w1.buysub.com Open in urlscan Pro
198.176.166.187 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://l.orders.buysub.com/rts/go2.aspx?h=10205&tp=i-1NGB-Ik-1OW-8s5A-1n-8QN3-1c-8rrc-l8sO5hPQeN-tMhsk&x=2033
Effective URL:
https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&...
Submission: On April 26 via manual (April 26th 2023, 7:04:29 pm UTC) from US — Scanned from DE

Summary HTTP 40 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 11 IPs in 2 countries across 8 domains to perform 40 HTTP transactions. The main IP is 198.176.166.187, located in United States and belongs to CDS-GLOBAL-01, US. The main domain is w1.buysub.com. The Cisco Umbrella rank of the primary domain is 428741.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 13th 2022. Valid for: a year.

This is the only time w1.buysub.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	173.213.4.176 173.213.4.176	53316 (ASN-CHEET...) (ASN-CHEETA-MAIL)
1 11	198.176.166.187 198.176.166.187	397973 (CDS-GLOBA...) (CDS-GLOBAL-01)
1 6	151.101.0.155 151.101.0.155	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
5	12.202.245.53 12.202.245.53	2386 (INS-AS) (INS-AS)
2	63.148.46.76 63.148.46.76	53316 (ASN-CHEET...) (ASN-CHEETA-MAIL)
2	18.66.147.88 18.66.147.88	16509 (AMAZON-02) (AMAZON-02)
3	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
9	151.101.193.21 151.101.193.21	54113 (FASTLY) (FASTLY)
2	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	151.101.193.35 151.101.193.35	54113 (FASTLY) (FASTLY)
40	11

2 173.213.4.176 (United States) 2 redirects

ASN53316 (ASN-CHEETA-MAIL, US)

l.orders.buysub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 198.176.166.187 (United States) 1 redirects

ASN397973 (CDS-GLOBAL-01, US)
PTR: w1.buysub.com

w1.buysub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.0.155 (United States) 1 redirects

ASN54113 (FASTLY, US)

paymentcapture.resin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 12.202.245.53 (Ocilla, United States)

ASN2386 (INS-AS, US)

cms.pcdfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.148.46.76 (Raeford, United States)

ASN53316 (ASN-CHEETA-MAIL, US)
PTR: xts.eccmp.com

sts.eccmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.147.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-88.fra60.r.cloudfront.net

payments-api.cloud.buysub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.193.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o31459.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	buysub.com 3 redirects l.orders.buysub.com w1.buysub.com — Cisco Umbrella Rank: 428741 payments-api.cloud.buysub.com	156 KB
10	paypal.com www.paypal.com — Cisco Umbrella Rank: 2260 t.paypal.com — Cisco Umbrella Rank: 3014	31 KB
6	resin.com 1 redirects paymentcapture.resin.com	212 KB
5	pcdfusion.com cms.pcdfusion.com	112 KB
3	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2070	546 KB
2	sentry.io o31459.ingest.sentry.io	448 B
2	eccmp.com sts.eccmp.com — Cisco Umbrella Rank: 21086	8 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 607	31 KB
40	8

	Domain	Requested by
11	w1.buysub.com	1 redirects w1.buysub.com
9	www.paypal.com	www.paypalobjects.com paymentcapture.resin.com
6	paymentcapture.resin.com	1 redirects w1.buysub.com paymentcapture.resin.com
5	cms.pcdfusion.com	w1.buysub.com
3	www.paypalobjects.com	paymentcapture.resin.com www.paypal.com
2	o31459.ingest.sentry.io	paymentcapture.resin.com
2	payments-api.cloud.buysub.com	paymentcapture.resin.com
2	sts.eccmp.com	w1.buysub.com sts.eccmp.com
2	l.orders.buysub.com	2 redirects
1	t.paypal.com	w1.buysub.com
1	ajax.googleapis.com	w1.buysub.com
40	11

This site contains links to these domains. Also see Links.

Domain
cowboysindians.com

Subject Issuer	Validity	Valid
*.buysub.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.pcdfusion.com R3	`2023-02-26` - `2023-05-27`	3 months	crt.sh
*.eccmp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-05-20` - `2023-06-20`	a year	crt.sh
*.resin.com GlobalSign Atlas R3 DV TLS CA 2022 Q3	`2022-07-28` - `2023-08-29`	a year	crt.sh
*.cloud.buysub.com Amazon RSA 2048 M01	`2023-02-21` - `2024-02-03`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-11-09` - `2023-12-10`	a year	crt.sh
ingest.sentry.io DigiCert TLS RSA SHA256 2020 CA1	`2022-07-28` - `2023-08-28`	a year	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-10-19` - `2023-11-19`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
Frame ID: 60DB2FF670C96AB88B0F3E086B03FB8E
Requests: 19 HTTP requests in this frame

Frame: https://paymentcapture.resin.com/app/1.8.3/index.html?config_id=8031035487140753&prod_id_alias=CNI&origin=https%3A%2F%2Fw1.buysub.com&identifier=9885d866-b672-461e-9b5b-7658beb7c19e&disable_alt_pay=false&disable_credit_card=true&can_pay_with_apple=false
Frame ID: AA7B586B4D1676A8FD8EABC21E089260
Requests: 11 HTTP requests in this frame

Frame: https://www.paypal.com/smart/button?env=production&style.size=responsive&style.color=gold&style.shape=rect&style.label=paypal&style.tagline=false&style.width=100%25&style.height=48&funding.disallowed=credit%2Cvenmo&locale.x=en_US&domain=paymentcapture.resin.com&sessionID=uid_f55aa97819_mtk6mdq6mjm&buttonSessionID=uid_943d67fcd6_mtk6mdq6mjm&renderedButtons=paypal&storageID=uid_934ae224bf_mtk6mdq6mjm&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQuanMifQ&uid=74ecdbe5c2&version=4&xcomponent=1
Frame ID: 6DB25BDE8A3EA2CB70AC72647EA4BA33
Requests: 10 HTTP requests in this frame

Frame: data://truncated
Frame ID: B1D77BDB801A927A18E20C808A6F3779
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Invoice

Page URL History Show full URLs

http://l.orders.buysub.com/rts/go2.aspx?h=10205&tp=i-1NGB-Ik-1OW-8s5A-1n-8QN3-1c-8rrc-l8sO5hPQeN-tMhsk&... HTTP 302
https://l.orders.buysub.com/rts/go2.aspx?h=10205&tp=i-1NGB-Ik-1OW-8s5A-1n-8QN3-1c-8rrc-l8sO5hPQeN-tMhsk&... HTTP 302
https://w1.buysub.com/servlet/OPGateway?cds_fn=355498CNI2033H HTTP 302
https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=C... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

40
Requests

98 %
HTTPS

9 %
IPv6

8
Domains

11
Subdomains

11
IPs

2
Countries

1095 kB
Transfer

4778 kB
Size

13
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://cowboysindians.com/
Title: Cowboys and Indians Magazine

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://l.orders.buysub.com/rts/go2.aspx?h=10205&tp=i-1NGB-Ik-1OW-8s5A-1n-8QN3-1c-8rrc-l8sO5hPQeN-tMhsk&x=2033 HTTP 302
https://l.orders.buysub.com/rts/go2.aspx?h=10205&tp=i-1NGB-Ik-1OW-8s5A-1n-8QN3-1c-8rrc-l8sO5hPQeN-tMhsk&x=2033 HTTP 302
https://w1.buysub.com/servlet/OPGateway?cds_fn=355498CNI2033H HTTP 302
https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://paymentcapture.resin.com/v1/payment-capture.js HTTP 302
https://paymentcapture.resin.com/app/1.8.3/js/payment-capture.js

40 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request 2020_Outbound_Payment_LP_2.jsp Show response
w1.buysub.com/pubs/CN/CNI/
Redirect Chain

http://l.orders.buysub.com/rts/go2.aspx?h=10205&tp=i-1NGB-Ik-1OW-8s5A-1n-8QN3-1c-8rrc-l8sO5hPQeN-tMhsk&x=2033
https://l.orders.buysub.com/rts/go2.aspx?h=10205&tp=i-1NGB-Ik-1OW-8s5A-1n-8QN3-1c-8rrc-l8sO5hPQeN-tMhsk&x=2033
https://w1.buysub.com/servlet/OPGateway?cds_fn=355498CNI2033H
https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H

45 KB
15 KB

341ms
340ms

Document
text/html

198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

8ef839f8bbae3ec2eae45b64cfea3fa81ef731ff9e56e7486cdadd4cfcf6cfd8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none' ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode = block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Encoding: gzip
Content-Language: en-US
Content-Security-Policy: frame-ancestors 'none' ;
Content-Type: text/html;charset=ISO-8859-1
Date: Wed, 26 Apr 2023 19:04:19 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=10, max=64
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: DENY
X-XSS-Protection: 1; mode = block
X-content-Type-Options: nosniff

Redirect headers

Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Language: en-US
Content-Length: 0
Content-Security-Policy: frame-ancestors 'none' ;
Date: Wed, 26 Apr 2023 19:04:19 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=10, max=100
Location: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-content-Type-Options: nosniff

GET
H2

200

payment-capture.js Show response
paymentcapture.resin.com/app/1.8.3/js/
Redirect Chain

https://paymentcapture.resin.com/v1/payment-capture.js
https://paymentcapture.resin.com/app/1.8.3/js/payment-capture.js

27 KB
9 KB

10ms
9ms

Script
text/javascript

151.101.0.155
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://paymentcapture.resin.com/app/1.8.3/js/payment-capture.js

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H

Protocol

Server

151.101.0.155 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

25ab6d2a9dbc06a49e1de9f6ae9d09cac86ea407791e294ca3b1daccd7d0c5ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
date: Wed, 26 Apr 2023 19:04:20 GMT
last-modified: Thu, 30 Mar 2023 11:26:46 GMT
strict-transport-security: max-age=31557600
x-amz-request-id: Q1648QB9YZEFXX6J
age: 3344
etag: "6a16baaf491a448e8ab00c3046d316f2"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: text/javascript
accept-ranges: bytes
content-length: 8986
x-amz-id-2: nM7DaO9DSysT8wucQRIhD1Z5xOTbKJpbvA8Wxc3gbhTYw1lJpE1bxvGkmpboda2pSRzJ3da8R08=

Redirect headers

date: Wed, 26 Apr 2023 19:04:20 GMT
strict-transport-security: max-age=31557600
age: 256
x-cache: HIT, MISS
content-type: text/html
location: https://paymentcapture.resin.com/app/1.8.3/js/payment-capture.js
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 138

GET
H/1.1 200
OK bootstrapCSS.css
w1.buysub.com/pubs/CN/CNI/images/ 133 KB
35 KB 266ms
265ms Stylesheet
text/css 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/CN/CNI/images/bootstrapCSS.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

262f18f0fde1ffb3bbcb2dae703b9e5092b731a8b63aac9cc9035c48d00d86ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Encoding: gzip
X-content-Type-Options: nosniff
Date: Wed, 26 Apr 2023 19:04:20 GMT
Last-Modified: Fri, 31 Jul 2020 17:53:01 GMT
Age: 220
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-GB
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=95
Content-Length: 35651
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main.css
w1.buysub.com/pubs/CN/CNI/images/ 23 KB
8 KB 1666ms
1398ms Stylesheet
text/css 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/CN/CNI/images/main.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

1c210faac51027b3e83c2c5f630970c3f3e6e8eecf28dc4ccaf7834512faab86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Encoding: gzip
X-content-Type-Options: nosniff
Date: Wed, 26 Apr 2023 19:04:20 GMT
Last-Modified: Fri, 31 Jul 2020 17:53:01 GMT
Age: 220
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-GB
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=96
Content-Length: 7678
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bootstrap.css
w1.buysub.com/pubs/CN/CNI/images/ 120 KB
32 KB 1932ms
1665ms Stylesheet
text/css 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/CN/CNI/images/bootstrap.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Encoding: gzip
X-content-Type-Options: nosniff
Date: Wed, 26 Apr 2023 19:04:20 GMT
Last-Modified: Fri, 31 Jul 2020 17:53:01 GMT
Age: 220
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-GB
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=97
Content-Length: 31993
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK font-awesome.css
w1.buysub.com/pubs/CN/CNI/images/ 23 KB
8 KB 573ms
286ms Stylesheet
text/css 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/CN/CNI/images/font-awesome.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

d20270f83013b136fbb1cd537d1bb55ad642a80e931a5cba29ff56f51035442f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Encoding: gzip
X-content-Type-Options: nosniff
Date: Wed, 26 Apr 2023 19:04:20 GMT
Last-Modified: Fri, 31 Jul 2020 17:53:01 GMT
Age: 220
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-GB
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=94
Content-Length: 7442
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icon2.png
w1.buysub.com/pubs/CN/CNI/images/ 20 KB
20 KB 679ms
430ms Image
image/png 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/CN/CNI/images/icon2.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

89d32fc2eb9e82abdba4f1ba2b4c80e7f77b1d320a5ad64a89d3cf3e6f62dbdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Wed, 26 Apr 2023 19:04:20 GMT
X-content-Type-Options: nosniff
Last-Modified: Fri, 31 Jul 2020 17:53:01 GMT
Age: 233
X-Frame-Options: SAMEORIGIN
Content-Language: en-GB
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=62
Content-Length: 20355
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery-ui.css
w1.buysub.com/pubs/CN/CNI/images/ 36 KB
12 KB 332ms
292ms Stylesheet
text/css 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/CN/CNI/images/jquery-ui.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

4ac8a276f6440e3269e7b0c9bd1b8d04495ddf4e2b671b2002e13e82010413fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Encoding: gzip
X-content-Type-Options: nosniff
Date: Wed, 26 Apr 2023 19:04:20 GMT
Last-Modified: Fri, 31 Jul 2020 17:53:01 GMT
Age: 220
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en-GB
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=97
Content-Length: 11751
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK submit_button.png
w1.buysub.com/pubs/CN/CNI/images/ 7 KB
8 KB 144ms
144ms Image
image/png 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/CN/CNI/images/submit_button.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

36d7f0123c038ec70df7742e88310626b9d3ad5eb03c7abd71902bb1ab55eb61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Wed, 26 Apr 2023 19:04:21 GMT
X-content-Type-Options: nosniff
Last-Modified: Wed, 16 Sep 2020 16:32:28 GMT
Age: 3173
X-Frame-Options: SAMEORIGIN
Content-Language: en-GB
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=89
Content-Length: 7660
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK footer-logo.png
w1.buysub.com/pubs/CN/CNI/images/ 14 KB
14 KB 396ms
396ms Image
image/png 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://w1.buysub.com/pubs/CN/CNI/images/footer-logo.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

4d779e77e8c2519999a70ca39e6be25162f9eba61f1b1ebca3201489274f14cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Wed, 26 Apr 2023 19:04:21 GMT
X-content-Type-Options: nosniff
Last-Modified: Fri, 31 Jul 2020 17:53:01 GMT
Age: 220
X-Frame-Options: SAMEORIGIN
Content-Language: en-GB
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=99
Content-Length: 14313
X-XSS-Protection: 1; mode=block

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 46ms
9ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 22 Apr 2023 17:33:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 351051
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Apr 2024 17:33:29 GMT

GET
H/1.1 200
OK payCapt.js Show response
w1.buysub.com/pubs/CN/CNI/images/ 1 KB
2 KB 400ms
132ms Script
application/javascript 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/CN/CNI/images/payCapt.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

6142bdf9dd50c0e5f6211e25bc2516417493c6e5a7ac68ae25aad61c98512202

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Date: Wed, 26 Apr 2023 19:04:20 GMT
X-content-Type-Options: nosniff
Last-Modified: Thu, 15 Sep 2022 18:55:49 GMT
Age: 219
X-Frame-Options: SAMEORIGIN
Content-Language: en-GB
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=99
Content-Length: 1229
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK pat.jpg
cms.pcdfusion.com/fusionimages/14701/images/ 4 KB
5 KB 959ms
127ms Image
image/jpeg 12.202.245.53
INS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.pcdfusion.com/fusionimages/14701/images/pat.jpg

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/CN/CNI/images/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

12.202.245.53 Ocilla, United States, ASN2386 (INS-AS, US),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

e36e6930d06e80858ee37aa3fb7ac268d3f989d1ed5c6b3b9243492fe5cc2c03

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 19:04:45 GMT
Strict-Transport-Security: max-age=16070400; includeSubdomains
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Mar 2018 18:07:59 GMT
Server: Microsoft-IIS/8.5
ETag: "2cc15fb751bdd31:0"
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Vary: Origin
Content-Type: image/jpeg
Access-Control-Allow-Origin: secure.palmcoastd.com
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Length: 4270
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK banner-2.jpeg
cms.pcdfusion.com/fusionimages/14701/images/ 61 KB
62 KB 1083ms
252ms Image
image/jpeg 12.202.245.53
INS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.pcdfusion.com/fusionimages/14701/images/banner-2.jpeg

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/CN/CNI/images/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

12.202.245.53 Ocilla, United States, ASN2386 (INS-AS, US),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

16769976e0077e876975aac0fb32e7313bd8b89cf2a6baf95257e036309dc23c

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 19:04:45 GMT
Strict-Transport-Security: max-age=16070400; includeSubdomains
X-Content-Type-Options: nosniff
Last-Modified: Fri, 23 Mar 2018 18:47:17 GMT
Server: Microsoft-IIS/8.5
ETag: "b944e25dd7c2d31:0"
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Vary: Origin
Content-Type: image/jpeg
Access-Control-Allow-Origin: secure.palmcoastd.com
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Length: 62804
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK logo.png
cms.pcdfusion.com/fusionimages/14701/images/ 27 KB
27 KB 1086ms
255ms Image
image/png 12.202.245.53
INS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.pcdfusion.com/fusionimages/14701/images/logo.png

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/CN/CNI/images/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

12.202.245.53 Ocilla, United States, ASN2386 (INS-AS, US),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

3e956047f4849876e95850a2d18e67ba7bcdedaf58831db2280b8a8d94a15402

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 19:04:45 GMT
Strict-Transport-Security: max-age=16070400; includeSubdomains
X-Content-Type-Options: nosniff
Last-Modified: Wed, 07 Feb 2018 21:56:02 GMT
Server: Microsoft-IIS/8.5
ETag: "188945725ea0d31:0"
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Vary: Origin
Content-Type: image/png
Access-Control-Allow-Origin: secure.palmcoastd.com
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Length: 27237
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK border2.png
cms.pcdfusion.com/fusionimages/14701/images/ 964 B
2 KB 961ms
128ms Image
image/png 12.202.245.53
INS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.pcdfusion.com/fusionimages/14701/images/border2.png

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/CN/CNI/images/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

12.202.245.53 Ocilla, United States, ASN2386 (INS-AS, US),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

6e4f78381608d10f7bcc38c930723d2241dd6644a75fa8f5e88d6ea3d9995ee0

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 19:04:45 GMT
Strict-Transport-Security: max-age=16070400; includeSubdomains
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Mar 2018 18:23:32 GMT
Server: Microsoft-IIS/8.5
ETag: "cffedae353bdd31:0"
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Vary: Origin
Content-Type: image/png
Access-Control-Allow-Origin: secure.palmcoastd.com
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Length: 964
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK footer-bg.jpg
cms.pcdfusion.com/fusionimages/14701/images/ 15 KB
16 KB 1087ms
259ms Image
image/jpeg 12.202.245.53
INS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.pcdfusion.com/fusionimages/14701/images/footer-bg.jpg

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/CN/CNI/images/main.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

12.202.245.53 Ocilla, United States, ASN2386 (INS-AS, US),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

bc1ece934b794f7a80cb967b4bd70a489c449f8d0b533c5457bbd868033515c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 19:04:45 GMT
Strict-Transport-Security: max-age=16070400; includeSubdomains
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Mar 2018 18:23:32 GMT
Server: Microsoft-IIS/8.5
ETag: "c1ea5e453bdd31:0"
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Vary: Origin
Content-Type: image/jpeg
Access-Control-Allow-Origin: secure.palmcoastd.com
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Length: 15635
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK conversen-SDK.js Show response
sts.eccmp.com/sts/scripts/ 15 KB
7 KB 409ms
98ms Script
application/javascript 63.148.46.76
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to

Full URL: https://sts.eccmp.com/sts/scripts/conversen-SDK.js
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/CN/CNI/2020_Outbound_Payment_LP_2.jsp?cds_page_id=252315&cds_mag_code=CNI&id=1682535859519&lsid=31161404194011247&vid=1&cds_fn=355498CNI2033H
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.148.46.76 Raeford, United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS: xts.eccmp.com
Software: /
Resource Hash: 735ace838c4f02a810a79d750fa248e3f70fa9483a4ede6f8f123bf6a314a4f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 19:04:22 GMT
Content-Encoding: gzip
Last-Modified: Fri, 14 Apr 2023 14:29:24 GMT
Server
Age: 2803
ETag: "0fa7982dd6ed91:0"
X-Powered-By
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 7051

GET
H2 200 index.html Show response
paymentcapture.resin.com/app/1.8.3/ Frame AA7B 505 B
490 B 154ms
153ms Document
text/html 151.101.0.155
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://paymentcapture.resin.com/app/1.8.3/index.html?config_id=8031035487140753&prod_id_alias=CNI&origin=https%3A%2F%2Fw1.buysub.com&identifier=9885d866-b672-461e-9b5b-7658beb7c19e&disable_alt_pay=false&disable_credit_card=true&can_pay_with_apple=false

Requested by

Host: paymentcapture.resin.com
URL: https://paymentcapture.resin.com/v1/payment-capture.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.155 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e95e5bc6a0c53da1728872cd0d1c9bbb1df30bad3fab0d93f9624dd0671e075f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://w1.buysub.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
content-encoding: gzip
content-length: 308
content-type: text/html
date: Wed, 26 Apr 2023 19:04:22 GMT
etag: "534232ef5edc90ce251f2d03703e18fc"
last-modified: Thu, 30 Mar 2023 11:26:46 GMT
strict-transport-security: max-age=31557600
vary: Accept-Encoding
x-amz-id-2: H2yjo/uDEa7C/jEIDfaLnnBe9g7JuerG2MhnCxf6B7gzFxmtpA2s1clfspij0Kd8MHqVRGHba2U=
x-amz-request-id: 3RJEJJZ12Y2CF32Y
x-amz-server-side-encryption: AES256
x-amz-version-id: null
x-cache: MISS, MISS

GET
H2 200 899.71dbfcdbac45616b9ede.bundle.js Show response
paymentcapture.resin.com/app/1.8.3/js/ Frame AA7B 391 KB
119 KB 14ms
13ms Script
text/javascript 151.101.0.155
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://paymentcapture.resin.com/app/1.8.3/js/899.71dbfcdbac45616b9ede.bundle.js

Requested by

Host: paymentcapture.resin.com
URL: https://paymentcapture.resin.com/app/1.8.3/index.html?config_id=8031035487140753&prod_id_alias=CNI&origin=https%3A%2F%2Fw1.buysub.com&identifier=9885d866-b672-461e-9b5b-7658beb7c19e&disable_alt_pay=false&disable_credit_card=true&can_pay_with_apple=false

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.155 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

92b6ea27195b9b50bcf023996c2ee234867856c55610a6e093b814d1699b2da9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paymentcapture.resin.com/app/1.8.3/index.html?config_id=8031035487140753&prod_id_alias=CNI&origin=https%3A%2F%2Fw1.buysub.com&identifier=9885d866-b672-461e-9b5b-7658beb7c19e&disable_alt_pay=false&disable_credit_card=true&can_pay_with_apple=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
date: Wed, 26 Apr 2023 19:04:22 GMT
last-modified: Thu, 30 Mar 2023 11:26:46 GMT
strict-transport-security: max-age=31557600
x-amz-request-id: HK1MTRENWVGH69CV
age: 3011
etag: "4b0fb9306267a42d06547df376bc7ca2"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: text/javascript
accept-ranges: bytes
content-length: 121894
x-amz-id-2: 2Lr4uO0HMLcWE+P9BLcGyMumq/9AYbErEghblt117EVyghW2Pi3PrW0ilAJni4NtVe331OspeJkAGWnh+GKPMVsIGILcin4nmxJiaOTvcV8=

GET
H2 200 app.82e421a2692781d1b024.bundle.js Show response
paymentcapture.resin.com/app/1.8.3/js/ Frame AA7B 145 KB
42 KB 35ms
34ms Script
text/javascript 151.101.0.155
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://paymentcapture.resin.com/app/1.8.3/js/app.82e421a2692781d1b024.bundle.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.155 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

94f200b2db98ab9b29b16d601d392d073148c96214f3fad34e120c89df4d51d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paymentcapture.resin.com/app/1.8.3/index.html?config_id=8031035487140753&prod_id_alias=CNI&origin=https%3A%2F%2Fw1.buysub.com&identifier=9885d866-b672-461e-9b5b-7658beb7c19e&disable_alt_pay=false&disable_credit_card=true&can_pay_with_apple=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
date: Wed, 26 Apr 2023 19:04:22 GMT
last-modified: Thu, 30 Mar 2023 11:26:46 GMT
strict-transport-security: max-age=31557600
x-amz-request-id: C8R1BWM17ZBFD08B
age: 3496
etag: "05995f625e3747be42958775f981fa9f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: text/javascript
accept-ranges: bytes
content-length: 42733
x-amz-id-2: 5iIZffRyWxXBGa6ZzLiX7qD0gAkecgIutk6Rp5tftByWH2ultPuapM1un+PhUwqO6fK7P9jrZBE=

GET
H2 200 vendor.040c9003eb678c0af023.bundle.js Show response
paymentcapture.resin.com/app/1.8.3/js/ Frame AA7B 126 KB
41 KB 30ms
30ms Script
text/javascript 151.101.0.155
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://paymentcapture.resin.com/app/1.8.3/js/vendor.040c9003eb678c0af023.bundle.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.155 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

eeba788f33c3a9aacd3ad0f77551c74069b1f4d802d05f581e66c80f2549d612

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paymentcapture.resin.com/app/1.8.3/index.html?config_id=8031035487140753&prod_id_alias=CNI&origin=https%3A%2F%2Fw1.buysub.com&identifier=9885d866-b672-461e-9b5b-7658beb7c19e&disable_alt_pay=false&disable_credit_card=true&can_pay_with_apple=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
date: Wed, 26 Apr 2023 19:04:22 GMT
last-modified: Thu, 30 Mar 2023 11:26:46 GMT
strict-transport-security: max-age=31557600
x-amz-request-id: HK1P2NTVRPBECC1G
age: 3535
etag: "3e3c38d078a78b65b68002aaba995925"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: text/javascript
accept-ranges: bytes
content-length: 42056
x-amz-id-2: YlWab5kR1KumdlvnMmAvdo7fPB0WXibGmGnAugO2GwARjLHlnvovdK8FjEWYRywoaqF89rV/knA=

OPTIONS
H2 200 pwconfig
payments-api.cloud.buysub.com/ Frame 0
0 322ms
284ms Preflight
application/json 18.66.147.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://payments-api.cloud.buysub.com/pwconfig
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-88.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key
Access-Control-Request-Method: POST
Origin: https://paymentcapture.resin.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://paymentcapture.resin.com
content-length: 1
content-type: application/json
date: Wed, 26 Apr 2023 19:04:22 GMT
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-apigw-id: D_9UmH0HIAMFlKA=
x-amz-cf-id: CfYimnReFN4DRECgZDR1dJsuyS2XU8kR0bHb9GYNGj036mcP9omO3Q==
x-amz-cf-pop: FRA60-P4
x-amzn-requestid: 055ba60d-bb23-4bb8-ba68-25a0734570b5
x-cache: Miss from cloudfront

POST
H2 200 pwconfig Show response
payments-api.cloud.buysub.com/ Frame AA7B 661 B
1 KB 328ms
328ms Fetch
application/json 18.66.147.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments-api.cloud.buysub.com/pwconfig

Requested by

Host: paymentcapture.resin.com
URL: https://paymentcapture.resin.com/app/1.8.3/js/899.71dbfcdbac45616b9ede.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.88 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-88.fra60.r.cloudfront.net

Software

Resource Hash

8c3933dd2b3d1d5d5c21afdea9f0cbf7f059d5449e349e8fca530f29ed5db82c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

Referer: https://paymentcapture.resin.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
X-Api-Key: BqrybIofE34HlwAj1JsRJ5zKdMVp7NSK44ReAhJU
Content-Type: application/json

Response headers

date: Wed, 26 Apr 2023 19:04:23 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amzn-requestid: 4776b7ce-9e36-4e5e-bbc5-90e859d1b986
x-amzn-trace-id: Root=1-644975b7-3758b9d5253b154d768680db;Sampled=0;lineage=8f4e5278:0
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: must-revalidate
x-amz-apigw-id: D_9UpGMtIAMFjKg=
content-length: 661
x-amz-cf-id: idBsetXvB5HnQNPBGMf5QTmLyCvasBrDr46Fk4anka0r7J4V6YG8vQ==

GET
H/1.1 200
OK 1162 Show response
sts.eccmp.com/wts/WebEvent/GetCookieExpiry/ 35 B
426 B 397ms
102ms XHR
text/xml 63.148.46.76
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to

Full URL: https://sts.eccmp.com/wts/WebEvent/GetCookieExpiry/1162
Requested by: Host: sts.eccmp.com
URL: https://sts.eccmp.com/sts/scripts/conversen-SDK.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.148.46.76 Raeford, United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS: xts.eccmp.com
Software: /
Resource Hash: 61339a21fa71d17d0dfebceba08dc76ce605e73f65a88438397483478d953aae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Wed, 26 Apr 2023 19:04:22 GMT
X-AspNetMvc-Version: 3.0
Server
X-Powered-By
Vary: Accept-Encoding
Content-Type: text/xml; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Length: 35

GET
H2 200 checkout.js Show response
www.paypalobjects.com/api/ Frame AA7B 1 MB
235 KB 65ms
12ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/api/checkout.js

Requested by

Host: paymentcapture.resin.com
URL: https://paymentcapture.resin.com/app/1.8.3/js/app.82e421a2692781d1b024.bundle.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48AD) /

Resource Hash

507b7a3d5ee5da4ca209424709b37980ea825978862a8913d048e8d6e652777d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paymentcapture.resin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 19:04:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 42089ffb7f84c
dc: ccg11-origin-www-1.paypal.com
content-length: 239948
last-modified: Mon, 25 Apr 2022 17:04:48 GMT
server: ECAcc (ama/48AD)
traceparent: 00-000000000000000000042089ffb7f84c-7033467d2a1c5193-01
etag: W/"6266d4b0-16d23e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers: x-csrf-token
expires: Thu, 27 Apr 2023 19:04:23 GMT

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ Frame AA7B 12 KB
5 KB 94ms
29ms Script
application/x-javascript 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=paymentcapture.resin.com&source=checkoutjs&t=xo&v=4.0.336

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-MBE8xgYmVxuJ98Vv8zLHIYc54lISj7G9j/v2gbSjzL9Rw7cL' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paymentcapture.resin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-MBE8xgYmVxuJ98Vv8zLHIYc54lISj7G9j/v2gbSjzL9Rw7cL' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 26 Apr 2023 19:04:23 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 2120
x-cache: HIT, HIT
paypal-debug-id: f3598419ca85c
server-timing: "traceparent;desc="00-0000000000000000000f3598419ca85c-43e7db1d73a2e5af-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 4299
x-xss-protection: 1; mode=block
x-served-by: cache-hhn-etou8220071-HHN, cache-fra-eddf8230133-FRA
traceparent: 00-0000000000000000000f3598419ca85c-ed954b14ed3068d2-01
x-timer: S1682535863.408197,VS0,VE3
etag: W/"2f34-zQQ0FVqIlbkbuS4WgpPW/nUPXC4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600
accept-ranges: bytes
x-cache-hits: 1669, 1

GET
H2 200 button Show response
www.paypal.com/smart/ Frame 6DB2 61 KB
14 KB 310ms
306ms Document
text/html 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/smart/button?env=production&style.size=responsive&style.color=gold&style.shape=rect&style.label=paypal&style.tagline=false&style.width=100%25&style.height=48&funding.disallowed=credit%2Cvenmo&locale.x=en_US&domain=paymentcapture.resin.com&sessionID=uid_f55aa97819_mtk6mdq6mjm&buttonSessionID=uid_943d67fcd6_mtk6mdq6mjm&renderedButtons=paypal&storageID=uid_934ae224bf_mtk6mdq6mjm&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQuanMifQ&uid=74ecdbe5c2&version=4&xcomponent=1

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

493a40b18a7e259e329bd6ca42c9d529f13a72e402e78237a6a9d6fb4631ffb2

Security Headers

Name	Value
Content-Security-Policy	form-action 'self' https://.paypal.com https://.cardinalcommerce.com; default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com: https://.paypalobjects.com https://.googleapis.com https://.firebaseio.com wss://.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://.qualtrics.com; frame-src 'self' https://.paypal.com:* https://.paypalobjects.com https://.cardinalcommerce.com https://.firebaseapp.com https://.qualtrics.com; script-src 'self' https://.paypal.com: https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://.paypal.com:* https://.paypalobjects.com 'unsafe-inline'; font-src 'self' https://.paypal.com https://.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://paymentcapture.resin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Full
accept-ranges: bytes
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
date: Wed, 26 Apr 2023 19:04:23 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
p3p: true
paypal-debug-id: f980018bc7137
server-timing: "traceparent;desc="00-0000000000000000000f980018bc7137-25a2a2afebe2fde0-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f980018bc7137-e7864cd30b3e0b5e-01
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-served-by: cache-fra-eddf8230133-FRA
x-timer: S1682535863.406679,VS0,VE282
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame B1D7 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: adf9b3c556710fac2e0f2ecf748a1f82afd023d7957336ef228db33f1deb83d3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B1D7 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb91dfcb049d42c6a9b5b9798498ced5f618b7a5838c15468da7fe38745d4378

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 / Show response
o31459.ingest.sentry.io/api/6235756/envelope/ Frame AA7B 41 B
341 B 56ms
9ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o31459.ingest.sentry.io/api/6235756/envelope/?sentry_key=c6c4cf0122c1468fb6e11ca4d572f374&sentry_version=7

Requested by

Host: paymentcapture.resin.com
URL: https://paymentcapture.resin.com/app/1.8.3/js/899.71dbfcdbac45616b9ede.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

95b4a5135d997ecfa2adbfbc7faf74847b19cf9ed6fa9e9ec8ff7e331a6abae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://paymentcapture.resin.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 26 Apr 2023 19:04:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 882ms
867ms Preflight 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-app-name,x-requested-with
Access-Control-Request-Method: POST
Origin: https://paymentcapture.resin.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Full
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,x-app-name,x-requested-with
access-control-allow-methods: POST
access-control-allow-origin: https://paymentcapture.resin.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Wed, 26 Apr 2023 19:04:24 GMT
dc: ccg11-origin-www-1.paypal.com
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f9800180734e8
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f9800180734e8-913e13085ba0bf74-01
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-served-by: cache-fra-eddf8230033-FRA
x-timer: S1682535863.474273,VS0,VE860

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame AA7B 1004 B
2 KB 329ms
328ms XHR
application/json 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: paymentcapture.resin.com
URL: https://paymentcapture.resin.com/app/1.8.3/js/899.71dbfcdbac45616b9ede.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0eb31279e561c68ccb9fa61598c95e92cfb5b09acb465ad9e817778617e03673

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

x-app-name: checkoutjs
Referer: https://paymentcapture.resin.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-type: application/json

Response headers

date: Wed, 26 Apr 2023 19:04:24 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS
paypal-debug-id: f365719034ffc
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-fra-eddf8230033-FRA
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f365719034ffc-9c0c0e672acb430c-01
x-timer: S1682535864.349724,VS0,VE314
etag: W/"3ec-8JkB68ua9x0RPibNB8h/vRIpnnc"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paymentcapture.resin.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: none
x-cache-hits: 0

GET
H2 200 ts
t.paypal.com/ Frame AA7B 42 B
789 B 284ms
211ms Image
image/gif 151.101.193.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Ageneric%3Aanalytics%3A%3Amerchant&page=muse%3Ageneric%3Aanalytics%3A%3Amerchant%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&fltp=analytics-generic&pt=Payment%20Information&dh=1200&dw=1600&bh=80&bw=527&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1682535863465&g=0&completeurl=https%3A%2F%2Fpaymentcapture.resin.com%2Fapp%2F1.8.3%2Findex.html%3Fconfig_id%3D8031035487140753%26prod_id_alias%3DCNI%26origin%3Dhttps%253A%252F%252Fw1.buysub.com%26identifier%3D9885d866-b672-461e-9b5b-7658beb7c19e%26disable_alt_pay%3Dfalse%26disable_credit_card%3Dtrue%26can_pay_with_apple%3Dfalse&sinfo=%7B%22partners%22%3A%7B%22ecwid%22%3A%7B%7D%2C%22bigCommerce%22%3A%7B%7D%2C%22shopify%22%3A%7B%7D%2C%22wix%22%3A%7B%7D%2C%22bigCartel%22%3A%7B%7D%7D%7D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paymentcapture.resin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 26 Apr 2023 19:04:23 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 604853c8a18ca
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-fra-eddf8230023-FRA
pragma: no-cache
correlation-id: 604853c8a18ca
traceparent: 00-0000000000000000000604853c8a18ca-77d05d09896d8b59-01
x-timer: S1682535864.544410,VS0,VE195
content-type: image/gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 19:04:23 GMT

POST
H2 200 / Show response
o31459.ingest.sentry.io/api/6235756/envelope/ Frame AA7B 41 B
107 B 10ms
9ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o31459.ingest.sentry.io/api/6235756/envelope/?sentry_key=c6c4cf0122c1468fb6e11ca4d572f374&sentry_version=7

Requested by

Host: paymentcapture.resin.com
URL: https://paymentcapture.resin.com/app/1.8.3/js/899.71dbfcdbac45616b9ede.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

6e5e9ab8b0549063067aefe3b1d9b9b0c703c8ccfe414a128ed59f5a186c190d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://paymentcapture.resin.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 26 Apr 2023 19:04:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41

GET
H2 200 checkout.js Show response
www.paypalobjects.com/api/ Frame 6DB2 1 MB
235 KB 13ms
12ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/api/checkout.js

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/smart/button?env=production&style.size=responsive&style.color=gold&style.shape=rect&style.label=paypal&style.tagline=false&style.width=100%25&style.height=48&funding.disallowed=credit%2Cvenmo&locale.x=en_US&domain=paymentcapture.resin.com&sessionID=uid_f55aa97819_mtk6mdq6mjm&buttonSessionID=uid_943d67fcd6_mtk6mdq6mjm&renderedButtons=paypal&storageID=uid_934ae224bf_mtk6mdq6mjm&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQuanMifQ&uid=74ecdbe5c2&version=4&xcomponent=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48AD) /

Resource Hash

507b7a3d5ee5da4ca209424709b37980ea825978862a8913d048e8d6e652777d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 19:04:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 42089ffb7f84c
dc: ccg11-origin-www-1.paypal.com
content-length: 239948
last-modified: Mon, 25 Apr 2022 17:04:48 GMT
server: ECAcc (ama/48AD)
traceparent: 00-000000000000000000042089ffb7f84c-7033467d2a1c5193-01
etag: W/"6266d4b0-16d23e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers: x-csrf-token
expires: Thu, 27 Apr 2023 19:04:23 GMT

GET
H2 200 button.js Show response
www.paypalobjects.com/api/xo/ Frame 6DB2 446 KB
77 KB 15ms
15ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/api/xo/button.js?date=2023-3-26

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48DF) /

Resource Hash

d423b2b316d239308fcb45a1cbf9e68b6436767c2c4f6b4f2fbeb8190fb79f0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 19:04:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 8b8f43c8dd757
dc: ccg11-origin-www-1.paypal.com
content-length: 78632
last-modified: Tue, 28 Mar 2023 15:15:01 GMT
server: ECAcc (ama/48DF)
traceparent: 00-00000000000000000008b8f43c8dd757-6383da29e01cccd8-01
etag: W/"64230475-6f8fe"
vary: Accept-Encoding
content-type: application/javascript
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Thu, 27 Apr 2023 19:04:23 GMT

GET
DATA 200
OK truncated
/ Frame 6DB2 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: adf9b3c556710fac2e0f2ecf748a1f82afd023d7957336ef228db33f1deb83d3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 6DB2 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb91dfcb049d42c6a9b5b9798498ced5f618b7a5838c15468da7fe38745d4378

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 graphql Show response
www.paypal.com/ Frame 6DB2 2 KB
3 KB 270ms
269ms XHR
application/json 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/graphql?GetNativeEligibility

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/xo/button.js?date=2023-3-26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6cca18b925ecaeea906476d0a7eadaafa6a426f4e959e1612bc60094cd9c3867

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-xnQ2Jeaa94t2rd1a80HrzFBTam9H6qhG17YGws25EBe/00Xu' 'self' 'unsafe-inline' 'unsafe-eval' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data: https://c.paypal.com; object-src 'none'; font-src 'self' https://.paypal.com https://.paypalobjects.com; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; base-uri 'self' https://.paypal.com; form-action 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

x-app-name: smart-payment-buttons
accept: application/json
Referer: https://www.paypal.com/smart/button?env=production&style.size=responsive&style.color=gold&style.shape=rect&style.label=paypal&style.tagline=false&style.width=100%25&style.height=48&funding.disallowed=credit%2Cvenmo&locale.x=en_US&domain=paymentcapture.resin.com&sessionID=uid_f55aa97819_mtk6mdq6mjm&buttonSessionID=uid_943d67fcd6_mtk6mdq6mjm&renderedButtons=paypal&storageID=uid_934ae224bf_mtk6mdq6mjm&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQuanMifQ&uid=74ecdbe5c2&version=4&xcomponent=1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-xnQ2Jeaa94t2rd1a80HrzFBTam9H6qhG17YGws25EBe/00Xu' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data: https://c.paypal.com; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
date: Wed, 26 Apr 2023 19:04:24 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
via: 1.1 varnish
content-encoding: br
x-cache: MISS
paypal-debug-id: f365719bb4b9d
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-fra-eddf8230133-FRA
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f365719bb4b9d-b6e57f58f60bfc93-01
x-timer: S1682535864.859086,VS0,VE260
etag: W/"66c-ZcIj6mS2JOqxpqVtIcGqIYDB05w"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: none
x-cache-hits: 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame 6DB2 1002 B
2 KB 215ms
214ms XHR
application/json 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9c497c96799f92ef44206b467cde2dee0931749652d2491f542e828348b9eeb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

x-app-name: checkoutjs
Referer: https://www.paypal.com/smart/button?env=production&style.size=responsive&style.color=gold&style.shape=rect&style.label=paypal&style.tagline=false&style.width=100%25&style.height=48&funding.disallowed=credit%2Cvenmo&locale.x=en_US&domain=paymentcapture.resin.com&sessionID=uid_f55aa97819_mtk6mdq6mjm&buttonSessionID=uid_943d67fcd6_mtk6mdq6mjm&renderedButtons=paypal&storageID=uid_934ae224bf_mtk6mdq6mjm&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQuanMifQ&uid=74ecdbe5c2&version=4&xcomponent=1
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-type: application/json

Response headers

date: Wed, 26 Apr 2023 19:04:24 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS
paypal-debug-id: f36571909267d
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-fra-eddf8230133-FRA
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f36571909267d-18ea91558f918052-01
x-timer: S1682535864.866676,VS0,VE195
etag: W/"3ea-1b88rI5rPDHklK9blrvekT9V8ss"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: none
x-cache-hits: 0

GET
H2 200 funding Show response
www.paypal.com/smart/api/button/ Frame 6DB2 574 B
2 KB 233ms
233ms XHR
application/json 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/smart/api/button/funding?buttonLabel=paypal&buttonSessionID=uid_943d67fcd6_mtk6mdq6mjm&country=US&disallowed=credit%2Cvenmo&domain=paymentcapture.resin.com&lang=en&renderedButtons=paypal

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/xo/button.js?date=2023-3-26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2fdd0fff5e6d67b399dfefb7a2fd9a76bc6343a0ca7183b3ea3365f80941e6c0

Security Headers

Name	Value
Content-Security-Policy	form-action 'self' https://.paypal.com https://.cardinalcommerce.com; default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com: https://.paypalobjects.com https://.googleapis.com https://.firebaseio.com wss://.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://.qualtrics.com; frame-src 'self' https://.paypal.com:* https://.paypalobjects.com https://.cardinalcommerce.com https://.firebaseapp.com https://.qualtrics.com; script-src 'self' https://.paypal.com: https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://.paypal.com:* https://.paypalobjects.com 'unsafe-inline'; font-src 'self' https://.paypal.com https://.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
x-requested-by: smart-payment-buttons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
x-csrf-jwt: __blank__
Accept: application/json
Referer: https://www.paypal.com/smart/button?env=production&style.size=responsive&style.color=gold&style.shape=rect&style.label=paypal&style.tagline=false&style.width=100%25&style.height=48&funding.disallowed=credit%2Cvenmo&locale.x=en_US&domain=paymentcapture.resin.com&sessionID=uid_f55aa97819_mtk6mdq6mjm&buttonSessionID=uid_943d67fcd6_mtk6mdq6mjm&renderedButtons=paypal&storageID=uid_934ae224bf_mtk6mdq6mjm&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQuanMifQ&uid=74ecdbe5c2&version=4&xcomponent=1
X-Requested-With: XMLHttpRequest
x-cookies: {}

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
date: Wed, 26 Apr 2023 19:04:24 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
via: 1.1 varnish
content-encoding: br
x-cache: MISS
p3p: true
paypal-debug-id: f3657196827f2
server-timing: "traceparent;desc="00-0000000000000000000f3657196827f2-0e8ee6a21940984b-01"";content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-fra-eddf8230133-FRA
pragma: no-cache
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f3657196827f2-49f7be55449dcdca-01
x-timer: S1682535864.930851,VS0,VE225
etag: W/"23e-6jOKkvCOHC1Lca9YZA1tQsGrmgc"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-csrf-jwt: __blank__
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: none
x-cache-hits: 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame 6DB2 1013 B
2 KB 235ms
234ms XHR
application/json 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4747da34631499e8cc15ed115ee67250bb8b8eb0d726ce45be3795fbd43b0613

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

x-app-name: checkoutjs
Referer: https://www.paypal.com/smart/button?env=production&style.size=responsive&style.color=gold&style.shape=rect&style.label=paypal&style.tagline=false&style.width=100%25&style.height=48&funding.disallowed=credit%2Cvenmo&locale.x=en_US&domain=paymentcapture.resin.com&sessionID=uid_f55aa97819_mtk6mdq6mjm&buttonSessionID=uid_943d67fcd6_mtk6mdq6mjm&renderedButtons=paypal&storageID=uid_934ae224bf_mtk6mdq6mjm&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQuanMifQ&uid=74ecdbe5c2&version=4&xcomponent=1
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-type: application/json

Response headers

date: Wed, 26 Apr 2023 19:04:24 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS
paypal-debug-id: f3657199b9c12
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-fra-eddf8230133-FRA
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f3657199b9c12-8b23cf3e41ffea2e-01
x-timer: S1682535864.955041,VS0,VE215
etag: W/"3f5-4wrVMR2Au9rJpqzlQnlZ1KSqn44"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: none
x-cache-hits: 0

POST
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 6DB2 1022 B
1 KB 205ms
204ms Ping
application/json 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/xo/button.js?date=2023-3-26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1e8f5f072e405db4769e5b64f7d99389b89192f7cf5cdc9bcf18126ee313cd6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypal.com/smart/button?env=production&style.size=responsive&style.color=gold&style.shape=rect&style.label=paypal&style.tagline=false&style.width=100%25&style.height=48&funding.disallowed=credit%2Cvenmo&locale.x=en_US&domain=paymentcapture.resin.com&sessionID=uid_f55aa97819_mtk6mdq6mjm&buttonSessionID=uid_943d67fcd6_mtk6mdq6mjm&renderedButtons=paypal&storageID=uid_934ae224bf_mtk6mdq6mjm&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQuanMifQ&uid=74ecdbe5c2&version=4&xcomponent=1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 26 Apr 2023 19:04:24 GMT
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cache: MISS
paypal-debug-id: f36571902ed66
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-fra-eddf8230133-FRA
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f36571902ed66-4359685fcab1f063-01
x-timer: S1682535864.984742,VS0,VE196
etag: W/"3fe-WTi0nLCb/F2ykm4tVKY/lAW99F4"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: none
x-cache-hits: 0

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
l.orders.buysub.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: 12htmofeakkw0aiuef4dkrdr
l.orders.buysub.com/	1969-12-31 23:59:59	Name: BIGipServercnv_ats_ssl_pool Value: !QQYaj1HZrB5mTBaq0v/hGslLrah/SzkGXtNYRJSYEVg2wGgqZ6oW2E5tfiE1FJXFd/f5/ZbclezAgW8=
w1.buysub.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 0000UyCWDSLWtVQblhQ7zZspwJv:1dgnqdgcu
.w1.buysub.com/	1969-12-31 23:59:59	Name: TS011e85fb Value: 01c449994bc3aaa9563047936810136e5ef5cf8bf021c4390896b3c7bab4d6ee43d2f08e37049f211dc86d061efbad1968ef9435f1185c7886fabdbb4f674aab12b1c15899
.buysub.com/	1970-01-20 11:32:20	Name: xyz_cr_1162_et_100 Value: =&cr=1162&wegc=&et=100&ap=
.paypal.com/	1970-01-20 11:22:17	Name: l7_az Value: dcg14.slc
.paypal.com/	1970-01-20 20:58:15	Name: ts_c Value: vr%3Dbef3d55b1870aa5db0e2223affeb3114%26vt%3Dbef3d55b1870aa5db0e2223affeb3113
.paypal.com/	1970-01-20 20:07:51	Name: enforce_policy Value: gdpr_v2.1
.paypal.com/	1970-01-20 11:22:47	Name: LANG Value: de_DE%3BDE
www.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3AUU56D_4c9PJr7n2mmAM4BJg7G1YSdE2W.Q6ZO63nn7MiMsyvUjcFLR9eYaJVoIvWZlnMrm1XBkz8
.paypal.com/	1970-01-20 20:58:15	Name: ts Value: vreXpYrS%3D1777230264%26vteXpYrS%3D1682537664%26vr%3Dbef3d55b1870aa5db0e2223affeb3114%26vt%3Dbef3d55b1870aa5db0e2223affeb3113%26vtyp%3D
.paypal.com/	1970-01-20 11:26:35	Name: tsrce Value: loggernodeweb
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTY4MjUzNTg2NDEwMiIsImwiOiIwIiwibSI6IjAifQ

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'none' ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode = block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cms.pcdfusion.com
l.orders.buysub.com
o31459.ingest.sentry.io
paymentcapture.resin.com
payments-api.cloud.buysub.com
sts.eccmp.com
t.paypal.com
w1.buysub.com
www.paypal.com
www.paypalobjects.com
12.202.245.53
151.101.0.155
151.101.193.21
151.101.193.35
173.213.4.176
18.66.147.88
192.229.221.25
198.176.166.187
2a00:1450:4001:810::200a
34.120.195.249
63.148.46.76
0eb31279e561c68ccb9fa61598c95e92cfb5b09acb465ad9e817778617e03673
16769976e0077e876975aac0fb32e7313bd8b89cf2a6baf95257e036309dc23c
1c210faac51027b3e83c2c5f630970c3f3e6e8eecf28dc4ccaf7834512faab86
1e8f5f072e405db4769e5b64f7d99389b89192f7cf5cdc9bcf18126ee313cd6c
25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655
25ab6d2a9dbc06a49e1de9f6ae9d09cac86ea407791e294ca3b1daccd7d0c5ce
262f18f0fde1ffb3bbcb2dae703b9e5092b731a8b63aac9cc9035c48d00d86ad
2fdd0fff5e6d67b399dfefb7a2fd9a76bc6343a0ca7183b3ea3365f80941e6c0
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
36d7f0123c038ec70df7742e88310626b9d3ad5eb03c7abd71902bb1ab55eb61
3e956047f4849876e95850a2d18e67ba7bcdedaf58831db2280b8a8d94a15402
4747da34631499e8cc15ed115ee67250bb8b8eb0d726ce45be3795fbd43b0613
493a40b18a7e259e329bd6ca42c9d529f13a72e402e78237a6a9d6fb4631ffb2
4ac8a276f6440e3269e7b0c9bd1b8d04495ddf4e2b671b2002e13e82010413fe
4d779e77e8c2519999a70ca39e6be25162f9eba61f1b1ebca3201489274f14cc
507b7a3d5ee5da4ca209424709b37980ea825978862a8913d048e8d6e652777d
61339a21fa71d17d0dfebceba08dc76ce605e73f65a88438397483478d953aae
6142bdf9dd50c0e5f6211e25bc2516417493c6e5a7ac68ae25aad61c98512202
6cca18b925ecaeea906476d0a7eadaafa6a426f4e959e1612bc60094cd9c3867
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e4f78381608d10f7bcc38c930723d2241dd6644a75fa8f5e88d6ea3d9995ee0
6e5e9ab8b0549063067aefe3b1d9b9b0c703c8ccfe414a128ed59f5a186c190d
735ace838c4f02a810a79d750fa248e3f70fa9483a4ede6f8f123bf6a314a4f3
89d32fc2eb9e82abdba4f1ba2b4c80e7f77b1d320a5ad64a89d3cf3e6f62dbdf
8c3933dd2b3d1d5d5c21afdea9f0cbf7f059d5449e349e8fca530f29ed5db82c
8ef839f8bbae3ec2eae45b64cfea3fa81ef731ff9e56e7486cdadd4cfcf6cfd8
92b6ea27195b9b50bcf023996c2ee234867856c55610a6e093b814d1699b2da9
94f200b2db98ab9b29b16d601d392d073148c96214f3fad34e120c89df4d51d7
95b4a5135d997ecfa2adbfbc7faf74847b19cf9ed6fa9e9ec8ff7e331a6abae8
9c497c96799f92ef44206b467cde2dee0931749652d2491f542e828348b9eeb3
adf9b3c556710fac2e0f2ecf748a1f82afd023d7957336ef228db33f1deb83d3
bc1ece934b794f7a80cb967b4bd70a489c449f8d0b533c5457bbd868033515c8
d20270f83013b136fbb1cd537d1bb55ad642a80e931a5cba29ff56f51035442f
d423b2b316d239308fcb45a1cbf9e68b6436767c2c4f6b4f2fbeb8190fb79f0a
e36e6930d06e80858ee37aa3fb7ac268d3f989d1ed5c6b3b9243492fe5cc2c03
e95e5bc6a0c53da1728872cd0d1c9bbb1df30bad3fab0d93f9624dd0671e075f
eeba788f33c3a9aacd3ad0f77551c74069b1f4d802d05f581e66c80f2549d612
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fb91dfcb049d42c6a9b5b9798498ced5f618b7a5838c15468da7fe38745d4378

w1.buysub.com Open in urlscan Pro 198.176.166.187 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

40 Requests

98 %HTTPS

9 %IPv6

8 Domains

11 Subdomains

11 IPs

2 Countries

1095 kBTransfer

4778 kBSize

13 Cookies

1 Outgoing links

Page URL History

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

w1.buysub.com Open in urlscan Pro
198.176.166.187 Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

98 %
HTTPS

9 %
IPv6

8
Domains

11
Subdomains

11
IPs

2
Countries

1095 kB
Transfer

4778 kB
Size

13
Cookies

40 HTTP transactions
4 data transactions