id.paypal.immigrationdirectstaging.com Open in urlscan Pro
24.199.76.188 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://id.paypal.immigrationdirectstaging.com/
Submission: On January 04 via automatic, source certstream-suspicious (January 4th 2024, 7:12:14 am UTC) — Scanned from DE

Summary HTTP 50 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 22 IPs in 6 countries across 17 domains to perform 50 HTTP transactions. The main IP is 24.199.76.188, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is id.paypal.immigrationdirectstaging.com.
TLS certificate: Issued by R3 on January 4th 2024. Valid for: 3 months.

This is the only time id.paypal.immigrationdirectstaging.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	24.199.76.188 24.199.76.188	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1 7	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.217.134.0 52.217.134.0	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
1	2600:9000:264... 2600:9000:2644:d800:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2620:1ec:46::45 2620:1ec:46::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f14... 2a03:2880:f145:82:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a05:d018:cc3... 2a05:d018:cc3:fe04:410e:c7a0:1d47:ccc0	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1	2606:4700::68... 2606:4700::6812:4a5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::6816:46e7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	4.227.249.197 4.227.249.197	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
50	22

10 24.199.76.188 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

id.paypal.immigrationdirectstaging.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.134.0 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2644:d800:6:9280:1080:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f145:82:face:b00c:0:25de (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe04:410e:c7a0:1d47:ccc0 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:4a5 (United States)

ASN13335 (CLOUDFLARENET, US)

signals.aimtell.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:46e7 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.aimtell.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 4.227.249.197 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

u.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	immigrationdirectstaging.com id.paypal.immigrationdirectstaging.com	174 KB
7	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 692 c.bing.com — Cisco Umbrella Rank: 539	15 KB
5	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1280 c.clarity.ms — Cisco Umbrella Rank: 2579 u.clarity.ms — Cisco Umbrella Rank: 13256	27 KB
5	gstatic.com fonts.gstatic.com	116 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	332 KB
3	google.de www.google.de — Cisco Umbrella Rank: 4002	670 B
3	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 184 googleads.g.doubleclick.net — Cisco Umbrella Rank: 68	3 KB
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2014 www.google.com — Cisco Umbrella Rank: 6	832 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 240	91 KB
2	adroll.com s.adroll.com — Cisco Umbrella Rank: 4806 d.adroll.com — Cisco Umbrella Rank: 2450	29 KB
2	yimg.com s.yimg.com — Cisco Umbrella Rank: 876	7 KB
1	aimtell.io cdn.aimtell.io — Cisco Umbrella Rank: 12495	737 B
1	aimtell.com signals.aimtell.com — Cisco Umbrella Rank: 10342	421 B
1	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 2033	631 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	amazonaws.com s3.amazonaws.com	14 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 115	2 KB
50	17

	Domain	Requested by
10	id.paypal.immigrationdirectstaging.com	id.paypal.immigrationdirectstaging.com
6	bat.bing.com	www.googletagmanager.com bat.bing.com id.paypal.immigrationdirectstaging.com
5	fonts.gstatic.com	fonts.googleapis.com
4	www.googletagmanager.com	id.paypal.immigrationdirectstaging.com www.googletagmanager.com
3	www.google.de	id.paypal.immigrationdirectstaging.com
2	c.clarity.ms	1 redirects
2	www.google.com	id.paypal.immigrationdirectstaging.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	www.clarity.ms	id.paypal.immigrationdirectstaging.com www.clarity.ms
2	connect.facebook.net	id.paypal.immigrationdirectstaging.com connect.facebook.net
2	s.yimg.com	id.paypal.immigrationdirectstaging.com s.yimg.com
1	u.clarity.ms	www.clarity.ms
1	c.bing.com	1 redirects
1	cdn.aimtell.io	s3.amazonaws.com
1	signals.aimtell.com	s3.amazonaws.com
1	sp.analytics.yahoo.com	id.paypal.immigrationdirectstaging.com
1	d.adroll.com	s.adroll.com
1	www.facebook.com	id.paypal.immigrationdirectstaging.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	s.adroll.com	id.paypal.immigrationdirectstaging.com
1	s3.amazonaws.com	id.paypal.immigrationdirectstaging.com
1	fonts.googleapis.com	id.paypal.immigrationdirectstaging.com
50	23

This site contains links to these domains. Also see Links.

Domain
www.immigrationdirect.co.uk
www.immigrationdirect.ca

Subject Issuer	Validity	Valid
id.paypal.immigrationdirectstaging.com R3	`2024-01-04` - `2024-04-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2023-10-10` - `2024-07-10`	9 months	crt.sh
*.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-12-12` - `2024-01-31`	2 months	crt.sh
s.adroll.com Amazon RSA 2048 M01	`2023-06-03` - `2024-07-01`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-13` - `2024-01-11`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2023-10-09` - `2024-11-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-10-24` - `2024-04-17`	6 months	crt.sh
aimtell.com Cloudflare Inc ECC CA-3	`2023-04-08` - `2024-04-07`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-04` - `2024-05-03`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://id.paypal.immigrationdirectstaging.com/
Frame ID: 1FF8BF3FCCD200789C3DF3407CD11FCB
Requests: 50 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

U.S. Immigration Software | Immigration Direct

Detected technologies

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

Aimtell (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.aimtell\.\w+/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

50
Requests

98 %
HTTPS

77 %
IPv6

17
Domains

23
Subdomains

22
IPs

6
Countries

811 kB
Transfer

2136 kB
Size

19
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.immigrationdirect.co.uk/
Title: UK Immigration Services

Search URL Search Domain Scan URL

URL: https://www.immigrationdirect.ca/
Title: Canada Immigration Services

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8DD6FA9E03034B009A3B1F7C8671F71A&RedC=c.clarity.ms&MXFR=0322B55205F4632A32B2A6AE01F46DBE HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8DD6FA9E03034B009A3B1F7C8671F71A&MUID=036EABF08B7069CA19FCB80C8AFB6848

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
id.paypal.immigrationdirectstaging.com/ 41 KB
9 KB 787ms
157ms Document
text/html 24.199.76.188
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

24.199.76.188 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

f9d52f08c8e0935d0faa310deb70dd67738ec9e9bf1fea2dacb6eac5cbbb7404

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html
date: Thu, 04 Jan 2024 07:12:08 GMT
last-modified: Thu, 04 Jan 2024 07:10:43 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Accept-Encoding

GET
H2 200 home.css
id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/css/ 122 KB
22 KB 198ms
197ms Stylesheet
text/css 24.199.76.188
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/css/home.css

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

24.199.76.188 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

5bc8f5e1ba8fb94182a3228c17aa288bf7c7f3b7e9d953f0197e8d9ff62a4aa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Jan 2024 07:10:32 GMT
content-encoding: br
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Fri, 03 Jan 2025 07:12:08 GMT

GET
H2 200 jquery-3.4.1.min.js Show response
id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/scripts/ 86 KB
30 KB 419ms
418ms Script
application/javascript 24.199.76.188
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/scripts/jquery-3.4.1.min.js

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

24.199.76.188 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Jan 2024 07:10:32 GMT
content-encoding: br
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Fri, 03 Jan 2025 07:12:08 GMT

GET
H2 200 jquery.cookie.js Show response
id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/scripts/ 2 KB
1 KB 418ms
417ms Script
application/javascript 24.199.76.188
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/scripts/jquery.cookie.js

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

24.199.76.188 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

33b2bde7aa56af1982fbd6942704212c020ff7db30b278b5dd9e6368008dc68c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Jan 2024 07:10:32 GMT
content-encoding: br
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Fri, 03 Jan 2025 07:12:08 GMT

GET
H2 200 jquery.validate.min.js Show response
id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/scripts/ 22 KB
7 KB 165ms
164ms Script
application/javascript 24.199.76.188
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/scripts/jquery.validate.min.js

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

24.199.76.188 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

aa1d80cdf0990e97a21069ab16c048ef90a35df1165b87d19accabd7c4edc860

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Jan 2024 07:10:32 GMT
content-encoding: br
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Fri, 03 Jan 2025 07:12:08 GMT

GET
H2 200 logo-en.png
id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/images/ 18 KB
18 KB 310ms
310ms Image
image/png 24.199.76.188
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/images/logo-en.png

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

24.199.76.188 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

75f2e438e76084ec2b3a10854daa7279c3451c6bbb54f26d365b93d6b6a06d70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Jan 2024 07:10:32 GMT
content-encoding: gzip
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Fri, 03 Jan 2025 07:12:08 GMT

GET
H2 200 common.js Show response
id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/scripts/ 9 KB
2 KB 456ms
456ms Script
application/javascript 24.199.76.188
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/scripts/common.js

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

24.199.76.188 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

db49e2a04f7bb85287193a494c820f5e1d64a6c96be6d0e9784cfb1fb11d92c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Jan 2024 07:10:32 GMT
content-encoding: br
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Fri, 03 Jan 2025 07:12:08 GMT

GET
H2 200 css
fonts.googleapis.com/ 20 KB
2 KB 43ms
21ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i,900|Merriweather:400,700,900|Montserrat:400,700,900|Alegreya:400,700,900

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/css/home.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

782cf2a10f37e2dfc8d08ca669b383007675bd3248a964c0e3f49e4e1a93f5bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 04 Jan 2024 07:12:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 04 Jan 2024 07:12:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 04 Jan 2024 07:12:09 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 316 KB
98 KB 123ms
36ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TB8GRH

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cfd5a9ef3d785cd5d6d46d95170057c98a130577135d68a207373c9d04ef93f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 99919
x-xss-protection: 0
last-modified: Thu, 04 Jan 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Jan 2024 07:12:09 GMT

GET
H2 200 product-hero-bg-a.jpg
id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/images/ 53 KB
48 KB 160ms
159ms Image
image/jpeg 24.199.76.188
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/images/product-hero-bg-a.jpg

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/css/home.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

24.199.76.188 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

7e1dd5400b9d0fc47b4b801d59743349e22ab475bdcb5921203068d1b4073232

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/css/home.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:09 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Jan 2024 07:10:31 GMT
content-encoding: gzip
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Fri, 03 Jan 2025 07:12:09 GMT

GET
H2 200 home-hero-image.png
id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/images/ 30 KB
30 KB 229ms
229ms Image
image/png 24.199.76.188
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/images/home-hero-image.png

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/css/home.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

24.199.76.188 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

f84825c5b795ed16b9f319cbcf0cdeb3438c12ff80d6b2bc9ddc42a7785cc417

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/css/home.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:09 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Jan 2024 07:10:32 GMT
content-encoding: gzip
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Fri, 03 Jan 2025 07:12:09 GMT

GET
H2 200 site-icons.woff
id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/fonts/ 11 KB
7 KB 218ms
217ms Font
font/woff 24.199.76.188
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/fonts/site-icons.woff

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/css/home.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

24.199.76.188 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

f4e50a60c4e03ae490cd58f31da4d3dbfd8d16db9b8059803f4dc065659e85db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://id.paypal.immigrationdirectstaging.com/assets-static/c6cbee6d54f09d10f48dc8a904f56c0db74543a0/css/home.css
Origin: https://id.paypal.immigrationdirectstaging.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:09 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 04 Jan 2024 07:10:32 GMT
content-encoding: br
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Fri, 03 Jan 2025 07:12:09 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 101ms
20ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i,900|Merriweather:400,700,900|Montserrat:400,700,900|Alegreya:400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://id.paypal.immigrationdirectstaging.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 14:33:15 GMT
x-content-type-options: nosniff
age: 232734
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 31 Dec 2024 14:33:15 GMT

GET
H2 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 22 KB
23 KB 88ms
8ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i,900|Merriweather:400,700,900|Montserrat:400,700,900|Alegreya:400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://id.paypal.immigrationdirectstaging.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 31 Dec 2023 12:39:49 GMT
x-content-type-options: nosniff
age: 325940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22504
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:12:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 30 Dec 2024 12:39:49 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v24/ 24 KB
24 KB 102ms
21ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i,900|Merriweather:400,700,900|Montserrat:400,700,900|Alegreya:400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://id.paypal.immigrationdirectstaging.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 00:19:53 GMT
x-content-type-options: nosniff
age: 456736
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24408
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:14:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Dec 2024 00:19:53 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 94ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i,900|Merriweather:400,700,900|Montserrat:400,700,900|Alegreya:400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://id.paypal.immigrationdirectstaging.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 15:36:20 GMT
x-content-type-options: nosniff
age: 228949
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 31 Dec 2024 15:36:20 GMT

GET
H2 200 S6u_w4BMUTPHjxsI5wq_Gwft.woff2
fonts.gstatic.com/s/lato/v24/ 24 KB
24 KB 97ms
16ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI5wq_Gwft.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i,900|Merriweather:400,700,900|Montserrat:400,700,900|Alegreya:400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c84348296ebe2e2a0830c3962eb02156419d9bc76371c2eadaf7329d827d550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://id.paypal.immigrationdirectstaging.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 20:18:02 GMT
x-content-type-options: nosniff
age: 212047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24448
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 31 Dec 2024 20:18:02 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 286 KB
92 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MH3EV71JXW&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TB8GRH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

700790ef0691ef232d85ae9cdb8bbd1309dc6db17ef6d871a4e6c4540c332d1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94378
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 04 Jan 2024 07:12:09 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 69ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TB8GRH

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 04 Jan 2024 07:12:09 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 05ECAB70F957443D9361B5982A47BEB7 Ref B: FRA31EDGE0610 Ref C: 2024-01-04T07:12:09Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H/1.1 200
OK trackpush.min.js Show response
s3.amazonaws.com/cdn.aimtell.com/trackpush/ 48 KB
14 KB 333ms
140ms Script
text/javascript 52.217.134.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/cdn.aimtell.com/trackpush/trackpush.min.js
Requested by: Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.134.0 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: f2c49f0bd652f4f76abd03c1712acb1bb6080a9479a4060681fdea8ef7a16d2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Thu, 04 Jan 2024 07:12:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 28 Nov 2023 21:08:39 GMT
Server: AmazonS3
x-amz-request-id: C3Y5P84R3P7Z089W
ETag: "160b63ff8dde4a2035a3f74b0562b0cf"
x-amz-server-side-encryption: AES256
Content-Type: text/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 13457
x-amz-id-2: ga3z/0sY8RNT66h8SKzUG7rWWUXQaijA6C5BnoyzOA8iYZmIuMgEljrPKEcsuDFNTyI7kDrbqkA=

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 194 KB
71 KB 57ms
57ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-387192076

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TB8GRH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bcb3c2575f07d1453ccffaf792662a1d48da6f937dd7ee5be962ba8073c7b7ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72421
x-xss-protection: 0
last-modified: Thu, 04 Jan 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Jan 2024 07:12:09 GMT

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 18 KB
7 KB 60ms
8ms Script
application/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

ats-carp-promotion: 1, 1
date: Thu, 04 Jan 2024 06:34:19 GMT
x-amz-version-id: xC6OTTJGIjCqkMTkbrZpmtbXHK5oaZhW
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-amz-request-id: T5ZX4EN22KH560Y4
age: 2272
x-amz-server-side-encryption: AES256
content-length: 6262
x-amz-id-2: ExS4aRdSL5yjj0Xlg1KYrCxQ0wpR1XFvJV/uexYERVegqqz0JAOVhGfa7ZyLRb9rYaBZxm6eAPQ=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Wed, 31 Jul 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Mon, 26 Jun 2023 09:26:35 GMT
server: ATS
etag: "5c6ed25dce803fd84288922b8928409e-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=3600
accept-ranges: bytes

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 194 KB
71 KB 59ms
58ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-415369115

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TB8GRH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c4f5bb0d4909fe0dbd1715b71fc3724d85123f2f013d5dd3f7e5eba2c5b3015e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72422
x-xss-protection: 0
last-modified: Thu, 04 Jan 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Jan 2024 07:12:09 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/W3TC6WQOURE5JELKTLZV2B/ 95 KB
28 KB 48ms
9ms Script
text/javascript 2600:9000:2644:d800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/W3TC6WQOURE5JELKTLZV2B/roundtrip.js
Requested by: Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:d800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5046c1b4e86b0676ff88ff767b52ef09a08f488d9b4f0047957bc00198fc5ab4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

X-Amz-Version-Id: E_.cueHwkokCJ9JiKPqivWu4dZhYH4Wq
Content-Encoding: gzip
Via: 1.1 debf5a1694fcb96cc13d895660321eda.cloudfront.net (CloudFront)
Date: Thu, 04 Jan 2024 06:56:27 GMT
Age: 943
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Tue, 02 Jan 2024 12:16:09 GMT
Server: AmazonS3
Etag: W/"85ffdc92a9615135eb61144f1e6ef00b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 42y28LZgeGXzDxi0VpKQ8BJkn2a1-Px1YCcCUxsE7peJw6t3sw7UFA==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 23ms
8ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 04 Jan 2024 07:12:09 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: rv2yBgSiP52aWdo+djIYrF+8MAGZEYLYr5VB+CLn++RWKymHV+50nUpZbPnosstm5w+7uowc6SK12JtRM6zhug==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-optimizer: 0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 fqqs9ekybk Show response
www.clarity.ms/tag/ 650 B
1013 B 264ms
195ms Script
application/x-javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/fqqs9ekybk?ref=gtm2
Requested by: Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 77510c7f771f3958a035e11513181e5cc2785658a5e129379a1b0f098faf58f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: -1
date: Thu, 04 Jan 2024 07:12:09 GMT
x-azure-ref: 20240104T071209Z-9tvq12d4r96ht93hnrwr6app18000000055g000000003ya5
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 650
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H2 200 1601335086764307 Show response
connect.facebook.net/signals/config/ 141 KB
36 KB 80ms
80ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1601335086764307?v=2.9.138&r=stable&domain=id.paypal.immigrationdirectstaging.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5305f37611d8a8847f75c3e36c7143a7da13e24d5d11b0b2a7805f6857e55d97

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 04 Jan 2024 07:12:09 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 0z6VDldzDPT7XpNLz2Maiq3FVmG0mDqlAU20YxB+zCE8i9qQBdONzmE6ImUSy6abuD3vgIgi0oignx1nZiPlbg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
269 B 36ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-MH3EV71JXW&gtm=45je4130h2v875581204z86541124&_p=1704352329175&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=401848849.1704352329&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704352329&sct=1&seg=0&dl=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&dt=U.S.%20Immigration%20Software%20%7C%20Immigration%20Direct&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1525
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MH3EV71JXW&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://id.paypal.immigrationdirectstaging.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
269 B 58ms
19ms Ping
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-MH3EV71JXW&cid=401848849.1704352329&gtm=45je4130h2v875581204z86541124&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MH3EV71JXW&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://id.paypal.immigrationdirectstaging.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 40ms
18ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-MH3EV71JXW&cid=401848849.1704352329&gtm=45je4130h2v875581204z86541124&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1257205050

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 10167333.json Show response
s.yimg.com/wi/config/ 2 B
485 B 118ms
104ms XHR
application/json 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10167333.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-request-id: C3Y7F35VAJVH8ZYJ
age: 1
content-length: 22
x-amz-id-2: 0rNP6ddmUEGbYkRV0AsdJCjIfAv/ml/j9rWBQNcZwcfXNYqKksZDmq2xdfHApEjSrOxe/i7H2f0=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: public,max-age=3600

GET
H2 204 20263310.js Show response
bat.bing.com/p/action/ 0
119 B 82ms
82ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/20263310.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 04 Jan 2024 07:12:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3487005AFF464E13AAEC67CC8F4ECCA8 Ref B: FRA31EDGE0610 Ref C: 2024-01-04T07:12:09Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
287 B 80ms
80ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=20263310&Ver=2&mid=cf631bbe-7b1e-4a0e-8799-68a8a490b034&sid=93335640aad011ee902b53a53753be07&vid=93333c30aad011eeb2533d7a403217d6&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=U.S.%20Immigration%20Software%20%7C%20Immigration%20Direct&p=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&r=&lt=1297&evt=pageLoad&sv=1&rn=343495

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 04 Jan 2024 07:12:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 17D25B8587AB46ABAFE76FC5A420330A Ref B: FRA31EDGE0610 Ref C: 2024-01-04T07:12:09Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 20131264.js Show response
bat.bing.com/p/action/ 0
118 B 30ms
30ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/20131264.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 04 Jan 2024 07:12:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8257F5F411584BBE83F659BFCDB5C1A7 Ref B: FRA31EDGE0610 Ref C: 2024-01-04T07:12:09Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
228 B 79ms
79ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=20131264&Ver=2&mid=8fbf6645-ae34-437e-bbf7-a01f1c9fabd7&sid=93335640aad011ee902b53a53753be07&vid=93333c30aad011eeb2533d7a403217d6&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=U.S.%20Immigration%20Software%20%7C%20Immigration%20Direct&p=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&r=&lt=1297&evt=pageLoad&sv=1&rn=954351

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 04 Jan 2024 07:12:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B9330A4518AD472ABB474DBBBF8238A2 Ref B: FRA31EDGE0610 Ref C: 2024-01-04T07:12:09Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
231 B 78ms
78ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=20263310&Ver=2&mid=bee8d754-e87c-4957-ad0b-691869facaf6&sid=93335640aad011ee902b53a53753be07&vid=93333c30aad011eeb2533d7a403217d6&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=U.S.%20Immigration%20Software%20%7C%20Immigration%20Direct&p=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&r=&lt=1297&evt=pageLoad&sv=1&rn=735131

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 04 Jan 2024 07:12:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4C4A624489564CA68FB61B3C98CDA8CD Ref B: FRA31EDGE0610 Ref C: 2024-01-04T07:12:09Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/387192076/ 3 KB
2 KB 66ms
45ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/387192076/?random=1704352329470&cv=11&fst=1704352329470&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&hn=www.googleadservices.com&frm=0&tiba=U.S.%20Immigration%20Software%20%7C%20Immigration%20Direct&auid=64946890.1704352329&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-387192076

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c48cefc591121ae590063d95c3d520fe95839ecf9be1b4c96e76454377f51dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1271
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/415369115/ 3 KB
1 KB 57ms
46ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/415369115/?random=1704352329481&cv=11&fst=1704352329481&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&hn=www.googleadservices.com&frm=0&tiba=U.S.%20Immigration%20Software%20%7C%20Immigration%20Direct&auid=64946890.1704352329&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-415369115

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce2bfbe4ff7f391f6ca826d9fe1ddf51523b3f2fa3c9448a7d27b67bb42990e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1271
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 38ms
13ms Image
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1601335086764307&ev=PageView&dl=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&rl=&if=false&ts=1704352329497&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1704352329496.1995245972&cs_est=true&ler=empty&it=1704352329395&coo=false&rqm=GET

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 04 Jan 2024 07:12:09 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 W3TC6WQOURE5JELKTLZV2B Show response
d.adroll.com/consent/check/ 492 B
585 B 135ms
32ms Script
application/javascript 2a05:d018:cc3:fe04:410e:c7a0:1d47:ccc0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/W3TC6WQOURE5JELKTLZV2B?pv=43013165339.0907&arrfrr=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&_s=105745543e5060a5b05910b384002dbc&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/W3TC6WQOURE5JELKTLZV2B/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe04:410e:c7a0:1d47:ccc0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: a3ae75e36e5c7bb1fbbb70477e99379a7afe2c2a95a0d343bd2ce304fd529491

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:09 GMT
server: nginx/1.22.1
content-length: 492
content-type: application/javascript

GET
H2 200 /
www.google.com/pagead/1p-user-list/387192076/ 42 B
108 B 54ms
31ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/387192076/?random=1704352329470&cv=11&fst=1704351600000&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&u_w=1600&u_h=1200&url=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&frm=0&tiba=U.S.%20Immigration%20Software%20%7C%20Immigration%20Direct&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_ucpUA345QrEwVsRMoSBwQZvnUVdB3g&random=3380483611&rmt_tld=0&ipr=y

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/387192076/ 42 B
154 B 19ms
18ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/387192076/?random=1704352329470&cv=11&fst=1704351600000&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&u_w=1600&u_h=1200&url=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&frm=0&tiba=U.S.%20Immigration%20Software%20%7C%20Immigration%20Direct&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_ucpUA345QrEwVsRMoSBwQZvnUVdB3g&random=3380483611&rmt_tld=1&ipr=y

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/415369115/ 42 B
455 B 39ms
18ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/415369115/?random=1704352329481&cv=11&fst=1704351600000&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&u_w=1600&u_h=1200&url=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&frm=0&tiba=U.S.%20Immigration%20Software%20%7C%20Immigration%20Direct&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_otOi3bkVCdtZ63YwCAZo0LLN1hLqlQ&random=2370954523&rmt_tld=0&ipr=y

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/415369115/ 42 B
108 B 18ms
18ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/415369115/?random=1704352329481&cv=11&fst=1704351600000&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&u_w=1600&u_h=1200&url=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&frm=0&tiba=U.S.%20Immigration%20Software%20%7C%20Immigration%20Direct&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_otOi3bkVCdtZ63YwCAZo0LLN1hLqlQ&random=2370954523&rmt_tld=1&ipr=y

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
631 B 104ms
32ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Thu%2C%2004%20Jan%202024%2007%3A12%3A09%20GMT&n=-1&b=U.S.%20Immigration%20Software%20%7C%20Immigration%20Direct&.yp=10167333&f=https%3A%2F%2Fid.paypal.immigrationdirectstaging.com%2F&enc=UTF-8&yv=1.15.1&tagmgr=gtm

Requested by

Host: id.paypal.immigrationdirectstaging.com
URL: https://id.paypal.immigrationdirectstaging.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
content-length: 43
expires: Thu, 04 Jan 2024 07:12:09 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.20/ 60 KB
25 KB 13ms
13ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.20/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/fqqs9ekybk?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:09 GMT
content-encoding: br
last-modified: Tue, 02 Jan 2024 08:59:32 GMT
etag: W/"0x8DC0B71233A1338"
vary: Accept-Encoding
x-azure-ref: 20240104T071209Z-9tvq12d4r96ht93hnrwr6app18000000055g000000003yam
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 8f5a9dd1-801e-0048-3d5a-3d33ec000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

POST
H2 200 pageview Show response
signals.aimtell.com/ 43 B
421 B 69ms
27ms XHR
image/gif 2606:4700::6812:4a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://signals.aimtell.com/pageview?id_site=21597&v=3.981&support=1&state=default&wl=0&ref=aHR0cHM6Ly9pZC5wYXlwYWwuaW1taWdyYXRpb25kaXJlY3RzdGFnaW5nLmNvbS8=
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/cdn.aimtell.com/trackpush/trackpush.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:4a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:09 GMT
aimtell-hash-exists: 0
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/gif
access-control-allow-origin: https://id.paypal.immigrationdirectstaging.com
aimtell-traverse: 0
access-control-expose-headers: Aimtell-Hash-Exists, Aimtell-Traverse, Aimtell-Signal, Aimtell-Iso
access-control-allow-credentials: true
aimtell-iso: DE
aimtell-signal: 0
cf-ray: 8401abecf8db65b8-FRA
access-control-allow-headers: Content-Type, *
content-length: 43

GET
H2 200 21597-304be13a1dc6.json Show response
cdn.aimtell.io/config/optin/ 309 B
737 B 155ms
119ms XHR
application/json 2606:4700:10::6816:46e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aimtell.io/config/optin/21597-304be13a1dc6.json
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/cdn.aimtell.com/trackpush/trackpush.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:46e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61c67a0f10686494ef75d97fb454d0e8bd91241bcc5cc10b12d71c28dba85153

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 07:12:09 GMT
content-encoding: gzip
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
content-length: 265
last-modified: Wed, 16 Sep 2020 02:46:57 GMT
server: cloudflare
etag: "aa9535998ac98af999dbb5137d17cea3"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: ETag
cache-control: max-age=86400
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
cf-ray: 8401abecf93a3a64-FRA
x-amz-cf-id: _OR87VB82pLM3upl2iV0GikjHErHwZ_bOm-2tuDtVbd2tG9JDdjDYg==

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8DD6FA9E03034B009A3B1F7C8671F71A&RedC=c.clarity.ms&MXFR=0322B55205F4632A32B2A6AE01F46DBE
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8DD6FA9E03034B009A3B1F7C8671F71A&MUID=036EABF08B7069CA19FCB80C8AFB6848

42 B
442 B

29ms
29ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8DD6FA9E03034B009A3B1F7C8671F71A&MUID=036EABF08B7069CA19FCB80C8AFB6848
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://id.paypal.immigrationdirectstaging.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
last-modified: Tue, 12 Dec 2023 19:03:29 GMT
server: Microsoft-IIS/10.0
etag: "e8d91e42d2dda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 04 Jan 2024 07:12:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8E9074F3C868477AA011FBDC6EAD5883 Ref B: FRA31EDGE0610 Ref C: 2024-01-04T07:12:09Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8DD6FA9E03034B009A3B1F7C8671F71A&MUID=036EABF08B7069CA19FCB80C8AFB6848
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
318 B 394ms
192ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://id.paypal.immigrationdirectstaging.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://id.paypal.immigrationdirectstaging.com
Date: Thu, 04 Jan 2024 07:12:10 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

Verdicts & Comments Add Verdict or Comment

181 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
id.paypal.immigrationdirectstaging.com/	1970-01-21 02:11:28	Name: _notice Value: true
.immigrationdirectstaging.com/	1970-01-20 19:35:28	Name: _gcl_au Value: 1.1.64946890.1704352329
.immigrationdirectstaging.com/	1970-01-21 03:01:52	Name: _ga_MH3EV71JXW Value: GS1.1.1704352329.1.0.1704352329.60.0.0
.immigrationdirectstaging.com/	1970-01-21 03:01:52	Name: _ga Value: GA1.1.401848849.1704352329
.immigrationdirectstaging.com/	1970-01-20 17:27:18	Name: _uetsid Value: 93335640aad011ee902b53a53753be07
.immigrationdirectstaging.com/	1970-01-21 02:47:28	Name: _uetvid Value: 93333c30aad011eeb2533d7a403217d6
.immigrationdirectstaging.com/	1970-01-20 19:35:28	Name: _fbp Value: fb.1.1704352329496.1995245972
.bing.com/	1970-01-21 02:47:28	Name: MUID Value: 036EABF08B7069CA19FCB80C8AFB6848
.doubleclick.net/	1970-01-20 17:25:53	Name: test_cookie Value: CheckForPermission
www.clarity.ms/	1970-01-21 02:11:28	Name: CLID Value: 394a79e88cbd47afa222fb97325b38bd.20240104.20250103
.immigrationdirectstaging.com/	1970-01-21 02:11:28	Name: _clck Value: 1ratyyr%7C2%7Cfi4%7C0%7C1464
.yahoo.com/	1970-01-21 02:11:49	Name: A3 Value: d=AQABBElalmUCEDpBrBSN3Q6C0tlcgjZL3SYFEgEBAQGrl2WgZeATyiMA_eMAAA&S=AQAAAsDfeY-mTKYweB2RCKeGnWA
.c.bing.com/	1970-01-20 17:35:57	Name: MR Value: 0
.c.bing.com/	1970-01-21 02:47:28	Name: SRM_B Value: 036EABF08B7069CA19FCB80C8AFB6848
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 02:47:28	Name: MUID Value: 036EABF08B7069CA19FCB80C8AFB6848
.c.clarity.ms/	1970-01-20 17:35:57	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 17:25:52	Name: ANONCHK Value: 0
.immigrationdirectstaging.com/	1970-01-20 17:27:18	Name: _clsk Value: p8324b%7C1704352330132%7C1%7C1%7Cu.clarity.ms%2Fcollect

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://connect.facebook.net/signals/config/1601335086764307?v=2.9.138&r=stable&domain=id.paypal.immigrationdirectstaging.com(Line 137) Message: Unrecognized feature: 'attribution-reporting'.
network	error	Message: A bad HTTP response code (404) was received when fetching the script.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
c.bing.com
c.clarity.ms
cdn.aimtell.io
connect.facebook.net
d.adroll.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
id.paypal.immigrationdirectstaging.com
region1.analytics.google.com
s.adroll.com
s.yimg.com
s3.amazonaws.com
signals.aimtell.com
sp.analytics.yahoo.com
stats.g.doubleclick.net
u.clarity.ms
www.clarity.ms
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
2001:4860:4802:32::36
212.82.100.181
24.199.76.188
2600:9000:2644:d800:6:9280:1080:93a1
2606:4700:10::6816:46e7
2606:4700::6812:4a5
2620:1ec:46::45
2620:1ec:c11::200
2a00:1288:80:807::2
2a00:1450:4001:800::2003
2a00:1450:4001:803::2003
2a00:1450:4001:80f::2008
2a00:1450:4001:813::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:831::200a
2a00:1450:400c:c06::9a
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f145:82:face:b00c:0:25de
2a05:d018:cc3:fe04:410e:c7a0:1d47:ccc0
4.227.249.197
52.217.134.0
68.219.88.97
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
33b2bde7aa56af1982fbd6942704212c020ff7db30b278b5dd9e6368008dc68c
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5046c1b4e86b0676ff88ff767b52ef09a08f488d9b4f0047957bc00198fc5ab4
5305f37611d8a8847f75c3e36c7143a7da13e24d5d11b0b2a7805f6857e55d97
5bc8f5e1ba8fb94182a3228c17aa288bf7c7f3b7e9d953f0197e8d9ff62a4aa2
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
61c67a0f10686494ef75d97fb454d0e8bd91241bcc5cc10b12d71c28dba85153
6c84348296ebe2e2a0830c3962eb02156419d9bc76371c2eadaf7329d827d550
700790ef0691ef232d85ae9cdb8bbd1309dc6db17ef6d871a4e6c4540c332d1c
75f2e438e76084ec2b3a10854daa7279c3451c6bbb54f26d365b93d6b6a06d70
77510c7f771f3958a035e11513181e5cc2785658a5e129379a1b0f098faf58f5
782cf2a10f37e2dfc8d08ca669b383007675bd3248a964c0e3f49e4e1a93f5bc
7e1dd5400b9d0fc47b4b801d59743349e22ab475bdcb5921203068d1b4073232
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a3ae75e36e5c7bb1fbbb70477e99379a7afe2c2a95a0d343bd2ce304fd529491
aa1d80cdf0990e97a21069ab16c048ef90a35df1165b87d19accabd7c4edc860
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
bcb3c2575f07d1453ccffaf792662a1d48da6f937dd7ee5be962ba8073c7b7ab
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c48cefc591121ae590063d95c3d520fe95839ecf9be1b4c96e76454377f51dc6
c4f5bb0d4909fe0dbd1715b71fc3724d85123f2f013d5dd3f7e5eba2c5b3015e
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
ce2bfbe4ff7f391f6ca826d9fe1ddf51523b3f2fa3c9448a7d27b67bb42990e5
cfd5a9ef3d785cd5d6d46d95170057c98a130577135d68a207373c9d04ef93f6
db49e2a04f7bb85287193a494c820f5e1d64a6c96be6d0e9784cfb1fb11d92c6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2c49f0bd652f4f76abd03c1712acb1bb6080a9479a4060681fdea8ef7a16d2e
f4e50a60c4e03ae490cd58f31da4d3dbfd8d16db9b8059803f4dc065659e85db
f84825c5b795ed16b9f319cbcf0cdeb3438c12ff80d6b2bc9ddc42a7785cc417
f9d52f08c8e0935d0faa310deb70dd67738ec9e9bf1fea2dacb6eac5cbbb7404

id.paypal.immigrationdirectstaging.com Open in urlscan Pro 24.199.76.188 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

50 Requests

98 %HTTPS

77 %IPv6

17 Domains

23 Subdomains

22 IPs

6 Countries

811 kBTransfer

2136 kBSize

19 Cookies

2 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

id.paypal.immigrationdirectstaging.com Open in urlscan Pro
24.199.76.188 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

98 %
HTTPS

77 %
IPv6

17
Domains

23
Subdomains

22
IPs

6
Countries

811 kB
Transfer

2136 kB
Size

19
Cookies

50 HTTP transactions
0 data transactions