urlscan.io logo urlscan.io
SecurityTrails logo

channel.paragon.online Open in urlscan Pro
2606:4700:10::6816:3ae5  Public Scan

Go To Rescan Add Verdict Report
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Submission: On May 12 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 29 HTTP transactions. The main IP is 2606:4700:10::6816:3ae5, located in United States and belongs to CLOUDFLARENET, US. The main domain is channel.paragon.online.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 30th 2023. Valid for: a year.
This is the only time channel.paragon.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 2606:4700:10:... 13335 (CLOUDFLAR...)
4 2a00:1450:401... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
29 5
Apex Domain
Subdomains		 Transfer
12 paragon.online
channel.paragon.online
189 KB
10 google.com
pay.google.com — Cisco Umbrella Rank: 2786
play.google.com — Cisco Umbrella Rank: 34
436 KB
4 gstatic.com
fonts.gstatic.com Failed
www.gstatic.com
104 KB
29 3
Domain Requested by
12 channel.paragon.online channel.paragon.online
6 play.google.com www.gstatic.com
4 www.gstatic.com pay.google.com
www.gstatic.com
4 pay.google.com channel.paragon.online
pay.google.com
www.gstatic.com
0 fonts.gstatic.com Failed channel.paragon.online
29 5

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-30 -
2024-04-29		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-04-17 -
2023-07-10		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://channel.paragon.online/payment-form/4zKj0F6h
Frame ID: E5BA9F03F66876E27FB0A9D6BB4454C2
Requests: 16 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fchannel.paragon.online&mid=
Frame ID: C23E26DABD0729787E266E03CA7B4A89
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Fibonatix Payment

Detected technologies

Overall confidence: 100%
Detected patterns
  • pay\.google\.com/([a-z/]+)/pay\.js

Page Statistics

29
Requests

90 %
HTTPS

100 %
IPv6

3
Domains

5
Subdomains

5
IPs

3
Countries

729 kB
Transfer

2366 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 4zKj0F6h
channel.paragon.online/payment-form/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09d9dcc802b661f143d69ded4c13148b365d9e318843cb41535583d236d7720d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' play.google.com pay.google.com google.com channel-sandbox.paragon.online channel.paragon.online cdn.paragon.online storage.paragon.online fibonatixsharestorage.blob.core.windows.net;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cf-cache-status
DYNAMIC
cf-ray
7c63a1989c481e4a-FRA
content-encoding
gzip
content-security-policy
default-src 'self' 'unsafe-inline' play.google.com pay.google.com google.com channel-sandbox.paragon.online channel.paragon.online cdn.paragon.online storage.paragon.online fibonatixsharestorage.blob.core.windows.net;
content-type
text/html
date
Fri, 12 May 2023 15:17:54 GMT
last-modified
Tue, 09 May 2023 11:12:10 GMT
server
cloudflare
x-content-type-options
nosniff
x-xss-protection
1
2.ffda3d49.chunk.css
channel.paragon.online/static/css/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://channel.paragon.online/static/css/2.ffda3d49.chunk.css
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
510389d0d37d829eb7154ec55704247adcfa0da2c18d959daf71a384a590dbb2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://channel.paragon.online/payment-form/4zKj0F6h
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:54 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 09 May 2023 11:12:10 GMT
server
cloudflare
age
75044
etag
W/"1d982671930be05"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=14400
cf-ray
7c63a1994d201e4a-FRA
pay.js
pay.google.com/gp/p/js/ 		116 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/js/pay.js
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4013:c01::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
248a1075a0c6bd06c4f88ba216bb1e53ea9313b8cc4034a2781768d140ad0bc5
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-JIgBR3LIb9-W8w5dSGi1oA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://channel.paragon.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:54 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-JIgBR3LIb9-W8w5dSGi1oA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Fri, 12 May 2023 15:17:54 GMT
2.0d98cf89.chunk.js
channel.paragon.online/static/js/ 		522 KB
161 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://channel.paragon.online/static/js/2.0d98cf89.chunk.js
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c220ccb5e24402d4ce651edead7c60b70412b11a01797c9587bfd0082211033a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://channel.paragon.online/payment-form/4zKj0F6h
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:54 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 08 May 2023 08:14:38 GMT
server
cloudflare
age
326072
etag
W/"1d9818521b88259"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
cf-ray
7c63a1994d221e4a-FRA
main.2b913b12.chunk.js
channel.paragon.online/static/js/ 		57 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://channel.paragon.online/static/js/main.2b913b12.chunk.js
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ed12eba02d05083609e846870ac8a7a69da0650806ead7a2daf7d231a09b261

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://channel.paragon.online/payment-form/4zKj0F6h
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:54 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 09 May 2023 11:12:10 GMT
server
cloudflare
age
106062
etag
W/"1d9826719304267"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
cf-ray
7c63a1994d241e4a-FRA
payframe
pay.google.com/gp/p/ui/ Frame C23E 		18 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fchannel.paragon.online&mid=
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4013:c01::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fb020571679be11f5ad8acd045b91fbaad9697a55895d18d8967a6c3fb011bf5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-qMpi-NykabGzkNkh-Vr4Xw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://channel.paragon.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-qMpi-NykabGzkNkh-Vr4Xw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-site
date
Fri, 12 May 2023 15:17:55 GMT
expires
Fri, 12 May 2023 15:17:55 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
0
4zKj0F6h
channel.paragon.online/pp/ 		529 B
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://channel.paragon.online/pp/4zKj0F6h
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/static/js/2.0d98cf89.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6a3bdf3feb4dd416ff1bc691b80b0439f0631646d15be713c49c4807002aebc
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' play.google.com pay.google.com google.com channel-sandbox.paragon.online channel.paragon.online cdn.paragon.online storage.paragon.online fibonatixsharestorage.blob.core.windows.net;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept
application/json, text/plain, */*
Referer
https://channel.paragon.online/payment-form/4zKj0F6h
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
content-security-policy
default-src 'self' 'unsafe-inline' play.google.com pay.google.com google.com channel-sandbox.paragon.online channel.paragon.online cdn.paragon.online storage.paragon.online fibonatixsharestorage.blob.core.windows.net;
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
server
cloudflare
content-type
application/json
access-control-allow-origin
*
cf-ray
7c63a19acf521e4a-FRA
x-xss-protection
1
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 		0
0
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 		0
0
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 		0
0
fibonatix-bg.b8689220.svg
channel.paragon.online/static/media/ 		758 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://channel.paragon.online/static/media/fibonatix-bg.b8689220.svg
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e81869ad8289deeadcd6d2490a1654700423fb0654d7762f2497e582ef4036dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://channel.paragon.online/payment-form/4zKj0F6h
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 03 May 2023 10:36:42 GMT
server
cloudflare
age
601469
etag
W/"1d97dab26531bf6"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
7c63a19adf621e4a-FRA
materCard.cbcc4f11.svg
channel.paragon.online/static/media/ 		1 KB
579 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://channel.paragon.online/static/media/materCard.cbcc4f11.svg
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91e09818a1fe08988f1fd5fa168b87a4caf98775bf21c6484e8fe6ba6987ca0f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://channel.paragon.online/payment-form/4zKj0F6h
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 08 May 2023 08:14:38 GMT
server
cloudflare
age
326072
etag
W/"1d9818521b0afbf"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
7c63a19b681e1e4a-FRA
newVisaBlue.eabb758c.svg
channel.paragon.online/static/media/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://channel.paragon.online/static/media/newVisaBlue.eabb758c.svg
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76f73fa6cd3a71608911cf5bc91428028c5405b535fa8a59c3fb93719b8eabc8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://channel.paragon.online/payment-form/4zKj0F6h
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 03 May 2023 10:36:42 GMT
server
cloudflare
age
450590
etag
W/"1d97dab26531037"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
7c63a19b68221e4a-FRA
newMaestro.54e14d5b.svg
channel.paragon.online/static/media/ 		1 KB
591 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://channel.paragon.online/static/media/newMaestro.54e14d5b.svg
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d25f7b8bea6839aaff6cf3b429805a45d1c01d30f2a6a634747f9d4604286bd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://channel.paragon.online/payment-form/4zKj0F6h
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 03 May 2023 10:36:42 GMT
server
cloudflare
age
593421
etag
W/"1d97dab26531da3"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
7c63a19b68251e4a-FRA
verifiedByVisa.e6f1ea3c.svg
channel.paragon.online/static/media/ 		9 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://channel.paragon.online/static/media/verifiedByVisa.e6f1ea3c.svg
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7e76cb644306d3560ddca6e0e0e264219bbbc43e9baa226ed09ad4e99ab775a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://channel.paragon.online/payment-form/4zKj0F6h
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 08 May 2023 08:14:38 GMT
server
cloudflare
age
326072
etag
W/"1d9818521b089b7"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
7c63a19b68261e4a-FRA
mastroCardSC.1ed3fbd4.svg
channel.paragon.online/static/media/ 		9 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://channel.paragon.online/static/media/mastroCardSC.1ed3fbd4.svg
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8eb07cbba7e2d96b0bd02f23ba3253435635b8026a512109b7b5def09ca6f481

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://channel.paragon.online/payment-form/4zKj0F6h
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 09 May 2023 11:12:10 GMT
server
cloudflare
age
75045
etag
W/"1d98267193084cd"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
7c63a19b68291e4a-FRA
4zKj0F6h
channel.paragon.online/fingerprint/ 		16 B
97 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://channel.paragon.online/fingerprint/4zKj0F6h
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/static/js/2.0d98cf89.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ae5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33cd4a5086f5da2aad40cb3392ffebb63561b285ec2210475b85d5cd39b35210
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' play.google.com pay.google.com google.com channel-sandbox.paragon.online channel.paragon.online cdn.paragon.online storage.paragon.online fibonatixsharestorage.blob.core.windows.net;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept
application/json, text/plain, */*
Referer
https://channel.paragon.online/payment-form/4zKj0F6h
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
content-security-policy
default-src 'self' 'unsafe-inline' play.google.com pay.google.com google.com channel-sandbox.paragon.online channel.paragon.online cdn.paragon.online storage.paragon.online fibonatixsharestorage.blob.core.windows.net;
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
server
cloudflare
content-type
text/html
access-control-allow-origin
*
cf-ray
7c63a19b68241e4a-FRA
x-xss-protection
1
m=_b,_tp,_r
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/r... Frame C23E 		157 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrjZjS-b846bU9JFjWbDuYp4J7U-1g/m=_b,_tp,_r
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fchannel.paragon.online&mid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
413eee8802417be36862c02a0f6742e89047cddd35fc4efbd29f8a7cffbcd5e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Thu, 11 May 2023 16:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
82600
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56654
x-xss-protection
0
last-modified
Thu, 11 May 2023 02:25:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Fri, 10 May 2024 16:21:15 GMT
cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame C23E 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by
Host: channel.paragon.online
URL: https://channel.paragon.online/payment-form/4zKj0F6h
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4013:c01::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer
https://pay.google.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
referrer-policy
no-referrer
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1608
content-type
text/html; charset=UTF-8
m=IZT63,ZyYHPb,ws9Tlc,vfuNJf,PrPYRd,hc6Ubd,Das5Le
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.fSa... Frame C23E 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.fSa0xJY05bI.L.B1.O/am=wLEBQA/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrhJO2OHJLE4blNm3FMEPO9Xj_y85w/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=IZT63,ZyYHPb,ws9Tlc,vfuNJf,PrPYRd,hc6Ubd,Das5Le
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrjZjS-b846bU9JFjWbDuYp4J7U-1g/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
827edd70319f63fa71429a0e8efe6451fa6f1affd57d3237443a6e13a99567e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Thu, 11 May 2023 16:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
82600
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26119
x-xss-protection
0
last-modified
Tue, 09 May 2023 11:23:08 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Fri, 10 May 2024 16:21:15 GMT
pay
pay.google.com/gp/p/ui/ Frame C23E 		1 MB
390 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/pay
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrjZjS-b846bU9JFjWbDuYp4J7U-1g/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4013:c01::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f0cb41e4ec02a8d517ac54d78f37a9595144cf2ada5a4fbebecde60c4accc75d
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-BeeuiEbIjlqQ4RDPuksHzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-BeeuiEbIjlqQ4RDPuksHzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
x-content-type-options
nosniff
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
x-ua-compatible
IE=edge
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
unsafe-none
server
ESF
x-frame-options
DENY
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
cache-control
private, max-age=3600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Fri, 12 May 2023 15:17:55 GMT
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.fSa... Frame C23E 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.fSa0xJY05bI.L.B1.O/am=wLEBQA/d=1/exm=Das5Le,IZT63,PrPYRd,ZyYHPb,_b,_r,_tp,hc6Ubd,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrhJO2OHJLE4blNm3FMEPO9Xj_y85w/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrjZjS-b846bU9JFjWbDuYp4J7U-1g/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2388cc07bac3930391667033d85607cb695ff5d7bf466eab6052aef3d853c1a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Thu, 11 May 2023 16:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
82599
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9401
x-xss-protection
0
last-modified
Tue, 09 May 2023 11:23:08 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Fri, 10 May 2024 16:21:16 GMT
m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.fSa... Frame C23E 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.fSa0xJY05bI.L.B1.O/am=wLEBQA/d=1/exm=Das5Le,FCpbqb,IZT63,PrPYRd,WhJNk,Wt6vjf,ZyYHPb,_b,_r,_tp,hc6Ubd,hhhU8,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfrhJO2OHJLE4blNm3FMEPO9Xj_y85w/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrjZjS-b846bU9JFjWbDuYp4J7U-1g/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c0b590e2a456890d37d2059f2f34f645c8a6209d57c328d63622c8c951874aa2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Thu, 11 May 2023 16:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
82599
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13544
x-xss-protection
0
last-modified
Tue, 09 May 2023 11:23:08 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Fri, 10 May 2024 16:21:16 GMT
log
play.google.com/ Frame C23E 		131 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrjZjS-b846bU9JFjWbDuYp4J7U-1g/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 12 May 2023 15:17:55 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Fri, 12 May 2023 15:17:55 GMT
expires
Fri, 12 May 2023 15:17:55 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Fri, 12 May 2023 15:17:55 GMT
expires
Fri, 12 May 2023 15:17:55 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame C23E 		131 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrjZjS-b846bU9JFjWbDuYp4J7U-1g/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 12 May 2023 15:17:55 GMT
log
play.google.com/ Frame C23E 		131 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mcakmH4xCHI.es5.O/am=wLEBQA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfrjZjS-b846bU9JFjWbDuYp4J7U-1g/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Fri, 12 May 2023 15:17:55 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 12 May 2023 15:17:55 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Fri, 12 May 2023 15:17:55 GMT
expires
Fri, 12 May 2023 15:17:55 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.gstatic.com
URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Domain
fonts.gstatic.com
URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Domain
fonts.gstatic.com
URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| denylistedDomainsHashedValueListForGpayButtonWithCardInfo object| whitelistedDomainsHashedValueListForGpayButtonWithCardInfo object| denylistedMerchentIdsHashedValueListForGpayButtonWithCardInfo object| google object| webpackJsonppp-react number| 2f1acc6c3a606b082e5eef5e54414ffb object| regeneratorRuntime

1 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 511=KgJO6c1g7L8-nkASBDdAR2dOD_CSfGW8P2LVTLj-HvhAxJzvAvYJj7L-zlZmqs-UIrGP3Ry36R4lsmeFBD65N1EVvVVuqm4aFw5mKyt0zE25dqcu9mSZDStAhtOMTIbQEfWIJPJaPI-_Wxic6Em03da7rBEtyNLe1Nk2gC-8J04

5 Console Messages

Source Level URL
Text
security error URL: https://channel.paragon.online/payment-form/4zKj0F6h
Message:
Refused to load the font 'https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' play.google.com pay.google.com google.com channel-sandbox.paragon.online channel.paragon.online cdn.paragon.online storage.paragon.online fibonatixsharestorage.blob.core.windows.net". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://channel.paragon.online/payment-form/4zKj0F6h
Message:
Refused to load the font 'https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' play.google.com pay.google.com google.com channel-sandbox.paragon.online channel.paragon.online cdn.paragon.online storage.paragon.online fibonatixsharestorage.blob.core.windows.net". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://channel.paragon.online/payment-form/4zKj0F6h
Message:
Refused to load the font 'https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' play.google.com pay.google.com google.com channel-sandbox.paragon.online channel.paragon.online cdn.paragon.online storage.paragon.online fibonatixsharestorage.blob.core.windows.net". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' play.google.com pay.google.com google.com channel-sandbox.paragon.online channel.paragon.online cdn.paragon.online storage.paragon.online fibonatixsharestorage.blob.core.windows.net;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

channel.paragon.online
fonts.gstatic.com
pay.google.com
play.google.com
www.gstatic.com
fonts.gstatic.com
2606:4700:10::6816:3ae5
2a00:1450:4001:80f::2003
2a00:1450:4001:831::200e
2a00:1450:4013:c01::5c
09d9dcc802b661f143d69ded4c13148b365d9e318843cb41535583d236d7720d
2388cc07bac3930391667033d85607cb695ff5d7bf466eab6052aef3d853c1a0
248a1075a0c6bd06c4f88ba216bb1e53ea9313b8cc4034a2781768d140ad0bc5
33cd4a5086f5da2aad40cb3392ffebb63561b285ec2210475b85d5cd39b35210
413eee8802417be36862c02a0f6742e89047cddd35fc4efbd29f8a7cffbcd5e2
4ed12eba02d05083609e846870ac8a7a69da0650806ead7a2daf7d231a09b261
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
510389d0d37d829eb7154ec55704247adcfa0da2c18d959daf71a384a590dbb2
76f73fa6cd3a71608911cf5bc91428028c5405b535fa8a59c3fb93719b8eabc8
827edd70319f63fa71429a0e8efe6451fa6f1affd57d3237443a6e13a99567e0
8d25f7b8bea6839aaff6cf3b429805a45d1c01d30f2a6a634747f9d4604286bd
8eb07cbba7e2d96b0bd02f23ba3253435635b8026a512109b7b5def09ca6f481
91e09818a1fe08988f1fd5fa168b87a4caf98775bf21c6484e8fe6ba6987ca0f
a7e76cb644306d3560ddca6e0e0e264219bbbc43e9baa226ed09ad4e99ab775a
c0b590e2a456890d37d2059f2f34f645c8a6209d57c328d63622c8c951874aa2
c220ccb5e24402d4ce651edead7c60b70412b11a01797c9587bfd0082211033a
d6a3bdf3feb4dd416ff1bc691b80b0439f0631646d15be713c49c4807002aebc
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
e81869ad8289deeadcd6d2490a1654700423fb0654d7762f2497e582ef4036dc
f0cb41e4ec02a8d517ac54d78f37a9595144cf2ada5a4fbebecde60c4accc75d
fb020571679be11f5ad8acd045b91fbaad9697a55895d18d8967a6c3fb011bf5