPoqJe6xGW
.paypal.com/	1970-01-20 21:47:35	Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK Value: gNsyP91mdeEGpIP4wwC65ySafpdW8o5WrvzYGx11V_B2AOIbDcDJqrAG_-CFjA1AkZi63CEcFqh7Iy0l

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://lemagicienduturf.free.fr/images/exelturf.jpg Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4.bp.blogspot.com
b.stats.paypal.com
c.paypal.com
c6.paypal.com
dub.stats.paypal.com
img.root-top.com
jeuxsurs.siteneti.net
kangaroturf.c4s.online
lemagicienduturf.free.fr
nsa39.casimages.com
pronosgratuit.lachezvos.pro
region1.google-analytics.com
t.paypal.com
www.dueldescracks.siteneti.net
www.erfolg.c4s.online
www.extra-derby.c4s.online
www.google-analytics.com
www.googletagmanager.com
www.kangaroturf.c4s.online
www.mini-turf.c4s.online
www.ogalopcourse.com
www.paypal.com
www.paypalobjects.com
www.pmu-net.lachezvos.pro
151.101.130.133
151.101.193.35
192.229.221.25
194.150.236.236
2001:41d0:301::20
2001:41d0:301::28
2001:4860:4802:32::36
212.27.63.154
2606:4700:3038::6815:ea1a
2606:4700:3038::6815:ea1b
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2008
2a00:1450:4001:812::2001
2a04:4e42::291
37.59.45.66
46.105.57.169
64.4.245.84
000127d6fa63290a03f275ce0701147e784eb23a91f5246d92fd8bcfad252b21
09800505d37a8c898f371e77d71724667a748de947a00292cb4c92bf4ae754de
132c512a566d83d6fe75b3388231eb3e9191a65d3e6ad9dc0279d5702c2e7a59
185959e38219251738be2a2c8b1340f4533cfe2f86b3dc01a8faf13e34f53744
1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b
23118bf6eebbbc12d6544b73bf5fcb46ff0290e3b6afa5c1e332ae186b7ee56b
23dd32e28f2813953b96cce78c5da9c3a5b28e0ab371c4f84230a4960d0c2e69
25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655
25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b
284477d57113b864ab1c02e58d2f616555afa49abc77f7641d941d78eb38f853
313463daf18556ba27111226c07ed8d148e97e032e5facc3a69205e8edb0740e
359a7a4381cf4c25ffb63b281e93b98b7f43d664dbc00e12cc3a065596e95516
38a98855add87ceae220cdceb1bc4e75e6c5c05346bbedea09279c03043297f2
3b4d7c223f67b89c4d51f5a523f1e27b78bd5f559a7f7042309fe97f43085c8b
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
5eab03e0bb9a776cffe4e912fc45550c384c2ad112b48b331dddd43a0303022a
5ec1d1f767b7a3a3e6964755ea526e1657576b5a7c8d968a9208ffd6b1333786
62c36aa286b992692e7387b0dfb66031ccd2d2eb5c5bd2bbc2a8f24d6013ce10
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6f590255126f1e5dd7653553f31eb5b7b8d236d2066abfda32f2937385dfc4a1
853003068526c8290a08b44e300be0151e9e9a433699d18f436fcbf0e07ae9ae
8f08aa08dd77352e55a48b76fe0cf0731b25e38c735bb181491ac6b52ecc1508
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
9de728e369418ac71ec8f1247bd770305b7cdb038b833cb4d8a3a43b8033901d
aca399ee8d009651a2fa7bd4605a2cb13d62fb076654880a35ece5e711cf0017
aed59e8323afae6683109f7202e812c6641c3775e23aac648097cf702f462d1a
b412ba5e7729026873cfdfc06f767fa8891b9e2554467780f36ec4b5b7f1eaca
b60c71b98dbb4ab180c55a78ff2394f96ef77648368d6d3e8301c15bd69289e4
caf6e3f64d1863f42c8786cd5861198d6c6e47b03df957ad152807cab15fbfba
cf9ffb799d5f1da8a6cb532f4bc6e62f294d1d717dd5e6471723755d38b032a7
dd112777fc359a6685659e7c18782167c3995a9d75f5d5a39a4098bf36ad11a2
df71cf0774d4371a24620b26bc37304db8f4e58a0ce1204be218d49c00bbaca8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
f94d68bd074ac3a9138d954a5ba91b444aeef97de2d067c636da0579cda3668e

www.kangaroturf.c4s.online Open in urlscan Pro 2001:41d0:301::20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

41 Requests

51 %HTTPS

53 %IPv6

12 Domains

24 Subdomains

16 IPs

3 Countries

2169 kBTransfer

3094 kBSize

13 Cookies

26 Outgoing links

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.kangaroturf.c4s.online Open in urlscan Pro
2001:41d0:301::20 Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

51 %
HTTPS

53 %
IPv6

12
Domains

24
Subdomains

16
IPs

3
Countries

2169 kB
Transfer

3094 kB
Size

13
Cookies

41 HTTP transactions
2 data transactions