urlscan.io logo urlscan.io
SecurityTrails logo

www.payback.de Open in urlscan Pro
45.60.14.82  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.payback.de//shop//hse
Effective URL: https://www.payback.de//shop//hse
Submission: On August 23 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 26 HTTP transactions. The main IP is 45.60.14.82, located in United States and belongs to INCAPSULA, US. The main domain is www.payback.de. The Cisco Umbrella rank of the primary domain is 183241.
TLS certificate: Issued by DigiCert EV RSA CA G2 on December 19th 2023. Valid for: a year.
This is the only time www.payback.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 45.60.14.82 19551 (INCAPSULA)
10 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
26 3
Apex Domain
Subdomains		 Transfer
15 payback.de
www.payback.de — Cisco Umbrella Rank: 183241
820 KB
10 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 554
176 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 1019
312 B
26 3
Domain Requested by
15 www.payback.de www.payback.de
10 cdn.cookielaw.org www.payback.de
cdn.cookielaw.org
1 geolocation.onetrust.com cdn.cookielaw.org
26 3

This site contains links to these domains. Also see Links.

Domain
www.payback.group
www.onetrust.com
Subject Issuer Validity Valid
www.payback.de
DigiCert EV RSA CA G2		 2023-12-19 -
2025-01-18		 a year crt.sh
cookielaw.org
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
geolocation.onetrust.com
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.payback.de//shop//hse
Frame ID: 1588F7FCB8923BFAF9769D21453F4BD3
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HSE » Online-Shoppen & °Punkte sammeln | PAYBACK

Page URL History Show full URLs

  1. http://www.payback.de//shop//hse HTTP 307
    https://www.payback.de//shop//hse Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

26
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

997 kB
Transfer

5130 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.payback.de//shop//hse HTTP 307
    https://www.payback.de//shop//hse Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request hse
www.payback.de//shop//
Redirect Chain
  • http://www.payback.de//shop//hse
  • https://www.payback.de//shop//hse
18 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
72c7a8f7b94d33a6880063f15ffc8c776c727dee454e06088d969c330ff20bc7
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Cache-Control
max-age=0
Content-Encoding
gzip
Content-Language
de
Content-Security-Policy
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Content-Type
text/html;charset=UTF-8
Date
Fri, 23 Aug 2024 18:48:26 GMT
Server
nginx
Strict-Transport-Security
max-age=2592000
Transfer-Encoding
chunked
Vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
Via
1.1 google
X-CDN
Imperva
X-Content-Security-Policy
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
X-Iinfo
7-160640291-160630944 PNNN RT(1724438906147 39) q(0 0 0 0) r(1 1) U24
X-Permitted-Cross-Domain-Policies
none
X-Request-ID
7e653736-75c2-4116-882a-d44df50aecae
X-WebKit-CSP
frame-ancestors *.payback.de
X-XSS-Protection
1; mode=block

Redirect headers

Location
https://www.payback.de//shop//hse
Non-Authoritative-Reason
HttpsUpgrades
portal-de-standalone-bundle.css
www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/ 		1 MB
94 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/portal-de-standalone-bundle.css
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
53c0b97c9e33b51881493097096ac6aa22ea8fa46bc20405615ed9459c0e94a4
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Fri, 23 Aug 2024 18:48:26 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
Via
1.1 google
Transfer-Encoding
chunked
X-Iinfo
7-160640291-160630944 SNNN RT(1724438906147 261) q(0 0 0 -1) r(0 0) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-XSS-Protection
1; mode=block
X-Request-ID
42efba2b-032f-43f2-98e7-8b7a7ef28c3f
Last-Modified
Tue, 23 Mar 2021 08:00:00 GMT
Server
nginx
ETag
W/"1356578-1616486400000"
vary
accept-encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
max-age=1209600
Accept-Ranges
bytes
X-WebKit-CSP
frame-ancestors https://*.payback.de
X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50377d1d3e7dcb2c8298feb8d2505099df1957e3700a358b993b4cf443fd36e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.payback.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Aug 2024 18:48:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
p+39a+/XEcZfNKybQjgXjA==
age
39927
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6882
x-ms-lease-status
unlocked
last-modified
Thu, 22 Aug 2024 17:41:35 GMT
server
cloudflare
etag
0x8DCC2D1AB4814B3
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
8a9bf38e-301e-0026-16c3-f4083e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b7d46de3f796958-FRA
pb-runtime-loader.js
www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/ 		88 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/pb-runtime-loader.js
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
a10e0e6f59a46cbbe62eb89e1097fd661d781e5d0f85c3f453a2b7d988a8e4cf
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Fri, 23 Aug 2024 18:48:26 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
Via
1.1 google
Transfer-Encoding
chunked
X-Iinfo
5-125758370-125750343 PNNy RT(1724438906415 14) q(0 0 0 -1) r(0 0) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-XSS-Protection
1; mode=block
X-Request-ID
203496f9-8b82-4a7f-8076-c8cd5f7ffd89
Last-Modified
Tue, 23 Mar 2021 08:00:00 GMT
Server
nginx
ETag
W/"90610-1616486400000"
vary
accept-encoding
Content-Type
application/javascript;charset=UTF-8
Cache-Control
max-age=1209600
Accept-Ranges
bytes
X-WebKit-CSP
frame-ancestors https://*.payback.de
X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
runtime.js
www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/runtime.js
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
e4dd0488cb80a25cfc8c119ad104e1be716d26cd55e92b3813a245cc6824ec45
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Fri, 23 Aug 2024 18:48:26 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
Via
1.1 google
Transfer-Encoding
chunked
X-Iinfo
7-160640291-160630944 SNNN RT(1724438906147 404) q(0 0 0 -1) r(0 0) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-XSS-Protection
1; mode=block
X-Request-ID
8d237bcc-bd86-4143-aa54-7669ff80a06b
Last-Modified
Tue, 23 Mar 2021 08:00:00 GMT
Server
nginx
ETag
W/"1542-1616486400000"
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Cache-Control
max-age=1209600
X-WebKit-CSP
frame-ancestors https://*.payback.de
X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
shared.74812f7963762a0811fc.js
www.payback.de/blueberry/static/portal-de-standalone-bundle/latest/dist/ 		351 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.payback.de/blueberry/static/portal-de-standalone-bundle/latest/dist/shared.74812f7963762a0811fc.js
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
7a4382d82523dc4ea3995bec57162b28b858f96698c75cde01c2f90dfc92056a
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Fri, 23 Aug 2024 18:48:26 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
Via
1.1 google
Transfer-Encoding
chunked
X-Iinfo
12-199714065-199698230 SNNy RT(1724438906415 158) q(0 0 0 -1) r(1 1) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-XSS-Protection
1; mode=block
X-Request-ID
1289e6d1-91fa-42f3-882f-3079624bee3d
Last-Modified
Tue, 23 Mar 2021 08:00:00 GMT
Server
nginx
ETag
W/"359109-1616486400000"
vary
accept-encoding
Content-Type
application/javascript;charset=UTF-8
Cache-Control
max-age=1209600
Accept-Ranges
bytes
X-WebKit-CSP
frame-ancestors https://*.payback.de
X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
vendor.2b027a9e6905b6066a0f.js
www.payback.de/blueberry/static/portal-de-standalone-bundle/latest/dist/ 		482 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.payback.de/blueberry/static/portal-de-standalone-bundle/latest/dist/vendor.2b027a9e6905b6066a0f.js
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
85e08aab8dc95577d91f9bd605f6b3db99f6b09715f4875867e6fd03c040a64e
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Fri, 23 Aug 2024 18:48:26 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
Via
1.1 google
Transfer-Encoding
chunked
X-Iinfo
12-199714065-199698230 SNNy RT(1724438906415 251) q(0 0 0 -1) r(1 1) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-XSS-Protection
1; mode=block
X-Request-ID
63d8004c-b41c-47e1-916f-3d5c49167aab
Last-Modified
Tue, 23 Mar 2021 08:00:00 GMT
Server
nginx
ETag
W/"493280-1616486400000"
vary
accept-encoding
Content-Type
application/javascript;charset=UTF-8
Cache-Control
max-age=1209600
Accept-Ranges
bytes
X-WebKit-CSP
frame-ancestors https://*.payback.de
X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
ab-test-is-anonymous.js
www.payback.de/resources/js/ 		26 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.payback.de/resources/js/ab-test-is-anonymous.js
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
a8e4eb24a21afb428b320c5eb32fcd5456456f05a26fc5c2b41de3bc77cb6b72
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Date
Fri, 23 Aug 2024 18:48:26 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Via
1.1 google
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Iinfo
7-160640315-160636838 PNYy RT(1724438906415 9) q(0 0 0 -1) r(0 0) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-XSS-Protection
1; mode=block
X-Request-ID
09f61925-7328-4e71-863f-a6e45c6507d8
Pragma
no-cache
Server
nginx
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
X-WebKit-CSP
frame-ancestors https://*.payback.de
Expires
0
main.js
www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/ 		2 MB
395 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/main.js
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
52388b27e9a90e18a77eaa40996002059bea4891e881bdda454031289d2c4993
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Fri, 23 Aug 2024 18:48:26 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
Via
1.1 google
Transfer-Encoding
chunked
X-Iinfo
7-160640291-160630944 SNNN RT(1724438906147 520) q(0 0 0 -1) r(1 1) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-XSS-Protection
1; mode=block
X-Request-ID
66bc3ab0-6ae9-4d1d-91f5-8996b8339ddf
Last-Modified
Tue, 23 Mar 2021 08:00:00 GMT
Server
nginx
ETag
W/"2047240-1616486400000"
vary
accept-encoding
Content-Type
application/javascript;charset=UTF-8
Cache-Control
max-age=1209600
Accept-Ranges
bytes
X-WebKit-CSP
frame-ancestors https://*.payback.de
X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
pb-logo-mobile-data.svg
www.payback.de/resource/blob/319000/662b42e90af3b4ed620ffe5b6b2aa918/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.payback.de/resource/blob/319000/662b42e90af3b4ed620ffe5b6b2aa918/pb-logo-mobile-data.svg
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
e1f4d7e8b0dcb7cf6519eebc01d5e51ecfab0773df764d9a44c28a2a1ec9f084
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Fri, 23 Aug 2024 18:48:26 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
Via
1.1 google
Transfer-Encoding
chunked
X-Iinfo
12-199714064-199713935 PNNy RT(1724438906415 25) q(0 0 0 -1) r(0 0) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-XSS-Protection
1; mode=block
X-Request-ID
19657ae8-5f2f-40a3-b2cc-5d8939a0430e
Server
nginx
ETag
W/"662b42e90af3b4ed620ffe5b6b2aa918"
Vary
Accept-Encoding
Content-Type
image/svg+xml;charset=UTF-8
Content-Language
de-DE
Cache-Control
max-age=15552000
X-WebKit-CSP
frame-ancestors https://*.payback.de
X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
payback-logo-desktop-data.svg
www.payback.de/resource/blob/318998/80866cc86cfa17ba354bfc4665090357/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.payback.de/resource/blob/318998/80866cc86cfa17ba354bfc4665090357/payback-logo-desktop-data.svg
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
70be629f652e1b97994afe83a19ea5e60a17d89b8f2dbd7f8d5544477bef73c3
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Fri, 23 Aug 2024 18:48:26 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
Via
1.1 google
Transfer-Encoding
chunked
X-Iinfo
12-199714065-199698230 PNNy RT(1724438906415 27) q(0 0 0 -1) r(0 0) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-XSS-Protection
1; mode=block
X-Request-ID
730f9900-8685-46e7-806b-38a4e870898e
Server
nginx
ETag
W/"80866cc86cfa17ba354bfc4665090357"
Vary
Accept-Encoding
Content-Type
image/svg+xml;charset=UTF-8
Content-Language
de-DE
Cache-Control
max-age=15552000
X-WebKit-CSP
frame-ancestors https://*.payback.de
X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
hse24_220x130.png
www.payback.de/res/mam/1/hse24_220x130/43/0/1/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.payback.de/res/mam/1/hse24_220x130/43/0/1/hse24_220x130.png
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
ae7f2d0bc40239f94ce8e329fad2f2c8c26751223f0bc17bd7f61b8d3dc45051
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.payback.de
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Fri, 23 Aug 2024 18:48:26 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Via
1.1 google
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
X-Iinfo
12-199714065-199698230 SNNy RT(1724438906415 96) q(0 0 0 -1) r(0 0) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Length
2980
X-XSS-Protection
1; mode=block
X-Request-ID
f16b4902-32f1-4a96-b665-ee12104f0454
Server
nginx
ETag
"5826dfe2bfbb7e9065cf5d69c382252b"
X-Frame-Options
ALLOW-FROM https://www.payback.de
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
image/png;charset=UTF-8
Content-Language
de
Cache-Control
max-age=600, must-revalidate
Accept-Ranges
bytes
X-WebKit-CSP
frame-ancestors https://*.payback.de
X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
_Incapsula_Resource
www.payback.de/ 		69 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.payback.de/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1935681846
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
7350473a3b2dcca2859f251fd396e0ddbae6c5dbd69e7cbcc90acb4fb4ca1ce5

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store
Content-Encoding
gzip
X-Robots-Tag
noindex
Content-Length
16884
Content-Type
application/javascript
b5290c5c-415b-4c0b-a4e1-25f3f002e97a.json
cdn.cookielaw.org/consent/b5290c5c-415b-4c0b-a4e1-25f3f002e97a/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/b5290c5c-415b-4c0b-a4e1-25f3f002e97a/b5290c5c-415b-4c0b-a4e1-25f3f002e97a.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62ae51a8991f986dc7ca08a2e9d2680f7d8016fb74443cd6a37060a4ee5b18c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.payback.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Aug 2024 18:48:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
18937
content-md5
OC6GHHlrqJrhDQqM0mRYtg==
content-length
1655
x-ms-lease-status
unlocked
last-modified
Thu, 11 Jul 2024 13:32:02 GMT
server
cloudflare
etag
0x8DCA1ADD929CEB7
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
e46c4d4a-501e-00d3-5196-d32c2f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b7d46dec8f237f6-FRA
expires
Sat, 24 Aug 2024 18:48:26 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		66 B
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.payback.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 23 Aug 2024 18:48:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
8b7d46df9d4f1ac7-FRA
access-control-allow-headers
Content-Type
payback_light-webfont.woff
www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/fonts/ 		82 KB
82 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/fonts/payback_light-webfont.woff
Requested by
Host: www.payback.de
URL: https://www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/portal-de-standalone-bundle.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
c0b00ab76d19327e40b9765e2f0e0996e45f473a0485fd2dfe5c89b03af26b2b
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de/blueberry/static/portal-de-standalone-bundle/2.125.0/dist/portal-de-standalone-bundle.css
Origin
https://www.payback.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Fri, 23 Aug 2024 18:48:26 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Via
1.1 google
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Iinfo
12-199714064-199713935 SNYy RT(1724438906415 322) q(0 0 0 -1) r(0 0) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-XSS-Protection
1; mode=block
X-Request-ID
308ffedb-b31f-4d57-8df8-7d9abe34723a
Last-Modified
Tue, 23 Mar 2021 08:00:00 GMT
Server
nginx
ETag
W/"83468-1616486400000"
Content-Type
application/font-woff;charset=UTF-8
Cache-Control
max-age=1209600
Accept-Ranges
bytes
X-WebKit-CSP
frame-ancestors https://*.payback.de
X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202406.1.0/ 		451 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.payback.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Aug 2024 18:48:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
7I5y/rp4ODu7ul89ty+epQ==
age
73299
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
112027
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:20:01 GMT
server
cloudflare
etag
0x8DCA5E56F667161
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
c05e064f-501e-009c-79cf-d7e837000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b7d46dfc9216958-FRA
_Incapsula_Resource
www.payback.de/ 		1 B
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.payback.de/_Incapsula_Resource?SWKMTFSR=1&e=0.2788637176726716
Requested by
Host: www.payback.de
URL: https://www.payback.de//shop//hse
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store
X-Robots-Tag
noindex
Content-Length
1
Content-Type
text/plain
de.json
cdn.cookielaw.org/consent/b5290c5c-415b-4c0b-a4e1-25f3f002e97a/019092d3-9a81-7bc0-9047-e790a1d5b9c4/ 		117 KB
26 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/b5290c5c-415b-4c0b-a4e1-25f3f002e97a/019092d3-9a81-7bc0-9047-e790a1d5b9c4/de.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5191b074d7048d7eb20af865e5a0926cdd35c1bab1fcfdb959fd0a087c94e8e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.payback.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Aug 2024 18:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
18937
content-md5
xkMnnnXlif3BDpUXcUzaZw==
content-length
25935
x-ms-lease-status
unlocked
last-modified
Thu, 11 Jul 2024 13:32:04 GMT
server
cloudflare
etag
0x8DCA1ADDA426806
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
bb012de1-401e-000b-2896-d38bfe000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b7d46e0bbcb37f6-FRA
expires
Sat, 24 Aug 2024 18:48:27 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.payback.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Aug 2024 18:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sHJXWIgDpMKY35PyRRy4zQ==
age
21849
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3003
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:19:54 GMT
server
cloudflare
etag
0x8DCA5E56B3084E2
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
ef24dc83-201e-0054-5c44-d87900000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b7d46e22df237f6-FRA
otPcTab.json
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/ 		64 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f782196e69b26506e8d7dd58efebf50eed2a2a5f22213840228c06e22cf326ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.payback.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Aug 2024 18:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sxVQu4bvJiVSEaVIG+YdHw==
age
21848
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
13838
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:19:56 GMT
server
cloudflare
etag
0x8DCA5E56CAA35E2
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
8f20e592-401e-006d-0844-d839a4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b7d46e22df537f6-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202406.1.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202406.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.payback.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Aug 2024 18:48:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
HyPJ72TNHxdfOI82cqKVqA==
age
21846
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 22:20:07 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
f6e5d18d-b01e-0051-5646-d88d7f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8b7d46e22dfa37f6-FRA
main-favicon.ico
www.payback.de/resource/blob/4506/b8323ff55b34054722769ae5652c22ae/ 		1 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.payback.de/resource/blob/4506/b8323ff55b34054722769ae5652c22ae/main-favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.14.82 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
a4c2233c07118cee579806a057747ec2ec4326d20592a8c674fc982c0821b137
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.payback.de
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.payback.de//shop//hse
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Fri, 23 Aug 2024 18:48:27 GMT
Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
X-CDN
Imperva
Via
1.1 google
Transfer-Encoding
chunked
X-Iinfo
7-160640291-160630944 SNNN RT(1724438906147 1033) q(0 0 0 -1) r(1 1) U24
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-XSS-Protection
1; mode=block
X-Request-ID
68132aac-816d-4c28-9e91-08bcacbe57bd
Server
nginx
ETag
W/"b8323ff55b34054722769ae5652c22ae"
Vary
Accept-Encoding
X-Frame-Options
ALLOW-FROM https://www.payback.de
Content-Type
image/x-icon;charset=UTF-8
Content-Language
de
Cache-Control
max-age=15552000
X-WebKit-CSP
frame-ancestors https://*.payback.de
X-Content-Security-Policy
frame-ancestors https://*.payback.de; report-uri /blueberry/servlet/handler/cspreporting
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
494 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202406.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.payback.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Aug 2024 18:48:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
84253
x-ms-lease-status
unlocked
last-modified
Thu, 22 Aug 2024 07:42:16 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
c061acc0-601e-0053-4bab-f48f85000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8b7d46e2ae7b37f6-FRA
data.png
cdn.cookielaw.org/logos/28741be1-478d-441a-9412-131417e580cf/8e3c893c-d402-4315-b155-f5c2cd329ca4/5aee315b-0623-4d96-8e4a-effa7345b52d/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/28741be1-478d-441a-9412-131417e580cf/8e3c893c-d402-4315-b155-f5c2cd329ca4/5aee315b-0623-4d96-8e4a-effa7345b52d/data.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ee97620c243f84a3d6ddcdac2d8220ddf049ff856e8c10d81bc2a4337f3c62c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.payback.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Aug 2024 18:48:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Uou31nRxR4F2Bp3vZFq1pg==
age
6624
content-length
7218
x-ms-lease-status
unlocked
last-modified
Tue, 04 Apr 2023 13:33:28 GMT
server
cloudflare
etag
0x8DB35112CD5F7EC
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
6669830b-801e-0033-12d1-9b1844000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8b7d46e2bc066958-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.payback.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 23 Aug 2024 18:48:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
66532
x-ms-lease-status
unlocked
last-modified
Thu, 22 Aug 2024 17:41:38 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
1d36a684-e01e-0085-41ce-f4c45f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8b7d46e2bc0b6958-FRA

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ShadyCSS object| WebComponents object| frontEndConfiguration object| postMessageBridge object| loader boolean| abTestLoginState object| webpackChunk_pbweb_portal_de_standalone_bundle_dist_ string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| _0x4082 function| _0x2408 object| litPropertyMetadata object| reactiveElementVersions object| litHtmlVersions object| litElementVersions object| AppMeasurement function| s_gi function| getPreviousValue object| s_pgicq object| Visitor object| html5 object| Modernizr object| respond function| $ function| JsBarcode function| Packery function| Masonry function| jQueryBridget function| bbSubmitRecaptchaEnrollmentForm object| @pbweb/portal-de-standalone-bundle/dist/main.[ext] function| OptanonWrapper object| Optanon object| OneTrust

7 Cookies

Domain/Path Name / Value
www.payback.de/ Name: JSESSIONID_BB
Value: AED49EE4E35BCA1CCBA3B62575BA29E0
www.payback.de/ Name: __Host-PD-XSRF-TOKEN
Value: 50ebcc87-2770-4ed3-8a99-df9f6c02c4d3
www.payback.de/ Name: BIGipServerpool_pde_e3_blueberry_cae_a
Value: !0Xt0dN1jFSbqnMsr/kDtZgFOKs0OKlswe9Mi9F/rQM3r71EaXSHmgWJ3B208K/uN4ggU2irYdlXA1GM=
www.payback.de/ Name: BIGipServerpool_pde_e3_lmsweb_httpd_a
Value: !0LSvWQJgPdxnfsYr/kDtZgFOKs0OKsj8nIhQv8pME2cSxwRcgT/wffByIlP0MzWuOoXAEluTTSMeYA==
.payback.de/ Name: visid_incap_860291
Value: LkFwGn/5T+2u5fkJmEVr5XrZyGYAAAAAQUIPAAAAAAB9HDpjofIM7CA0+LD155ii
.payback.de/ Name: incap_ses_246_860291
Value: fCU4Zia2xmSFETLIu/dpA3rZyGYAAAAAKVbgzMp/sY9GlSbYu5XiZg==
.payback.de/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Fri+Aug+23+2024+20%3A48%3A27+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202406.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=1b35e83d-2e69-4764-bad0-6bbe63b8ce5e&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fwww.payback.de%2F%2Fshop%2F%2Fhse&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.cookielaw.org
geolocation.onetrust.com
www.payback.de
2606:4700:4400::ac40:9b77
2606:4700::6812:572a
45.60.14.82
47407e3845cb067265a07cb279ccc7a38b927b0c2dc034b627f089115ac0d306
50377d1d3e7dcb2c8298feb8d2505099df1957e3700a358b993b4cf443fd36e8
52388b27e9a90e18a77eaa40996002059bea4891e881bdda454031289d2c4993
53c0b97c9e33b51881493097096ac6aa22ea8fa46bc20405615ed9459c0e94a4
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
62ae51a8991f986dc7ca08a2e9d2680f7d8016fb74443cd6a37060a4ee5b18c3
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6ee97620c243f84a3d6ddcdac2d8220ddf049ff856e8c10d81bc2a4337f3c62c
70be629f652e1b97994afe83a19ea5e60a17d89b8f2dbd7f8d5544477bef73c3
72c7a8f7b94d33a6880063f15ffc8c776c727dee454e06088d969c330ff20bc7
7350473a3b2dcca2859f251fd396e0ddbae6c5dbd69e7cbcc90acb4fb4ca1ce5
7a4382d82523dc4ea3995bec57162b28b858f96698c75cde01c2f90dfc92056a
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
85e08aab8dc95577d91f9bd605f6b3db99f6b09715f4875867e6fd03c040a64e
a10e0e6f59a46cbbe62eb89e1097fd661d781e5d0f85c3f453a2b7d988a8e4cf
a4c2233c07118cee579806a057747ec2ec4326d20592a8c674fc982c0821b137
a8e4eb24a21afb428b320c5eb32fcd5456456f05a26fc5c2b41de3bc77cb6b72
ae7f2d0bc40239f94ce8e329fad2f2c8c26751223f0bc17bd7f61b8d3dc45051
c0b00ab76d19327e40b9765e2f0e0996e45f473a0485fd2dfe5c89b03af26b2b
c5191b074d7048d7eb20af865e5a0926cdd35c1bab1fcfdb959fd0a087c94e8e
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
e1f4d7e8b0dcb7cf6519eebc01d5e51ecfab0773df764d9a44c28a2a1ec9f084
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4dd0488cb80a25cfc8c119ad104e1be716d26cd55e92b3813a245cc6824ec45
f782196e69b26506e8d7dd58efebf50eed2a2a5f22213840228c06e22cf326ff
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b