wickedconcoctions.com Open in urlscan Pro
2606:4700::6811:c649 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://wickedconcoctions.com/
Effective URL:
https://wickedconcoctions.com/
Submission Tags: phish.gg anti.fish automated Search All
Submission: On July 20 via api (July 20th 2023, 12:06:26 am UTC) from DE — Scanned from DE

Summary HTTP 37 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 1 countries across 9 domains to perform 37 HTTP transactions. The main IP is 2606:4700::6811:c649, located in United States and belongs to CLOUDFLARENET, US. The main domain is wickedconcoctions.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 14th 2023. Valid for: a year.

This is the only time wickedconcoctions.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700::68... 2606:4700::6811:c949	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:c649	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
5	3.212.194.157 3.212.194.157	14618 (AMAZON-AES) (AMAZON-AES)
1	52.216.144.51 52.216.144.51	16509 (AMAZON-02) (AMAZON-02)
4	52.222.236.23 52.222.236.23	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:fd71	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.172.60.123 35.172.60.123	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.65.35 151.101.65.35	54113 (FASTLY) (FASTLY)
1 2	64.4.245.84 64.4.245.84	17012 (PAYPAL) (PAYPAL)
37	12

1 2606:4700::6811:c949 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

wickedconcoctions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:c649 (United States)

ASN13335 (CLOUDFLARENET, US)

wickedconcoctions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c6.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.212.194.157 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-194-157.compute-1.amazonaws.com

fonts.digital.vistaprint.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.144.51 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

vp-digital-tower-etc.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.222.236.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-23.fra56.r.cloudfront.net

imageprocessor.digital.vistaprint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:fd71 (United States)

ASN13335 (CLOUDFLARENET, US)

static.websimages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.172.60.123 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-60-123.compute-1.amazonaws.com

statscollector.digital.vistaprint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.4.245.84 (United States) 1 redirects

ASN17012 (PAYPAL, US)

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dub.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	paypal.com 1 redirects www.paypal.com — Cisco Umbrella Rank: 2442 t.paypal.com — Cisco Umbrella Rank: 3155 c.paypal.com — Cisco Umbrella Rank: 5479 b.stats.paypal.com — Cisco Umbrella Rank: 4896 dub.stats.paypal.com — Cisco Umbrella Rank: 21964 c6.paypal.com — Cisco Umbrella Rank: 6284	333 KB
5	vistaprint.com imageprocessor.digital.vistaprint.com — Cisco Umbrella Rank: 205203 statscollector.digital.vistaprint.com — Cisco Umbrella Rank: 185046	218 KB
5	vistaprint.io fonts.digital.vistaprint.io — Cisco Umbrella Rank: 248230	116 KB
5	wickedconcoctions.com 1 redirects wickedconcoctions.com	118 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2259	2 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 255	19 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1162	7 KB
1	websimages.com static.websimages.com — Cisco Umbrella Rank: 156534	955 B
1	amazonaws.com vp-digital-tower-etc.s3.amazonaws.com — Cisco Umbrella Rank: 408417	11 KB
37	9

	Domain	Requested by
8	www.paypal.com	wickedconcoctions.com www.paypal.com cdnjs.cloudflare.com
5	c.paypal.com	www.paypal.com c.paypal.com
5	fonts.digital.vistaprint.io	wickedconcoctions.com fonts.digital.vistaprint.io
5	wickedconcoctions.com	1 redirects wickedconcoctions.com cdnjs.cloudflare.com
4	imageprocessor.digital.vistaprint.com	wickedconcoctions.com
2	www.paypalobjects.com	wickedconcoctions.com
1	c6.paypal.com
1	dub.stats.paypal.com	www.paypal.com
1	b.stats.paypal.com	1 redirects
1	t.paypal.com	wickedconcoctions.com
1	statscollector.digital.vistaprint.com	wickedconcoctions.com
1	cdnjs.cloudflare.com	wickedconcoctions.com
1	static.cloudflareinsights.com	wickedconcoctions.com
1	static.websimages.com	wickedconcoctions.com
1	vp-digital-tower-etc.s3.amazonaws.com	wickedconcoctions.com
37	15

This site contains no links.

Subject Issuer	Validity	Valid
wickedconcoctions.com Cloudflare Inc ECC CA-3	`2023-04-14` - `2024-04-13`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-11-09` - `2023-12-10`	a year	crt.sh
fonts.digital.vistaprint.io Amazon RSA 2048 M02	`2023-03-01` - `2023-10-05`	7 months	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-03-21` - `2023-12-19`	9 months	crt.sh
imageprocessor.digital.vistaprint.com Amazon RSA 2048 M01	`2023-04-27` - `2024-05-25`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-04` - `2024-05-03`	a year	crt.sh
statscollector.digital.vistaprint.com Amazon RSA 2048 M01	`2022-12-05` - `2024-01-03`	a year	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-10-19` - `2023-11-19`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://wickedconcoctions.com/
Frame ID: A36E25745C1FC672AB56917DEA9CC5F5
Requests: 22 HTTP requests in this frame

Frame: https://www.paypal.com/smart/buttons?sdkVersion=5.0.388&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9c3VuaWRhbm1vcm5kZXc5JTQweWFob28uY29tJmN1cnJlbmN5PVVTRCZkaXNhYmxlLWZ1bmRpbmc9YmFuY29udGFjdCUyQ2JsaWslMkNlcHMlMkNnaXJvcGF5JTJDaWRlYWwlMkNtZXJjYWRvcGFnbyUyQ215YmFuayUyQ3AyNCUyQ3NlcGElMkNzb2ZvcnQiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF95cG5hdXRobHBmdHBqZWtpc2V3eXdmcnFjY3lwenMifX0&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f154429249f95&storageID=uid_0bd12af2de_mda6mdy6mje&sessionID=uid_ba8cc96169_mda6mdy6mje&buttonSessionID=uid_1760c66034_mda6mdy6mje&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=sunidanmorndew9%40yahoo.com&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true&disableSetCookie=false
Frame ID: 2C7A9C9F1BAC9A4C6674D24F3455AF0A
Requests: 7 HTTP requests in this frame

Frame: https://www.paypalobjects.com/js-sdk-logos/2.2.7/paypal-blue.svg
Frame ID: 39133C55B93402DD08652C66F5F25810
Requests: 2 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: 05E45B4047EE38078C47E680C5ED048E
Requests: 5 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_ba8cc96169_mda6mdy6mje&s=SMART_PAYMENT_BUTTONS
Frame ID: 62FEAC80B2427EF272BDC3A5C83F8838
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HomeChevronChevronChevronChevron

Page URL History Show full URLs

http://wickedconcoctions.com/ HTTP 301
https://wickedconcoctions.com/ Page URL

Detected technologies

Rollbar (Issue trackers) Expand

Overall confidence: 100%
Detected patterns

rollbar\.js/([0-9.]+)

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Page Statistics

37
Requests

95 %
HTTPS

42 %
IPv6

9
Domains

15
Subdomains

12
IPs

1
Countries

824 kB
Transfer

2099 kB
Size

11
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://wickedconcoctions.com/ HTTP 301
https://wickedconcoctions.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://b.stats.paypal.com/v2/counter.cgi?p=uid_ba8cc96169_mda6mdy6mje&s=SMART_PAYMENT_BUTTONS HTTP 302
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_ba8cc96169_mda6mdy6mje&s=SMART_PAYMENT_BUTTONS

37 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
wickedconcoctions.com/
Redirect Chain

http://wickedconcoctions.com/
https://wickedconcoctions.com/

104 KB
21 KB

674ms
654ms

Document
text/html

2606:4700::6811:c649
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wickedconcoctions.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c649 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c0a01b453ba6dcaa522322f8fd8915cdcf4de8752529aa0914969c9adc068d7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: https://developer.cimpress.io
cache-control: public, s-maxage=43200, max-age=60
cf-cache-status: MISS
cf-ray: 7e96f525daf08fd0-FRA
content-encoding: gzip
content-language: de_de
content-type: text/html; charset=utf-8
date: Thu, 20 Jul 2023 00:06:20 GMT
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-RAY: 7e96f5259b2303ec-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Thu, 20 Jul 2023 00:06:19 GMT
Expires: Thu, 20 Jul 2023 01:06:19 GMT
Location: https://wickedconcoctions.com/
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 /
wickedconcoctions.com/.css/ 203 KB
32 KB 943ms
942ms Stylesheet
text/css 2606:4700::6811:c649
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wickedconcoctions.com/.css/?cacheId=1679688699731
Requested by: Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c649 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b926f7146e876add8d897a3ec377f4c20c09530e6160547bfc4dabc539af26c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:21 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
etag: W/"32df6-S/g0zyJqcXf0ApYNKtfpXJA/9fA"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: https://developer.cimpress.io
content-language: de_de
cache-control: public, s-maxage=43200, max-age=60
cf-ray: 7e96f529fe2b8fd0-FRA

GET
H2 200 / Show response
wickedconcoctions.com/.js/ 269 KB
65 KB 629ms
629ms Script
application/javascript 2606:4700::6811:c649
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wickedconcoctions.com/.js/?cacheId=1679688699731&locale=de-DE
Requested by: Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:c649 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5a0d5b95e0edc978e4d936c723e944e8cc9d2271ba1255e9fd1982e76e8a94a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:21 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
etag: W/"432b8-QlRcPbHELIIRMaxK6cLE/18Zgdo"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://developer.cimpress.io
content-language: de_de
cache-control: public, s-maxage=43200, max-age=60
cf-ray: 7e96f529fe2d8fd0-FRA

GET
H2 200 js Show response
www.paypal.com/sdk/ 273 KB
77 KB 464ms
437ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&merchant-id=sunidanmorndew9%40yahoo.com&currency=USD&disable-funding=bancontact%2Cblik%2Ceps%2Cgiropay%2Cideal%2Cmercadopago%2Cmybank%2Cp24%2Csepa%2Csofort

Requested by

Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CCF) /

Resource Hash

c603a8dacc2cdfbe00d0493c02762319803c0c9ab2cd6ad099656dc93cffd37c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-RXMCJcEWUrLRnXb6YSiJe+UE5edjl95eIS+DOuQa0Hy1EDZn' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-RXMCJcEWUrLRnXb6YSiJe+UE5edjl95eIS+DOuQa0Hy1EDZn' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-RXMCJcEWUrLRnXb6YSiJe+UE5edjl95eIS+DOuQa0Hy1EDZn' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-RXMCJcEWUrLRnXb6YSiJe+UE5edjl95eIS+DOuQa0Hy1EDZn' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 20 Jul 2023 00:06:20 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
p3p: true
paypal-debug-id: 0406581678860
server-timing: traceparent;desc="00-00000000000000000000406581678860-cf46c060161b4ae6-01", content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 76660
x-xss-protection: 1; mode=block
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server: ECAcc (frc/4CCF)
traceparent: 00-00000000000000000000406581678860-124e3e6221e854b6-01
etag: W/"12b74-kvgcPYrhjxsEaH2/Ekg3vRWyPBk"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin: *

GET
H2 200 css
fonts.digital.vistaprint.io/ 7 KB
7 KB 387ms
179ms Stylesheet
text/css 3.212.194.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.digital.vistaprint.io/css?family=Lato%3A100%2C400%2C700%7CSource%20Sans%20Pro%3A100%2C400%2C700

Requested by

Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.212.194.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-212-194-157.compute-1.amazonaws.com

Software

nginx/1.15.6 /

Resource Hash

447a1053b3872e295ffa141172d9c2190fd11f59cec0105569a7d36d8fd4f6e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:20 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: nginx/1.15.6
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
accept-ranges: none
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Jul 2023 00:06:20 GMT

GET
H2 200 css
fonts.digital.vistaprint.io/ 1 KB
2 KB 387ms
179ms Stylesheet
text/css 3.212.194.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.digital.vistaprint.io/css?family=Architects%20Daughter%3A100%2C400%2C700%7CArchitects%20Daughter%3A100%2C400%2C700%7CUnkempt%3A100%2C400%2C700%7CUnkempt%3A100%2C400%2C700

Requested by

Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.212.194.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-212-194-157.compute-1.amazonaws.com

Software

nginx/1.15.6 /

Resource Hash

d3d5c01c76e92d65b40b7e2d5ce85c13b845f67ebee1859bd37738b412546caf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:20 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: nginx/1.15.6
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
accept-ranges: none
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Jul 2023 00:06:20 GMT

GET
H/1.1 200
OK celebrate.png
vp-digital-tower-etc.s3.amazonaws.com/stock-assets/ 10 KB
11 KB 352ms
133ms Image
image/png 52.216.144.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vp-digital-tower-etc.s3.amazonaws.com/stock-assets/celebrate.png
Requested by: Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.144.51 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: d4cff8de2398964e05c8efe129c043b5a9c1863201e4054ec0b20ac92a4191af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Thu, 20 Jul 2023 00:06:22 GMT
Last-Modified: Thu, 12 Nov 2020 18:43:33 GMT
Server: AmazonS3
x-amz-request-id: NVETA7PYRH9MW951
ETag: "704e4ac5de30951d68ade8ea443aeca6"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 10443
x-amz-id-2: tId2LlXyFE2w81GEcb2pbd5yTepm7kFwLhM8KEqVYgoT5NjSDqGIuGBjJHwbFoflO3rtIdYDi/g=

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/129,94,529x659/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/605a5ead-a6fe-4839-b073-cdcabcfeef5d~110/ 56 KB
56 KB 398ms
341ms Image
image/jpeg 52.222.236.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/129,94,529x659/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/605a5ead-a6fe-4839-b073-cdcabcfeef5d~110/original?tenant=vbu-digital
Requested by: Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-23.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 72b3e6652be740915336fd90e64ce30772226fa2d0b20aa8c3a4f1ac6576070e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Thu, 20 Jul 2023 00:06:21 GMT
Via: 1.1 eeb2f3ca588ea4437f4b97ed276a6664.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Powered-By: Express
RequestId: 007e388a-8ea1-4272-9b1d-09255b5a2918
ETag: W/"de11-aaUv9acdCF40hq5J92npf9OU0/Y"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 56849
X-Amz-Cf-Id: iXGpOuwCo-5Qe9SgH8OLwpOcOukkAfG_dSXdic3xxvpJHWSn-7Ya7w==

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/0,0,800x450/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/3d98b498-4fd6-4240-b1d6-a8a649206087~110/ 127 KB
127 KB 433ms
408ms Image
image/jpeg 52.222.236.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/0,0,800x450/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/3d98b498-4fd6-4240-b1d6-a8a649206087~110/original?tenant=vbu-digital
Requested by: Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-23.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 09c4cc2149bf1d9affc7d2fbb2e73f254a30e4b523348a4575ee8e6400531b94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Thu, 20 Jul 2023 00:06:21 GMT
Via: 1.1 2c29bb35ddacc1dc2616fe65bdf5122e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Powered-By: Express
RequestId: 6715abe1-d33a-4a93-800a-2aae55fce7ff
ETag: W/"1facf-SjQ0aAZjT53uD+Gr0Lnc7RPebic"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 129743
X-Amz-Cf-Id: 9pHcGlDahnDk58votMFfed6ptVG3jvjVBNSWLVy8yhdwFPgqEdiWBw==

GET
H2 200 collector.js Show response
static.websimages.com/active-static/target/stats/ 1 KB
955 B 45ms
12ms Script
application/javascript 2606:4700::6811:fd71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.websimages.com/active-static/target/stats/collector.js
Requested by: Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:fd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 098618125383f339b61490acd432891e79d7ce980dfcc6e0261e93fab5500d89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:21 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 16 Mar 2022 14:08:29 GMT
server: cloudflare
age: 414844
cf-polished: origSize=1803
etag: W/"70b-5da5672a4d140-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 7e96f5304c8e9106-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 15 Jul 2023 09:52:17 GMT

GET
H2 200 v2cb3a2ab87c5498db5ce7e6608cf55231689030342039 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 57ms
39ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039
Requested by: Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af780e357234ceb6feec085a9a31f46834c88c4d3852d79050ad9dc3658a3a67

Request headers

Referer: https://wickedconcoctions.com/
Origin: https://wickedconcoctions.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:21 GMT
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 23:05:42 GMT
server: cloudflare
etag: W/2023.7.0
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7e96f5302b0e1c07-FRA

GET
H2 200 rollbar.min.js Show response
cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/ 69 KB
19 KB 29ms
12ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js

Requested by

Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b140f87ff144db782e0cddbdd64decbaa35b5c7c890f1e45b05fe2d8478b42e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://wickedconcoctions.com/
Origin: https://wickedconcoctions.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2315111
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 18862
last-modified: Mon, 04 May 2020 16:16:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fc1-112f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rOhd253ZPS51xEnAWB4SAt9j35%2BC9uZ1b2VXdHhoQLCXfr9zCui3GbqulC6DfwZOucPdso3W%2B6S2nOra9y5x1PozoSFuQY3iewAw5WBRyyxD%2B%2FuZue20BWBqunOY0wl5j1TYVMUcOClfY6oneHQWYRbx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e96f530296b1c8b-FRA
expires: Tue, 09 Jul 2024 00:06:21 GMT

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 12 KB
6 KB 223ms
223ms Script
application/x-javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=wickedconcoctions.com&t=xo&v=5.0.388&source=payments_sdk&mrid=sunidanmorndew9@yahoo.com&client_id=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&vault=false

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&merchant-id=sunidanmorndew9%40yahoo.com&currency=USD&disable-funding=bancontact%2Cblik%2Ceps%2Cgiropay%2Cideal%2Cmercadopago%2Cmybank%2Cp24%2Csepa%2Csofort

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CC2) /

Resource Hash

25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-SdbCE1Zr/peRIEzGCtP3aCu1+wRDa3K+u7YDCCWDakgOLid8' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-SdbCE1Zr/peRIEzGCtP3aCu1+wRDa3K+u7YDCCWDakgOLid8' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 20 Jul 2023 00:06:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
paypal-debug-id: 06b28419a7162
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server: ECAcc (frc/4CC2)
traceparent: 00-000000000000000000006b28419a7162-10d62bc887e8a49c-01
etag: W/"2f34-zQQ0FVqIlbkbuS4WgpPW/nUPXC4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=3600
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin: *

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/0,0,1920x2432/maxWidth/2000/https://uploads.documents.cimpress.io/v1/uploads/1060a8ae-6c39-4cc7-bf78-54f3c5287d1c~110/ 33 KB
33 KB 737ms
718ms Image
image/png 52.222.236.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/0,0,1920x2432/maxWidth/2000/https://uploads.documents.cimpress.io/v1/uploads/1060a8ae-6c39-4cc7-bf78-54f3c5287d1c~110/original?tenant=vbu-digital
Requested by: Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-23.fra56.r.cloudfront.net
Software: / Express
Resource Hash: e325942971c7228fc07915fcb1af701457f6940e50531d8bac2ebf6f206ab15f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Thu, 20 Jul 2023 00:06:22 GMT
Via: 1.1 f8f9f25f837c0ce4e62b6d917642b56a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Powered-By: Express
RequestId: b00bb333-5139-4ea3-ae9e-53de8575f8f9
ETag: W/"8236-HoMOlQoTm8sCO2elxfCgJDfawLM"
Content-Type: image/png
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 33334
X-Amz-Cf-Id: LyaLyDx_aHE3LuX4kjNuXOrH1vA6jLbQgs3EZ8eO3iuHNLecXJkTZQ==

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/https://uploads.documents.cimpress.io/v1/uploads/435519ed-ed81-4e96-b9d1-6d14886642fb~110/ 583 B
1 KB 317ms
298ms Image
image/png 52.222.236.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/https://uploads.documents.cimpress.io/v1/uploads/435519ed-ed81-4e96-b9d1-6d14886642fb~110/original?tenant=vbu-digital
Requested by: Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-23.fra56.r.cloudfront.net
Software: / Express
Resource Hash: abe1d71df1200b5aa0cc132768d4e22b6e3340c7fc892a3bf541a248840d4b9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Thu, 20 Jul 2023 00:06:21 GMT
Via: 1.1 ade2b5e2170ccd4f394b741b27bb0eec.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P4
X-Powered-By: Express
RequestId: a7760487-d55b-4fdd-a227-1d5cf1cf948a
ETag: W/"247-c/9R4XP7B268bht3pAlBgZ83z2Q"
Content-Type: image/png
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 583
X-Amz-Cf-Id: ak3LZk3w3vdtyXvqr_ntbO6KdLKmpj8NnpneKPPdATYWsR02FBxMWQ==

GET
H2 200 2EbnL-Z2DFZue0DSeYEV8g.woff2
fonts.digital.vistaprint.io/gstatic/s/unkempt/v19/ 69 KB
70 KB 388ms
191ms Font
font/woff2 3.212.194.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.digital.vistaprint.io/gstatic/s/unkempt/v19/2EbnL-Z2DFZue0DSeYEV8g.woff2

Requested by

Host: fonts.digital.vistaprint.io
URL: https://fonts.digital.vistaprint.io/css?family=Architects%20Daughter%3A100%2C400%2C700%7CArchitects%20Daughter%3A100%2C400%2C700%7CUnkempt%3A100%2C400%2C700%7CUnkempt%3A100%2C400%2C700

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.212.194.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-212-194-157.compute-1.amazonaws.com

Software

nginx/1.15.6 /

Resource Hash

6474d6012ff84761fdd38cff1adaf29d4cdfcbd9c37eb8c5f43730eed5231b32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.digital.vistaprint.io/css?family=Architects%20Daughter%3A100%2C400%2C700%7CArchitects%20Daughter%3A100%2C400%2C700%7CUnkempt%3A100%2C400%2C700%7CUnkempt%3A100%2C400%2C700
Origin: https://wickedconcoctions.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:21 GMT
x-content-type-options: nosniff
age: 92727
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70692
x-xss-protection: 0
last-modified: Tue, 10 May 2022 20:21:30 GMT
server: nginx/1.15.6
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Jul 2024 22:20:54 GMT

GET
H2 200 KtkxAKiDZI_td1Lkx62xHZHDtgO_Y-bvTYlg4w.woff2
fonts.digital.vistaprint.io/gstatic/s/architectsdaughter/v18/ 13 KB
13 KB 366ms
170ms Font
font/woff2 3.212.194.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.digital.vistaprint.io/gstatic/s/architectsdaughter/v18/KtkxAKiDZI_td1Lkx62xHZHDtgO_Y-bvTYlg4w.woff2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.212.194.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-212-194-157.compute-1.amazonaws.com

Software

nginx/1.15.6 /

Resource Hash

284a3c1856b253a681c180bf5328cae3b94d4aaab702f6385490ec4e1b449df3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.digital.vistaprint.io/css?family=Architects%20Daughter%3A100%2C400%2C700%7CArchitects%20Daughter%3A100%2C400%2C700%7CUnkempt%3A100%2C400%2C700%7CUnkempt%3A100%2C400%2C700
Origin: https://wickedconcoctions.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:21 GMT
x-content-type-options: nosniff
age: 84293
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13156
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:51:46 GMT
server: nginx/1.15.6
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Jul 2024 00:41:28 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.digital.vistaprint.io/gstatic/s/lato/v24/ 23 KB
24 KB 365ms
169ms Font
font/woff2 3.212.194.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.digital.vistaprint.io/gstatic/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.digital.vistaprint.io
URL: https://fonts.digital.vistaprint.io/css?family=Lato%3A100%2C400%2C700%7CSource%20Sans%20Pro%3A100%2C400%2C700

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.212.194.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-212-194-157.compute-1.amazonaws.com

Software

nginx/1.15.6 /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.digital.vistaprint.io/css?family=Lato%3A100%2C400%2C700%7CSource%20Sans%20Pro%3A100%2C400%2C700
Origin: https://wickedconcoctions.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:21 GMT
x-content-type-options: nosniff
age: 92398
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:22 GMT
server: nginx/1.15.6
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Jul 2024 22:26:23 GMT

GET
H2 200 buttons Show response
www.paypal.com/smart/ Frame 2C7A 399 KB
121 KB 408ms
407ms Document
text/html 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/smart/buttons?sdkVersion=5.0.388&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9c3VuaWRhbm1vcm5kZXc5JTQweWFob28uY29tJmN1cnJlbmN5PVVTRCZkaXNhYmxlLWZ1bmRpbmc9YmFuY29udGFjdCUyQ2JsaWslMkNlcHMlMkNnaXJvcGF5JTJDaWRlYWwlMkNtZXJjYWRvcGFnbyUyQ215YmFuayUyQ3AyNCUyQ3NlcGElMkNzb2ZvcnQiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF95cG5hdXRobHBmdHBqZWtpc2V3eXdmcnFjY3lwenMifX0&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f154429249f95&storageID=uid_0bd12af2de_mda6mdy6mje&sessionID=uid_ba8cc96169_mda6mdy6mje&buttonSessionID=uid_1760c66034_mda6mdy6mje&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=sunidanmorndew9%40yahoo.com&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true&disableSetCookie=false

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4C97) /

Resource Hash

cf0a3634aa052c5466c88c8c7d51c8db8832362f8b4e2e0a8d2ab24b91994b9f

Security Headers

Name	Value
Content-Security-Policy	form-action 'self' https://.paypal.com https://.cardinalcommerce.com; default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com: https://.paypalobjects.com https://.googleapis.com https://.firebaseio.com wss://.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://.qualtrics.com; frame-src 'self' https://.paypal.com:* https://.paypalobjects.com https://.cardinalcommerce.com https://.firebaseapp.com https://.qualtrics.com; script-src 'self' https://.paypal.com: https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://.paypal.com:* https://.paypalobjects.com 'unsafe-inline'; font-src 'self' https://.paypal.com https://.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wickedconcoctions.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-disposition: inline
content-encoding: gzip
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
date: Thu, 20 Jul 2023 00:06:21 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"63b1e-jYI/bKaNETtc0SAFMkpuaF/0kKI"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
p3p: true
paypal-debug-id: 07a38aa31b856
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4C97)
server-timing: traceparent;desc="00-000000000000000000007a38aa31b856-32ed22a6b6652213-01" content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-000000000000000000007a38aa31b856-736d5b57f94d1807-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-xss-protection: 1; mode=block

GET
H2 200 paypal-blue.svg
www.paypalobjects.com/js-sdk-logos/2.2.7/ Frame 3913 3 KB
1 KB 8ms
7ms Image
image/svg+xml 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/js-sdk-logos/2.2.7/paypal-blue.svg

Requested by

Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CC8) /

Resource Hash

25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 1867a673a7a0f
dc: ccg11-origin-www-1.paypal.com
content-length: 1217
last-modified: Tue, 04 Apr 2023 21:46:19 GMT
server: ECAcc (frc/4CC8)
traceparent: 00-00000000000000000001867a673a7a0f-f3dfb61d7baab926-01
etag: W/"642c9aab-cc2"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Thu, 20 Jul 2023 01:06:21 GMT

GET
H2 200 card-white.svg
www.paypalobjects.com/js-sdk-logos/2.2.7/ Frame 3913 1 KB
761 B 8ms
8ms Image
image/svg+xml 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/js-sdk-logos/2.2.7/card-white.svg

Requested by

Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CA3) /

Resource Hash

1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 1d478ed69fe51
dc: ccg11-origin-www-1.paypal.com
content-length: 637
last-modified: Tue, 04 Apr 2023 21:46:19 GMT
server: ECAcc (frc/4CA3)
traceparent: 00-00000000000000000001d478ed69fe51-f4a949f38f31de5d-01
etag: W/"642c9aab-54e"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Thu, 20 Jul 2023 01:06:21 GMT

GET
H2 200 record
statscollector.digital.vistaprint.com/ 0
114 B 328ms
101ms Image
text/plain 35.172.60.123
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://statscollector.digital.vistaprint.com/record?siteId=2685315330&pageId=2685315330&pageTitle=Home&parentPageId=&builderType=tower&premium=true&referrer=&location=https%3A%2F%2Fwickedconcoctions.com%2F&visitorId=433020460
Requested by: Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.60.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-60-123.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

access-control-allow-origin: https://developer.cimpress.io
date: Thu, 20 Jul 2023 00:06:21 GMT
x-powered-by: Express
content-type: text/plain

GET
H2 200 ts
t.paypal.com/ 42 B
852 B 218ms
169ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Ageneric%3Aanalytics%3A%3Amerchant&page=muse%3Ageneric%3Aanalytics%3A%3Amerchant%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&fltp=analytics-generic&pt=Home&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1689811581691&g=0&completeurl=https%3A%2F%2Fwickedconcoctions.com%2F&ru=https%3A%2F%2Fwickedconcoctions.com%2F&sinfo=%7B%22partners%22%3A%7B%22ecwid%22%3A%7B%7D%2C%22bigCommerce%22%3A%7B%7D%2C%22shopify%22%3A%7B%7D%2C%22wix%22%3A%7B%7D%2C%22bigCartel%22%3A%7B%7D%7D%7D

Requested by

Host: wickedconcoctions.com
URL: https://wickedconcoctions.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wickedconcoctions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Thu, 20 Jul 2023 00:06:21 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: cc4feda214f7d
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-fra-etou8220095-FRA, cache-muc13976-MUC
pragma: no-cache
correlation-id: cc4feda214f7d
traceparent: 00-0000000000000000000cc4feda214f7d-e48e501fe3c9fcf8-01
x-timer: S1689811582.743723,VS0,VE157
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Jul 2023 00:06:21 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame 2C7A 273 KB
76 KB 453ms
453ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?sdkVersion=5.0.388&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9c3VuaWRhbm1vcm5kZXc5JTQweWFob28uY29tJmN1cnJlbmN5PVVTRCZkaXNhYmxlLWZ1bmRpbmc9YmFuY29udGFjdCUyQ2JsaWslMkNlcHMlMkNnaXJvcGF5JTJDaWRlYWwlMkNtZXJjYWRvcGFnbyUyQ215YmFuayUyQ3AyNCUyQ3NlcGElMkNzb2ZvcnQiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF95cG5hdXRobHBmdHBqZWtpc2V3eXdmcnFjY3lwenMifX0&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f154429249f95&storageID=uid_0bd12af2de_mda6mdy6mje&sessionID=uid_ba8cc96169_mda6mdy6mje&buttonSessionID=uid_1760c66034_mda6mdy6mje&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=sunidanmorndew9%40yahoo.com&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true&disableSetCookie=false

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CCF) /

Resource Hash

c603a8dacc2cdfbe00d0493c02762319803c0c9ab2cd6ad099656dc93cffd37c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-w6K1/m+SZMVTVgIZpZnO7X4h2TbprYOohFO6d/47AqC6DRqH' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-w6K1/m+SZMVTVgIZpZnO7X4h2TbprYOohFO6d/47AqC6DRqH' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypal.com/smart/buttons?sdkVersion=5.0.388&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9c3VuaWRhbm1vcm5kZXc5JTQweWFob28uY29tJmN1cnJlbmN5PVVTRCZkaXNhYmxlLWZ1bmRpbmc9YmFuY29udGFjdCUyQ2JsaWslMkNlcHMlMkNnaXJvcGF5JTJDaWRlYWwlMkNtZXJjYWRvcGFnbyUyQ215YmFuayUyQ3AyNCUyQ3NlcGElMkNzb2ZvcnQiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF95cG5hdXRobHBmdHBqZWtpc2V3eXdmcnFjY3lwenMifX0&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f154429249f95&storageID=uid_0bd12af2de_mda6mdy6mje&sessionID=uid_ba8cc96169_mda6mdy6mje&buttonSessionID=uid_1760c66034_mda6mdy6mje&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=sunidanmorndew9%40yahoo.com&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true&disableSetCookie=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-w6K1/m+SZMVTVgIZpZnO7X4h2TbprYOohFO6d/47AqC6DRqH' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-w6K1/m+SZMVTVgIZpZnO7X4h2TbprYOohFO6d/47AqC6DRqH' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 20 Jul 2023 00:06:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
p3p: true
paypal-debug-id: 08925b8175887
server-timing: traceparent;desc="00-000000000000000000008925b8175887-8fb30291624c788f-01", content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 76660
x-xss-protection: 1; mode=block
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server: ECAcc (frc/4CCF)
traceparent: 00-000000000000000000008925b8175887-0b901a0ba5dd7e77-01
etag: W/"12b74-kvgcPYrhjxsEaH2/Ekg3vRWyPBk"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin: *

GET
DATA 200
OK truncated
/ Frame 2C7A 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 2C7A 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame 2C7A 63 KB
22 KB 14ms
8ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBA) /

Resource Hash

2608781d6f4c43426e950104278a33ce4619f2995b1edb09769ac4fb3125c0fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 1098097
x-cache: HIT
paypal-debug-id: 758e5a8266885
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 21772
last-modified: Fri, 07 Jul 2023 00:59:03 GMT
server: ECAcc (frc/4CBA)
traceparent: 00-0000000000000000000758e5a8266885-f417f7456fc99ec6-01
etag: "64a76357-fbd3+gzip"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Jul 2023 00:06:22 GMT

POST
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 2C7A 1021 B
2 KB 316ms
316ms Ping
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CCE) /

Resource Hash

3818ed88c8e62db8404a9c20955b77113899930645e9ed62673f3ed905fc6baa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypal.com/smart/buttons?sdkVersion=5.0.388&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9c3VuaWRhbm1vcm5kZXc5JTQweWFob28uY29tJmN1cnJlbmN5PVVTRCZkaXNhYmxlLWZ1bmRpbmc9YmFuY29udGFjdCUyQ2JsaWslMkNlcHMlMkNnaXJvcGF5JTJDaWRlYWwlMkNtZXJjYWRvcGFnbyUyQ215YmFuayUyQ3AyNCUyQ3NlcGElMkNzb2ZvcnQiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF95cG5hdXRobHBmdHBqZWtpc2V3eXdmcnFjY3lwenMifX0&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f154429249f95&storageID=uid_0bd12af2de_mda6mdy6mje&sessionID=uid_ba8cc96169_mda6mdy6mje&buttonSessionID=uid_1760c66034_mda6mdy6mje&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=sunidanmorndew9%40yahoo.com&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true&disableSetCookie=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 20 Jul 2023 00:06:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
paypal-debug-id: 0594b87a08199
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 616
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server: ECAcc (frc/4CCE)
traceparent: 00-00000000000000000000594b87a08199-abe379602ca33d6e-01
etag: W/"3fd-CEU2G9u6+jP3HgM1jnjKuirmJMg"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin: *

GET
H2 200 i Show response
c.paypal.com/v1/r/d/ Frame 05E4 160 B
1 KB 157ms
157ms Document
text/html 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CCE) /

Resource Hash

9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypal.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-platform, sec-ch-ua-platform-version, sec-ch-ua-arch, sec-ch-ua-wow64, sec-ch-ua-bitness, sec-ch-ua-model, sec-ch-ua-full
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 141
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: 894f946add7f5
date: Thu, 20 Jul 2023 00:06:22 GMT
origin-trial: A0A/uBW0ogQIica1KkPCeSOoHfvTATXdyRg8F/Ka8gjK4pCprEDwF3d3wTxNzSPn1ASb5ncpd46h7RQiSqGYpA8AAACMeyJvcmlnaW4iOiJodHRwczovL2MucGF5cGFsLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY5NTUxMzU5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
paypal-debug-id: 894f946add7f5
server: ECAcc (frc/4CCE)
server-timing: traceparent;desc="00-0000000000000000000894f946add7f5-03417d6843512ccc-01" content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000894f946add7f5-d6bf098ff7b89c86-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

counter2.cgi
dub.stats.paypal.com/v2/ Frame 62FE
Redirect Chain

https://b.stats.paypal.com/v2/counter.cgi?p=uid_ba8cc96169_mda6mdy6mje&s=SMART_PAYMENT_BUTTONS
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_ba8cc96169_mda6mdy6mje&s=SMART_PAYMENT_BUTTONS

42 B
299 B

111ms
34ms

Image
image/jpeg

64.4.245.84
PAYPAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_ba8cc96169_mda6mdy6mje&s=SMART_PAYMENT_BUTTONS
Requested by: Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?sdkVersion=5.0.388&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9c3VuaWRhbm1vcm5kZXc5JTQweWFob28uY29tJmN1cnJlbmN5PVVTRCZkaXNhYmxlLWZ1bmRpbmc9YmFuY29udGFjdCUyQ2JsaWslMkNlcHMlMkNnaXJvcGF5JTJDaWRlYWwlMkNtZXJjYWRvcGFnbyUyQ215YmFuayUyQ3AyNCUyQ3NlcGElMkNzb2ZvcnQiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF95cG5hdXRobHBmdHBqZWtpc2V3eXdmcnFjY3lwenMifX0&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f154429249f95&storageID=uid_0bd12af2de_mda6mdy6mje&sessionID=uid_ba8cc96169_mda6mdy6mje&buttonSessionID=uid_1760c66034_mda6mdy6mje&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=sunidanmorndew9%40yahoo.com&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true&disableSetCookie=false
Protocol: HTTP/1.1
Server: 64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software: PayPal-B.Stats/1.0 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Thu, 20 Jul 2023 00:06:23 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 42
Content-Type: image/jpeg

Redirect headers

Location: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_ba8cc96169_mda6mdy6mje&s=SMART_PAYMENT_BUTTONS
Date: Thu, 20 Jul 2023 00:06:23 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 0
Content-Type: application/octet-stream

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame 05E4 63 KB
22 KB 9ms
8ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBA) /

Resource Hash

2608781d6f4c43426e950104278a33ce4619f2995b1edb09769ac4fb3125c0fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 1098098
x-cache: HIT
paypal-debug-id: 758e5a8266885
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 21772
last-modified: Fri, 07 Jul 2023 00:59:03 GMT
server: ECAcc (frc/4CBA)
traceparent: 00-0000000000000000000758e5a8266885-f417f7456fc99ec6-01
etag: "64a76357-fbd3+gzip"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Jul 2023 00:06:23 GMT

POST
H2 204 rum Show response
wickedconcoctions.com/cdn-cgi/ 0
208 B 9ms
9ms XHR
text/plain 2606:4700::6811:c649
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wickedconcoctions.com/cdn-cgi/rum?

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c649 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://wickedconcoctions.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
content-type: application/json

Response headers

date: Thu, 20 Jul 2023 00:06:23 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://wickedconcoctions.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7e96f53d19bf8fd0-FRA

POST
H2 200 p1 Show response
c.paypal.com/v1/r/d/b/ Frame 05E4 125 B
748 B 201ms
201ms XHR
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/p1

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CFA) /

Resource Hash

5db1ca4aa20280ab82d8c804bfdd23962decf17e26144d04308a1abcc24ba8fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 20 Jul 2023 00:06:23 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
disable-set-cookie: true
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: 2d44e5e24befd
server-timing: traceparent;desc="00-00000000000000000002d44e5e24befd-00d468497398c6b3-01", content-encoding;desc="", x-cdn;desc="edgecast"
content-length: 125
correlation-id: 2d44e5e24befd
server: ECAcc (frc/4CFA)
traceparent: 00-00000000000000000002d44e5e24befd-3c7406d6f0508a25-01
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.paypal.com
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *

POST
H2 204 e Show response
c.paypal.com/v1/r/d/b/ Frame 05E4 0
212 B 167ms
167ms XHR
text/plain 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/e

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4C8D) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 20 Jul 2023 00:06:23 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
correlation-id: 9c936aee994c6
server: ECAcc (frc/4C8D)
traceparent: 00-00000000000000000009c936aee994c6-9a66da8940151a1e-01
vary: Accept-Encoding
access-control-allow-origin: https://www.paypal.com
paypal-debug-id: 9c936aee994c6
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-timing: traceparent;desc="00-00000000000000000009c936aee994c6-7014e62f2c27864a-01", content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *

GET
H2 200 p3
c6.paypal.com/v1/r/d/b/ Frame 05E4 0
289 B 183ms
170ms Image
text/plain 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c6.paypal.com/v1/r/d/b/p3?f=uid_ba8cc96169_mda6mdy6mje&s=SMART_PAYMENT_BUTTONS

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE9) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 00:06:22 GMT
content-encoding: gzip
correlation-id: 81d03e8745c50
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: ECAcc (frc/4CE9)
traceparent: 00-000000000000000000081d03e8745c50-40d8d2d80b1693e3-01
vary: Accept-Encoding
paypal-debug-id: 81d03e8745c50
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: traceparent;desc="00-000000000000000000081d03e8745c50-4d785fc9d869eac6-01", content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *
content-length: 20

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame 2C7A 1018 B
2 KB 244ms
243ms XHR
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CCE) /

Resource Hash

9f715d25c4cf9d879586e19faf8b65b616d2b44608af6c81900ff41dbb812ca4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.paypal.com/smart/buttons?sdkVersion=5.0.388&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9c3VuaWRhbm1vcm5kZXc5JTQweWFob28uY29tJmN1cnJlbmN5PVVTRCZkaXNhYmxlLWZ1bmRpbmc9YmFuY29udGFjdCUyQ2JsaWslMkNlcHMlMkNnaXJvcGF5JTJDaWRlYWwlMkNtZXJjYWRvcGFnbyUyQ215YmFuayUyQ3AyNCUyQ3NlcGElMkNzb2ZvcnQiLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF95cG5hdXRobHBmdHBqZWtpc2V3eXdmcnFjY3lwenMifX0&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f154429249f95&storageID=uid_0bd12af2de_mda6mdy6mje&sessionID=uid_ba8cc96169_mda6mdy6mje&buttonSessionID=uid_1760c66034_mda6mdy6mje&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYWlkeSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=sunidanmorndew9%40yahoo.com&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true&disableSetCookie=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
content-type: application/json

Response headers

date: Thu, 20 Jul 2023 00:06:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
paypal-debug-id: 07743b8714589
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 609
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server: ECAcc (frc/4CCE)
traceparent: 00-000000000000000000007743b8714589-ea88839252cc95e3-01
etag: W/"3fa-CaHMrr5nV5MfC1yTWCNYneJwLMk"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin: *

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 186ms
168ms Preflight 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4C8B) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://wickedconcoctions.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://wickedconcoctions.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 0
date: Thu, 20 Jul 2023 00:06:23 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 0409084898a40
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4C8B)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000409084898a40-574f4a3218097e95-01
vary: Accept-Encoding
x-content-type-options: nosniff

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 1018 B
2 KB 207ms
207ms XHR
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4C8B) /

Resource Hash

0187664296b585251d13faeb14a614c20e3cf12a1922c5caef78d1acf81b737e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://wickedconcoctions.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
content-type: application/json

Response headers

date: Thu, 20 Jul 2023 00:06:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
paypal-debug-id: 0b62927911886
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 605
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server: ECAcc (frc/4C8B)
traceparent: 00-00000000000000000000b62927911886-469521af9a251e3e-01
etag: W/"3fa-XRqVJWikA1tm7fQxO5GUyDD3mrQ"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://wickedconcoctions.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin: *

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.paypal.com/	1970-01-20 13:23:33	Name: l7_az Value: dcg15.slc
.paypal.com/	1970-01-20 22:59:31	Name: ts_c Value: vr%3D709e769e1890a7a8575ed42afe6a3aec%26vt%3D709e769e1890a7a8575ed42afe6a3aeb
wickedconcoctions.com/	1970-01-20 13:24:57	Name: webs-stats-visitor-id Value: 433020460
.paypal.com/	1970-01-20 13:24:03	Name: LANG Value: de_DE%3BDE
.paypal.com/	1970-01-20 22:09:07	Name: enforce_policy Value: gdpr_v2.1
www.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3Ai56vnDE2lzA4Eqt5IQGWtwJI8WnnSBuo.%2F1oa19QDuEUsfx1Bt4009i7N%2BL3HTkq8ofdVSjjb8ug
.paypal.com/	1970-01-20 13:27:50	Name: tsrce Value: loggernodeweb
.c.paypal.com/	1970-01-20 22:59:31	Name: sc_f Value: wdeIh07esk_AkhXFkrrNMvVTKw77Ljuz8k1RVPZGH94IFbesQ3PAJCH1nYlfWZGlok5KjAO0donFiaDW4_6xqIYIRskSiIq1W8Revm
.paypal.com/	1970-01-20 22:59:31	Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK Value: ukCZRjwAfrwwc7XHmD4Oaa6QdxC0lwUih2soMmzkbZrQ-a6vLPomu-RI8To2eGnNDFj778GFEnmXKbYY
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTY4OTgxMTU4MzcxNiIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/	1970-01-20 22:59:31	Name: ts Value: vreXpYrS%3D1784505983%26vteXpYrS%3D1689813383%26vr%3D709e769e1890a7a8575ed42afe6a3aec%26vt%3D709e769e1890a7a8575ed42afe6a3aeb%26vtyp%3Dnew

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.stats.paypal.com
c.paypal.com
c6.paypal.com
cdnjs.cloudflare.com
dub.stats.paypal.com
fonts.digital.vistaprint.io
imageprocessor.digital.vistaprint.com
static.cloudflareinsights.com
static.websimages.com
statscollector.digital.vistaprint.com
t.paypal.com
vp-digital-tower-etc.s3.amazonaws.com
wickedconcoctions.com
www.paypal.com
www.paypalobjects.com
151.101.65.35
192.229.221.25
2606:4700::6810:3865
2606:4700::6811:180e
2606:4700::6811:c649
2606:4700::6811:c949
2606:4700::6811:fd71
3.212.194.157
35.172.60.123
52.216.144.51
52.222.236.23
64.4.245.84
0187664296b585251d13faeb14a614c20e3cf12a1922c5caef78d1acf81b737e
098618125383f339b61490acd432891e79d7ce980dfcc6e0261e93fab5500d89
09c4cc2149bf1d9affc7d2fbb2e73f254a30e4b523348a4575ee8e6400531b94
0b140f87ff144db782e0cddbdd64decbaa35b5c7c890f1e45b05fe2d8478b42e
1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b
25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655
25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b
2608781d6f4c43426e950104278a33ce4619f2995b1edb09769ac4fb3125c0fc
284a3c1856b253a681c180bf5328cae3b94d4aaab702f6385490ec4e1b449df3
3818ed88c8e62db8404a9c20955b77113899930645e9ed62673f3ed905fc6baa
447a1053b3872e295ffa141172d9c2190fd11f59cec0105569a7d36d8fd4f6e6
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
5db1ca4aa20280ab82d8c804bfdd23962decf17e26144d04308a1abcc24ba8fd
6474d6012ff84761fdd38cff1adaf29d4cdfcbd9c37eb8c5f43730eed5231b32
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
72b3e6652be740915336fd90e64ce30772226fa2d0b20aa8c3a4f1ac6576070e
7b926f7146e876add8d897a3ec377f4c20c09530e6160547bfc4dabc539af26c
8c0a01b453ba6dcaa522322f8fd8915cdcf4de8752529aa0914969c9adc068d7
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
9f715d25c4cf9d879586e19faf8b65b616d2b44608af6c81900ff41dbb812ca4
abe1d71df1200b5aa0cc132768d4e22b6e3340c7fc892a3bf541a248840d4b9a
af780e357234ceb6feec085a9a31f46834c88c4d3852d79050ad9dc3658a3a67
c603a8dacc2cdfbe00d0493c02762319803c0c9ab2cd6ad099656dc93cffd37c
cf0a3634aa052c5466c88c8c7d51c8db8832362f8b4e2e0a8d2ab24b91994b9f
d3d5c01c76e92d65b40b7e2d5ce85c13b845f67ebee1859bd37738b412546caf
d4cff8de2398964e05c8efe129c043b5a9c1863201e4054ec0b20ac92a4191af
d5a0d5b95e0edc978e4d936c723e944e8cc9d2271ba1255e9fd1982e76e8a94a
e325942971c7228fc07915fcb1af701457f6940e50531d8bac2ebf6f206ab15f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

wickedconcoctions.com Open in urlscan Pro 2606:4700::6811:c649 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

37 Requests

95 %HTTPS

42 %IPv6

9 Domains

15 Subdomains

12 IPs

1 Countries

824 kBTransfer

2099 kBSize

11 Cookies

0 Outgoing links

Page URL History

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

wickedconcoctions.com Open in urlscan Pro
2606:4700::6811:c649 Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

95 %
HTTPS

42 %
IPv6

9
Domains

15
Subdomains

12
IPs

1
Countries

824 kB
Transfer

2099 kB
Size

11
Cookies

37 HTTP transactions
1 data transactions