urlscan.io logo urlscan.io
SecurityTrails logo

www.paypal.com Open in urlscan Pro
151.101.129.21  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Effective URL: https://www.paypal.com/webapps/xoonboarding/error
Submission Tags: phishing malicious Search All
Submission: On November 11 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 35 HTTP transactions. The main IP is 151.101.129.21, located in United States and belongs to FASTLY, US. The main domain is www.paypal.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on November 2nd 2021. Valid for: 4 months.
This is the only time www.paypal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

7    2a02:6b8::1:193 (Moscow, Russian Federation)

ASN208722 (YNDX, FI)
z5h64q92x9.net
6    2a02:6b8:20::215 (Moscow, Russian Federation)

ASN208722 (YNDX, FI)
yastatic.net
5    151.101.130.133 (United States)

ASN54113 (FASTLY, US)
www.paypalobjects.com
6    151.101.129.21 (United States)

ASN54113 (FASTLY, US)
www.paypal.com
4    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.recaptcha.net
3    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Domain Requested by
7 z5h64q92x9.net z5h64q92x9.net
6 www.paypal.com z5h64q92x9.net
www.paypal.com
www.paypalobjects.com
6 yastatic.net z5h64q92x9.net
5 www.paypalobjects.com z5h64q92x9.net
www.paypalobjects.com
www.paypal.com
4 www.recaptcha.net www.paypalobjects.com
www.gstatic.com
3 www.gstatic.com www.recaptcha.net
35 6

This site contains links to these domains. Also see Links.

Domain
cms.paypal.com
Subject Issuer Validity Valid
z5h64q92x9.net
Yandex CA		 2021-10-30 -
2022-04-30		 6 months crt.sh
*.yastatic.net
Yandex CA		 2021-08-18 -
2022-02-16		 6 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2021-11-02 -
2022-03-15		 4 months crt.sh
misc.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.paypal.com/webapps/xoonboarding/error
Frame ID: F3642EC82F613A6F46DF7F9A39F2D28C
Requests: 24 HTTP requests in this frame

Frame: https://www.paypalobjects.com/web/res/8a3/386e0d80d4456a1a0ce65cfae3f18/recaptcha/grcenterprise_v3.html
Frame ID: C27CFBE92F15939411A9970E400BE980
Requests: 3 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=de&v=kcXVPRWG7fMILHmzon0--fD3&size=invisible&cb=9q36t7i6ygps
Frame ID: 198502C203537FEE7D787FD74DA85707
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PayPal Checkout - Erneut versuchen

Page URL History Show full URLs

  1. https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.co... Page URL
  2. https://www.paypal.com/webapps/xoonboarding/error Page URL

Page Statistics

35
Requests

89 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

7
IPs

3
Countries

4117 kB
Transfer

4946 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding Page URL
  2. https://www.paypal.com/webapps/xoonboarding/error Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
xoonboarding
z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/ 		57 KB
57 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::1:193 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
1c75b7ded9e28e2772d75120e1a5bce46f9ccacbe1a953b12e5f179dba6688e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-length
58106
etag
"2a32660de815d6c40b86a59d46845d4f2ccda5f0"
content-type
text/html; charset=utf-8
date
Thu, 11 Nov 2021 02:19:09 GMT
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000
cache-control
max-age=120
tr_page_popup.css
yastatic.net/s3/translate/v21.23.1/dist/styles/misc/ 		5 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/s3/translate/v21.23.1/dist/styles/misc/tr_page_popup.css
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
28f539dd6ddbe639249b7042540db6ec39a08f5e4313e5cc17a54e2f26f5dad9
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:10 GMT
content-encoding
br
last-modified
Wed, 10 Nov 2021 14:28:21 GMT
server
nginx/1.17.9
etag
W/"71936a2c04059ab288ea27b870fdf6b9"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/css
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 08:07:01 GMT
cache-control
public, max-age=31556952
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
x-nginx-request-id
0d0fa8abf9b426f0
tr_page_stripe.css
yastatic.net/s3/translate/v21.23.1/dist/styles/misc/ 		24 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/s3/translate/v21.23.1/dist/styles/misc/tr_page_stripe.css
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
6dc3089a1f65f1b998e1f4820404600954c93c620eb71f3cfcce27d43451353c
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:10 GMT
content-encoding
br
last-modified
Wed, 10 Nov 2021 14:28:21 GMT
server
nginx/1.17.9
etag
W/"8fbeee24ed6e8ad22c4d97d5d6a0baa7"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
text/css
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 08:07:01 GMT
cache-control
public, max-age=31556952
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
x-nginx-request-id
c0231a8279f5b1ba
tr_page.js
yastatic.net/s3/translate/v21.23.1/dist/scripts/addons/ 		116 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/s3/translate/v21.23.1/dist/scripts/addons/tr_page.js
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
80ffb277e6c57b13d31bce48f4db644aaf46952804f731b960b6ffe0af112aa3
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:10 GMT
content-encoding
br
last-modified
Wed, 10 Nov 2021 14:28:19 GMT
server
nginx/1.17.9
etag
W/"fe8cb707e6bf7cda9ee930cb912f2761"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 08:06:30 GMT
cache-control
public, max-age=31556952
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
x-nginx-request-id
437410ce2236c018
tr_page_popup.js
yastatic.net/s3/translate/v21.23.1/dist/scripts/addons/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/s3/translate/v21.23.1/dist/scripts/addons/tr_page_popup.js
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
3cb22a4d2796dbb478e42f6bc33b4cd55394817fc2aaee4f64e66846b5d9ccb1
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:10 GMT
content-encoding
br
last-modified
Wed, 10 Nov 2021 14:28:19 GMT
server
nginx/1.17.9
etag
W/"e3741e583ebdec91b2579b8b5cbffa81"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 08:07:01 GMT
cache-control
public, max-age=31556952
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
x-nginx-request-id
ddd95fac859a5d95
tr_page_worker.js
yastatic.net/s3/translate/v21.23.1/dist/scripts/addons/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/s3/translate/v21.23.1/dist/scripts/addons/tr_page_worker.js
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
6d407ddc4b8a8ee27aa947c4ccc1a3fea37795c587d44fa40dba6fd24cbcc5b1
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:10 GMT
content-encoding
br
last-modified
Wed, 10 Nov 2021 14:28:19 GMT
server
nginx/1.17.9
etag
W/"5bc49a17da69da95af4cad4adfc0025d"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 08:07:01 GMT
cache-control
public, max-age=31556952
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
x-nginx-request-id
f17e31a6c728ee54
ngrlCaptcha.min.js
z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypalobjects.com/webcaptcha/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::1:193 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
3ba795672c78c8f0f52ecd5d1a0a317d1e5c059509a6bead9d26b46fc831d83b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:10 GMT
cache-control
max-age=120
referrer-policy
no-referrer-when-downgrade
etag
"4155d08be64bead82132514e37c4a35407f46fbf"
content-length
21544
strict-transport-security
max-age=31536000
content-type
application/javascript
styles.css
www.paypalobjects.com/web/res/b9e/f85324bcda386e89b793df5f75d09/css/ 		267 KB
42 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/b9e/f85324bcda386e89b793df5f75d09/css/styles.css
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1e70fbdfe36f8800804d2e25c30581168295cd8024c9c35c8ab14e60b15243af
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
paypal-debug-id
990901abe4f9e
x-cache-hits
1, 1
dc
phx-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
43016
via
1.1 varnish, 1.1 varnish
x-served-by
cache-sjc10020-SJC, cache-fra19172-FRA
last-modified
Sat, 11 Sep 2021 00:00:30 GMT
x-timer
S1636597151.937798,VS0,VE1
etag
W/"613bf19e-42cfc"
strict-transport-security
max-age=31557600
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
expires
Fri, 23 Sep 2022 01:32:50 GMT
framework.js
z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypalobjects.com/web/res/b9e/f85324bcda386e89b793df5f75d09/js/ 		816 KB
817 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypalobjects.com/web/res/b9e/f85324bcda386e89b793df5f75d09/js/framework.js
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::1:193 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
8d48f8f12aaed3e1ddd37cc8e5b2effe3edbd71b5b510eba6993851fd287589b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Origin
https://z5h64q92x9.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:10 GMT
cache-control
max-age=120
referrer-policy
no-referrer-when-downgrade
etag
"543014ca3273c679b7f6630c5d35ccc4f90b1817"
content-length
835133
strict-transport-security
max-age=31536000
content-type
application/javascript
config.js
z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypalobjects.com/web/res/b9e/f85324bcda386e89b793df5f75d09/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypalobjects.com/web/res/b9e/f85324bcda386e89b793df5f75d09/js/config.js
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::1:193 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-length
19
main.js
z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypalobjects.com/web/res/b9e/f85324bcda386e89b793df5f75d09/js/ 		3 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypalobjects.com/web/res/b9e/f85324bcda386e89b793df5f75d09/js/main.js
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::1:193 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
0ce410988947296348f06c7f739a2dfd7c6112347b261224ba66e164d173a110
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Origin
https://z5h64q92x9.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:10 GMT
cache-control
max-age=120
referrer-policy
no-referrer-when-downgrade
etag
"a350ec82184dceb4cd4b1d2ee54dc0251fc3b64b"
content-length
2732671
strict-transport-security
max-age=31536000
content-type
application/javascript
pa.js
z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypalobjects.com/pa/js/ 		58 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypalobjects.com/pa/js/pa.js
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::1:193 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
482a9634deea772f8cd32d17bea116d3e69ef122c5e4628229264a0c06d9165b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:11 GMT
cache-control
max-age=120
referrer-policy
no-referrer-when-downgrade
etag
"70287e7a340f8e1e079c8ca33519828cedd1dc14"
content-length
59700
strict-transport-security
max-age=31536000
content-type
application/javascript
recaptchav3.js
z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/auth/createchallenge/8218296f44d52c2e/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/auth/createchallenge/8218296f44d52c2e/recaptchav3.js?_sessionID=em0V2oVlmxx_vGmbRc9OlC8qba2KLSMt
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:6b8::1:193 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
3a74ed3660640c3a2f10d90e5f2976cc9e221361747167733504bb67934e4095
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:11 GMT
cache-control
max-age=120
referrer-policy
no-referrer-when-downgrade
etag
"a0cfe62ccc7878958800c3074db6068604c442d7"
content-length
11023
strict-transport-security
max-age=31536000
content-type
text/javascript; charset=utf-8
turbo.js
yastatic.net/s3/translate/v21.23.1/dist/scripts/bundles/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yastatic.net/s3/translate/v21.23.1/dist/scripts/bundles/turbo.js
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
17602bd1db16382a857949e43a35f3a611671080d9d9e10d05afd7db67c86f36
Security Headers
Name Value
Strict-Transport-Security max-age=43200000; includeSubDomains;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:10 GMT
content-encoding
br
last-modified
Wed, 10 Nov 2021 14:28:20 GMT
server
nginx/1.17.9
etag
W/"f275cc6f2afabdca7fc05e8d1f8ae8e5"
vary
Accept-Encoding
report-to
{ "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 08:07:03 GMT
cache-control
public, max-age=31556952
nel
{"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
strict-transport-security
max-age=43200000; includeSubDomains;
timing-allow-origin
*
x-nginx-request-id
936deea8c76a8a03
icon_ot_spin_lock_skinny.png
www.paypalobjects.com/images/checkout/hermes/ 		395 B
714 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/checkout/hermes/icon_ot_spin_lock_skinny.png
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/b9e/f85324bcda386e89b793df5f75d09/css/styles.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
60668cd1ce79ddd5a0615433bc913eca1f17da711f00cc0e40e14744f6cc3cb4
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypalobjects.com/web/res/b9e/f85324bcda386e89b793df5f75d09/css/styles.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:11 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
HIT, HIT
fastly-io-info
ifsz=395 idim=50x50 ifmt=png ofsz=395 odim=50x50 ofmt=png
paypal-debug-id
542fd58d556fb
fastly-stats
io=1
dc
phx-origin-www-2.paypal.com
content-length
395
fastly-io-warning
Failed to shrink image
x-served-by
cache-sjc10053-SJC, cache-fra19172-FRA
x-timer
S1636597152.922906,VS0,VE0
etag
"9/TeXB0V+j3W4UHnkH0U0tXVJqfiTsEVVUAU4yIq4wk"
strict-transport-security
max-age=31557600
content-type
image/png
cache-control
public,max-age=3600
accept-ranges
bytes
x-cache-hits
23, 60
log
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/log?script=https%3A%2F%2Fz5h64q92x9.net%2Fproxy_u%2F0.3cd3491e-618c5c52-193fa7f3-74722d776562%2Fhttps%2Fwww.paypalobjects.com%2Fweb%2Fres%2Fb9e%2Ff85324bcda386e89b793df5f75d09%2Fjs%2Fconfig.js&event=script_error&state=pre_bootstrap&level=error&token=&pageID=1c266f4a&timestamp=Thu%20Nov%2011%202021%2002%3A19%3A29%20GMT%2B0000%20(GMT)
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
x-requested-with
Origin
https://z5h64q92x9.net
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-headers
x-requested-with
access-control-allow-methods
GET
access-control-allow-origin
https://z5h64q92x9.net
allow
POST,GET,HEAD
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-type
text/html; charset=utf-8
etag
W/"d-BVyHhJ9/eETU1VqxhQuV1zTNV1Q"
paypal-debug-id
f7248556c6a1e
x-content-type-options
nosniff
dc
ccg11-origin-www-1.paypal.com
accept-ranges
none
via
1.1 varnish, 1.1 varnish
content-encoding
br
date
Thu, 11 Nov 2021 02:19:31 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-served-by
cache-hhn4037-HHN, cache-fra19135-FRA
x-cache
MISS, MISS
x-cache-hits
0, 0
x-timer
S1636597171.022363,VS0,VE178
vary
Accept-Encoding
server-timing
content-encoding;desc=br
log
www.paypal.com/xoplatform/logger/api/ 		0
0
&prevent_reload=1
z5h64q92x9.net/webapps/xoonboarding/ 		0
0
Primary Request error
www.paypal.com/webapps/xoonboarding/ 		7 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/webapps/xoonboarding/error
Requested by
Host: z5h64q92x9.net
URL: https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d49e535c7141e771b3edb55f0f4fef57c115b492dec0b9ac8c11725fdf316d5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.qualtrics.com; script-src 'nonce-9cxxD5QuWPP3xae6x09SaO3rOyEGDkndeXJamYtK04vRqoVp' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src https: data:; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://z5h64q92x9.net/proxy_u/en-tr.ru.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypal.com/webapps/xoonboarding

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.qualtrics.com; script-src 'nonce-9cxxD5QuWPP3xae6x09SaO3rOyEGDkndeXJamYtK04vRqoVp' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src https: data:; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type
text/html
paypal-debug-id
f7248555d21d6
x-content-type-options
nosniff
x-cookies
{"tD08unW5xWPYcc3Vtbf3fJ3V3AQpBSPfm6WSV5oz4qyqFW9g":"34ahEMMw1kS3XL71te7d-VsnJ4SgIrnuvMWvQew7TiDlC8LrkVLzAE8efkDpTrVZILMS2OoUHAB1-Q9B","ag57olvZ7MWSTJXCB7PUbg1HbJ7ibAsoAYd73FZ9IOdz_8eW4AApCl4lKlO":"KK7qROZ9TyXNms9hdcB532qREgty4r_wlXdS4PDNKLi8DOJqi6kbfnc4nZKOcpNN1upovmDQrEWnQNkDJfOCndNspxLH2Ti1VOlo1tSJdmDbhGYaGxzgH7vgAZOSBRQqJwq6EwoyEY8zf0-bv7rXQncPtVTG2Rs4s814ON2iuqPrXGmqtR_lCAiPPyBccIAjixsIzIDJH6KSL6J67BhDSkgqR-Hs-8bTC76rsYVDZliJteVA6iWNR_Hxc974-jZ4kSWnzKyfWik0lDjYk3e5WT3lLOllMiDUyjDbj_86GCxgww6_5im5fDK2gt_DZF1THzHCBLSifjJ5pJlrY1dAuGE3Yr42CFqlJQ1frszsjwicEKOkCbvE1xr-gfhRZRwHpYJ_xonJbozxHIgch2eDEsknIN3ITqReRNbZ_odtwlQW_IDPMdybJAaCd0HRH1R71wi1TIsI4zimaAKke4GwFjIdE4VJLVv9HH7Tqqri7JIKxI952pDZEsahOlbapBgUZdTjvmQajUgdZvb6MONJQHz3Vzmh4y48I-759ALFtELhtCPWC5M14E05NAxqxy4r4BXtDo0bGj9hgjQ0","iQCnhIy5-64PvineZIGVfUafYGUgmm9iludbMKXVIUhFSMEA":"dWVvBHZiSWui7nTCP6PgZJcfmkkh-itJn30T4Y0nIVY6Ybi9FnrDRDbN0Hv-0rkwKZsr-tTnnbJmygr6pGhm8ieVHDm","1lqGsXW4eqX_7BylYaffZSBrM_FVp-T5d4SAddgQWEt6_lR1":"6g_Ls8554djzGYA8wOLbhhpAgEHYRe2iUjSi9mG0i7WVQ020QzYtxA-84G_ds3xe2r68ZZ0vdmE4_EtZ9lRV37zLz7oqQHtyl47Uni4R5D6N2MJgK65V6zlL_-ZFgx6zz9wAx7syD5qZeW4NdoCiGEcA1Tm702AIEQvJIxIlBdIL0HJ0"}
x-cookies-hash
f3a7d451557bc1648d1865abff7ff0e82b96fbc9274aae1464a720c049996d85
x-csrf-jwt
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbiI6InRsQXoyRl85TzcxVENMUW9kdWlYVGRjOFlnUE9FVFp4TzFScWZNU25IcUlsb056UnBFOEg3ZnY1SEdlSGFfcUQtdzg2R0Q0S3dET1ljOG1pbjdpTVZyMjJPcUFGenNrQVJtaURMM1o1Rmg3bFN3UmhpaGszeEFiRDJNV3JCTUJObENsOFRRMU5uQmh2cmwydDcwRWxUZ2lWd3Mydm5iQ0l3eWRyX3N3dTB2S2JFdkxVeDJnQ3lTY0x3cmEiLCJpYXQiOjE2MzY1OTcxNzEsImV4cCI6MTYzNjYwMDc3MX0.Z90PsD7RUydOTZRXbwGOCV7Nw5fwz5KtBqUau2XIrHU
x-csrf-jwt-hash
b3b55017f2f2e494cd36d635d8468fadea13f98058bfdafdefaf8b3d9b2302d7
x-xss-protection
1; mode=block
dc
ccg11-origin-www-1.paypal.com
accept-ranges
none
via
1.1 varnish, 1.1 varnish
content-encoding
br
date
Thu, 11 Nov 2021 02:19:31 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-served-by
cache-hhn4036-HHN, cache-fra19137-FRA
x-cache
MISS, MISS
x-cache-hits
0, 0
x-timer
S1636597171.065539,VS0,VE208
vary
Accept-Encoding
server-timing
content-encoding;desc=br
log
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/log
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-app-name,x-requested-with
Origin
https://z5h64q92x9.net
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-headers
content-type,x-app-name,x-requested-with
access-control-allow-methods
POST
access-control-allow-origin
https://z5h64q92x9.net
allow
POST,GET,HEAD
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-type
text/html; charset=utf-8
etag
W/"d-BVyHhJ9/eETU1VqxhQuV1zTNV1Q"
paypal-debug-id
f724855800abe
x-content-type-options
nosniff
dc
ccg11-origin-www-1.paypal.com
accept-ranges
none
via
1.1 varnish, 1.1 varnish
content-encoding
br
date
Thu, 11 Nov 2021 02:19:31 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-served-by
cache-hhn4042-HHN, cache-fra19135-FRA
x-cache
MISS, MISS
x-cache-hits
0, 0
x-timer
S1636597171.061623,VS0,VE148
vary
Accept-Encoding
server-timing
content-encoding;desc=br
log
www.paypal.com/xoplatform/logger/api/ 		0
0
log
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/log
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-app-name,x-requested-with
Origin
https://z5h64q92x9.net
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-headers
content-type,x-app-name,x-requested-with
access-control-allow-methods
POST
access-control-allow-origin
https://z5h64q92x9.net
allow
POST,GET,HEAD
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-type
text/html; charset=utf-8
etag
W/"d-BVyHhJ9/eETU1VqxhQuV1zTNV1Q"
paypal-debug-id
f72485595346c
x-content-type-options
nosniff
dc
ccg11-origin-www-1.paypal.com
accept-ranges
none
via
1.1 varnish, 1.1 varnish
content-encoding
br
date
Thu, 11 Nov 2021 02:19:31 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-served-by
cache-hhn11556-HHN, cache-fra19135-FRA
x-cache
MISS, MISS
x-cache-hits
0, 0
x-timer
S1636597171.284591,VS0,VE164
vary
Accept-Encoding
server-timing
content-encoding;desc=br
log
www.paypal.com/xoplatform/logger/api/ 		0
0
ngrlCaptcha.min.js
www.paypalobjects.com/webcaptcha/ 		21 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/xoonboarding/error
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3ba795672c78c8f0f52ecd5d1a0a317d1e5c059509a6bead9d26b46fc831d83b
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
paypal-debug-id
8fb0bd0738f3c
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
6352
x-served-by
cache-sjc10048-SJC, cache-fra19172-FRA
last-modified
Wed, 10 Nov 2021 09:36:56 GMT
x-timer
S1636597171.302810,VS0,VE148
etag
W/"618b92b8-5428"
strict-transport-security
max-age=31557600
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
cache-control
public,max-age=3600
accept-ranges
bytes
x-cache-hits
44, 1
recaptchav3.js
www.paypal.com/auth/createchallenge/4362b5784728ce91/ 		11 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/auth/createchallenge/4362b5784728ce91/recaptchav3.js?_sessionID=pjjnYopRlSOUJyJWeUYltBoSDKkYc5uO
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/xoonboarding/error
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a476150930f11588b8789a039437ff731aa91c397f2bec251ef6377cbd054665
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-PmEZ1RMqIRs0wRCF8ZHQeF6VlTrHkDFZfeAoWR4cGJfcecxX' 'self' https://*.paypal.com https://*.paypalobjects.com https://www.recaptcha.net https://www.gstatic.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://*.paypal.com https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypal.com/webapps/xoonboarding/error
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-PmEZ1RMqIRs0wRCF8ZHQeF6VlTrHkDFZfeAoWR4cGJfcecxX' 'self' https://*.paypal.com https://*.paypalobjects.com https://www.recaptcha.net https://www.gstatic.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://*.paypal.com https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
MISS, MISS
paypal-debug-id
f724855800930
server-timing
content-encoding;desc=gzip
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-hhn4041-HHN, cache-fra19137-FRA
x-timer
S1636597171.302967,VS0,VE219
date
Thu, 11 Nov 2021 02:19:31 GMT
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
text/javascript; charset=utf-8
content-encoding
gzip
cache-control
max-age=0, no-cache, no-store, must-revalidate
etag
W/"2afe-3fyUa9yiNJYT5DNu6kl+oA3Vbqg"
accept-ranges
none
x-cache-hits
0, 0
hermes_window_sprite_v16.png
www.paypalobjects.com/images/checkout/hermes/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/checkout/hermes/hermes_window_sprite_v16.png
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/webapps/xoonboarding/error
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e8867e9b228e90c2c64825bf2bacaea7f283fce1176ccf849f0935a94da488dc
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:31 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
HIT, HIT
fastly-io-info
ifsz=23268 idim=250x350 ifmt=png ofsz=23268 odim=250x350 ofmt=png
paypal-debug-id
69fd3aec232f4
fastly-stats
io=1
dc
ccg11-origin-www-1.paypal.com
content-length
23268
fastly-io-warning
Failed to shrink image
x-served-by
cache-sjc10026-SJC, cache-fra19172-FRA
x-timer
S1636597171.460795,VS0,VE1
etag
"nnzRlS9MBgJaF5KTitXTyIJxOe9T0imDmyJbBzcjo2U"
strict-transport-security
max-age=31557600
content-type
image/png
cache-control
public,max-age=3600
accept-ranges
bytes
x-cache-hits
6, 1
grcenterprise_v3.html
www.paypalobjects.com/web/res/8a3/386e0d80d4456a1a0ce65cfae3f18/recaptcha/ Frame C27C 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/8a3/386e0d80d4456a1a0ce65cfae3f18/recaptcha/grcenterprise_v3.html
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/auth/createchallenge/4362b5784728ce91/recaptchav3.js?_sessionID=pjjnYopRlSOUJyJWeUYltBoSDKkYc5uO
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b25cbff26f5d1f20ba847d0d1859fc28649a42540e27c1feac6039e29012b9b5
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypal.com/

Response headers

content-encoding
gzip
content-type
text/html
etag
W/"613849b0-fae"
expires
Fri, 30 Sep 2022 03:21:37 GMT
last-modified
Wed, 08 Sep 2021 05:27:12 GMT
paypal-debug-id
68d8d219283a4
dc
ccg11-origin-www-1.paypal.com
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
date
Thu, 11 Nov 2021 02:19:31 GMT
x-served-by
cache-sjc10055-SJC, cache-fra19172-FRA
x-cache
MISS, HIT
x-cache-hits
0, 7
x-timer
S1636597172.536019,VS0,VE0
vary
Accept-Encoding
x-content-type-options
nosniff
cache-control
max-age=31536000
strict-transport-security
max-age=31557600
content-length
1549
enterprise.js
www.recaptcha.net/recaptcha/ Frame C27C 		977 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/enterprise.js?render=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&hl=de
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/8a3/386e0d80d4456a1a0ce65cfae3f18/recaptcha/grcenterprise_v3.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a1a2bbd16807eb251ac77f3809fab0f327f2a33d1b671cc9e2a61dc6de589dbc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypalobjects.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
618
x-xss-protection
1; mode=block
expires
Thu, 11 Nov 2021 02:19:31 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/ Frame C27C 		346 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise.js?render=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&hl=de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
519f71e8a6cac156c0290fb5b79372191890e23d46a94cbe3a744e6470f074c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.paypalobjects.com/
Origin
https://www.paypalobjects.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 10 Nov 2021 19:54:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23105
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
138756
x-xss-protection
0
last-modified
Mon, 01 Nov 2021 18:13:57 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Thu, 10 Nov 2022 19:54:26 GMT
anchor
www.recaptcha.net/recaptcha/enterprise/ Frame 1985 		40 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=de&v=kcXVPRWG7fMILHmzon0--fD3&size=invisible&cb=9q36t7i6ygps
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/recaptcha__de.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
22506c8666c440781fc21cbd05129259cce9ca4d82415b3fba96b422fd819a02
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-KbgPINoWSDEKFDv0j9EUIw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.paypalobjects.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 11 Nov 2021 02:19:31 GMT
content-security-policy
script-src 'report-sample' 'nonce-KbgPINoWSDEKFDv0j9EUIw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
21178
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
styles__ltr.css
www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/ Frame 1985 		52 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/styles__ltr.css
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=de&v=kcXVPRWG7fMILHmzon0--fD3&size=invisible&cb=9q36t7i6ygps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
295426f89c923624640e8f1bb52e3438a7b43fb7efa84c1dc6bbbd41971c0f10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 10 Nov 2021 16:35:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
35063
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25743
x-xss-protection
0
last-modified
Mon, 01 Nov 2021 18:13:57 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Thu, 10 Nov 2022 16:35:08 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/ Frame 1985 		346 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=de&v=kcXVPRWG7fMILHmzon0--fD3&size=invisible&cb=9q36t7i6ygps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
519f71e8a6cac156c0290fb5b79372191890e23d46a94cbe3a744e6470f074c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 10 Nov 2021 19:54:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23105
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
138756
x-xss-protection
0
last-modified
Mon, 01 Nov 2021 18:13:57 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin-allow-popups; report-to="recaptcha"
expires
Thu, 10 Nov 2022 19:54:26 GMT
webworker.js
www.recaptcha.net/recaptcha/enterprise/ Frame 1985 		102 B
181 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/enterprise/webworker.js?hl=de&v=kcXVPRWG7fMILHmzon0--fD3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9634e9a8b1c3451b80bc43c5b1032001472588296766525c9848e2abbe5ece39
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=de&v=kcXVPRWG7fMILHmzon0--fD3&size=invisible&cb=9q36t7i6ygps
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 11 Nov 2021 02:19:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Thu, 11 Nov 2021 02:19:31 GMT
reload
www.recaptcha.net/recaptcha/enterprise/ Frame 1985 		31 KB
18 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/enterprise/reload?k=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/recaptcha__de.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
0cfe25bf6c352385f1caf828a19f36016ec03e3ced4b3df5a8e07662332a315c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=de&v=kcXVPRWG7fMILHmzon0--fD3&size=invisible&cb=9q36t7i6ygps
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/x-protobuffer

Response headers

date
Thu, 11 Nov 2021 02:19:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
private, max-age=0
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18142
x-xss-protection
1; mode=block
expires
Thu, 11 Nov 2021 02:19:31 GMT
verifygrcenterprise
www.paypal.com/auth/ 		0
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/auth/verifygrcenterprise
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-GXano8RrcOgd2m3QkC709ZEjE7NFSJEYhMKxM6d3f8rjHzkU' 'self' https://*.paypal.com https://*.paypalobjects.com https://www.recaptcha.net https://www.gstatic.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://*.paypal.com https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.paypal.com/webapps/xoonboarding/error
x-requested-with
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-GXano8RrcOgd2m3QkC709ZEjE7NFSJEYhMKxM6d3f8rjHzkU' 'self' https://*.paypal.com https://*.paypalobjects.com https://www.recaptcha.net https://www.gstatic.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://*.paypal.com https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
MISS, MISS
paypal-debug-id
f4868972e804e
server-timing
content-encoding;desc=br
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-hhn4074-HHN, cache-fra19137-FRA
x-timer
S1636597172.018386,VS0,VE227
date
Thu, 11 Nov 2021 02:19:32 GMT
vary
accept-encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
none
x-cache-hits
0, 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.paypal.com
URL
https://www.paypal.com/xoplatform/logger/api/log?script=https%3A%2F%2Fz5h64q92x9.net%2Fproxy_u%2F0.3cd3491e-618c5c52-193fa7f3-74722d776562%2Fhttps%2Fwww.paypalobjects.com%2Fweb%2Fres%2Fb9e%2Ff85324bcda386e89b793df5f75d09%2Fjs%2Fconfig.js&event=script_error&state=pre_bootstrap&level=error&token=&pageID=1c266f4a&timestamp=Thu%20Nov%2011%202021%2002%3A19%3A29%20GMT%2B0000%20(GMT)
Domain
z5h64q92x9.net
URL
https://z5h64q92x9.net/webapps/xoonboarding/&prevent_reload=1
Domain
www.paypal.com
URL
https://www.paypal.com/xoplatform/logger/api/log
Domain
www.paypal.com
URL
https://www.paypal.com/xoplatform/logger/api/log

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler boolean| paypalADSInterceptorInjected object| _0x4938 function| _0x2089

11 Cookies

Domain/Path Name / Value
www.recaptcha.net/recaptcha Name: _GRECAPTCHA
Value: 09AINsHFeV-enWkojqQn1xBjk7W5EkAr3bJflCWyneoq8qLWDpcYzqvuuLK5mn-c3RlDYIPMCrMC3rSeZBSugWa40
.paypal.com/ Name: LANG
Value: de_DE%3BDE
.paypal.com/ Name: x-csrf-jwt
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbiI6IkRIdmU3S0VzVTZraWZWZlRya0otRXd6MmtLT0ItV3VLbHNVdGhXcWppOGdqczIxNnZjY29rMlluLUxyc2ZyOWZRdFAtOEtKVlJyZ202eHl0b3N0bl91b1J1ZlhfeU9TT2sxTG1RX1NVSGw2ME12TFJZSjBxMkV1N0ZyWl9vajhGOXk2OFo4R0RyNjd2dGJCR1RnMjhIQUpXMmFIek1iNmpwYTMzVDRJU2RQemRDbFpPc3E0cXBRWmlwcmkiLCJpYXQiOjE2MzY1OTcxNzEsImV4cCI6MTYzNjYwMDc3MX0.pgY8cgLZuC4ac4QTcDVJuAcWmk0X3mgkCnd6RIk6kbo
www.paypal.com/ Name: nsid
Value: s%3ApjjnYopRlSOUJyJWeUYltBoSDKkYc5uO.I3cKcE4IJ5ADAhqI1hZcoZfAxLhPZqwhPdog9MWUB94
.paypal.com/ Name: l7_az
Value: dcg15.slc
.paypal.com/ Name: ts_c
Value: vr%3D0ccb03c317d0a78064d99f02ff163448%26vt%3D0ccb03c317d0a78064d99f02ff163447
.paypal.com/ Name: x-cdn
Value: 0003
.paypal.com/ Name: enforce_policy
Value: gdpr_v2.1
.paypal.com/ Name: tsrce
Value: authchallengenodeweb
.paypal.com/ Name: x-pp-s
Value: eyJ0IjoiMTYzNjU5NzE3MjE2OSIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/ Name: ts
Value: vreXpYrS%3D1731291572%26vteXpYrS%3D1636598972%26vr%3D0ccb03c317d0a78064d99f02ff163448%26vt%3D0ccb03c317d0a78064d99f02ff163447%26vtyp%3Dnew

1 Console Messages

Source Level URL
Text
network error URL: https://z5h64q92x9.net/proxy_u/0.3cd3491e-618c5c52-193fa7f3-74722d776562/https/www.paypalobjects.com/web/res/b9e/f85324bcda386e89b793df5f75d09/js/config.js
Message:
Failed to load resource: the server responded with a status of 503 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.recaptcha.net
yastatic.net
z5h64q92x9.net
www.paypal.com
z5h64q92x9.net
151.101.129.21
151.101.130.133
2a00:1450:4001:812::2003
2a00:1450:4001:830::2003
2a02:6b8:20::215
2a02:6b8::1:193
0ce410988947296348f06c7f739a2dfd7c6112347b261224ba66e164d173a110
0cfe25bf6c352385f1caf828a19f36016ec03e3ced4b3df5a8e07662332a315c
17602bd1db16382a857949e43a35f3a611671080d9d9e10d05afd7db67c86f36
1c75b7ded9e28e2772d75120e1a5bce46f9ccacbe1a953b12e5f179dba6688e6
1e70fbdfe36f8800804d2e25c30581168295cd8024c9c35c8ab14e60b15243af
22506c8666c440781fc21cbd05129259cce9ca4d82415b3fba96b422fd819a02
28f539dd6ddbe639249b7042540db6ec39a08f5e4313e5cc17a54e2f26f5dad9
295426f89c923624640e8f1bb52e3438a7b43fb7efa84c1dc6bbbd41971c0f10
3a74ed3660640c3a2f10d90e5f2976cc9e221361747167733504bb67934e4095
3ba795672c78c8f0f52ecd5d1a0a317d1e5c059509a6bead9d26b46fc831d83b
3cb22a4d2796dbb478e42f6bc33b4cd55394817fc2aaee4f64e66846b5d9ccb1
482a9634deea772f8cd32d17bea116d3e69ef122c5e4628229264a0c06d9165b
519f71e8a6cac156c0290fb5b79372191890e23d46a94cbe3a744e6470f074c1
60668cd1ce79ddd5a0615433bc913eca1f17da711f00cc0e40e14744f6cc3cb4
6d407ddc4b8a8ee27aa947c4ccc1a3fea37795c587d44fa40dba6fd24cbcc5b1
6d49e535c7141e771b3edb55f0f4fef57c115b492dec0b9ac8c11725fdf316d5
6dc3089a1f65f1b998e1f4820404600954c93c620eb71f3cfcce27d43451353c
80ffb277e6c57b13d31bce48f4db644aaf46952804f731b960b6ffe0af112aa3
8d48f8f12aaed3e1ddd37cc8e5b2effe3edbd71b5b510eba6993851fd287589b
9634e9a8b1c3451b80bc43c5b1032001472588296766525c9848e2abbe5ece39
a1a2bbd16807eb251ac77f3809fab0f327f2a33d1b671cc9e2a61dc6de589dbc
a476150930f11588b8789a039437ff731aa91c397f2bec251ef6377cbd054665
b25cbff26f5d1f20ba847d0d1859fc28649a42540e27c1feac6039e29012b9b5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8867e9b228e90c2c64825bf2bacaea7f283fce1176ccf849f0935a94da488dc