urlscan.io logo urlscan.io
SecurityTrails logo

www.sandbox.paypal.com Open in urlscan Pro
151.101.131.1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://backendmz2t.thesupportonline.net/paypal/ec-checkout
Effective URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Submission Tags: @ecarlesi possiblethreat phishing paypal Search All
Submission: On September 05 via api from IT — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 3 domains to perform 44 HTTP transactions. The main IP is 151.101.131.1, located in San Francisco, United States and belongs to FASTLY, US. The main domain is www.sandbox.paypal.com. The Cisco Umbrella rank of the primary domain is 75089.
TLS certificate: Issued by DigiCert EV RSA CA G2 on February 5th 2024. Valid for: a year.
This is the only time www.sandbox.paypal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 31.186.241.25 15570 (INAP-LON ...)
17 151.101.131.1 54113 (FASTLY)
18 192.229.221.25 15133 (EDGECAST)
4 151.101.67.1 54113 (FASTLY)
1 151.101.129.21 54113 (FASTLY)
1 2 34.147.177.40 396982 (GOOGLE-CL...)
3 151.101.3.1 54113 (FASTLY)
44 6
1    31.186.241.25 (Amsterdam, Netherlands)

ASN15570 (INAP-LON Internap European Autonomous System, GB)
backendmz2t.thesupportonline.net
17    151.101.131.1 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.sandbox.paypal.com
c.sandbox.paypal.com
18    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
4    151.101.67.1 (San Francisco, United States)

ASN54113 (FASTLY, US)
postcollector.paypal.com
1    151.101.129.21 (San Francisco, United States)

ASN54113 (FASTLY, US)
c.paypal.com
2    34.147.177.40 (London, United Kingdom)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 40.177.147.34.bc.googleusercontent.com
b.stats.paypal.com
lhr.stats.paypal.com
3    151.101.3.1 (San Francisco, United States)

ASN54113 (FASTLY, US)
t.paypal.com
Apex Domain
Subdomains		 Transfer
27 paypal.com
www.sandbox.paypal.com — Cisco Umbrella Rank: 75089
postcollector.paypal.com — Cisco Umbrella Rank: 790396
c.paypal.com — Cisco Umbrella Rank: 9523
c.sandbox.paypal.com — Cisco Umbrella Rank: 704348
b.stats.paypal.com — Cisco Umbrella Rank: 7102
lhr.stats.paypal.com — Cisco Umbrella Rank: 42963
t.paypal.com — Cisco Umbrella Rank: 4582
86 KB
18 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 3281
279 KB
1 thesupportonline.net
backendmz2t.thesupportonline.net
1 KB
44 3
Domain Requested by
18 www.paypalobjects.com www.sandbox.paypal.com
www.paypalobjects.com
12 www.sandbox.paypal.com www.paypalobjects.com
5 c.sandbox.paypal.com www.paypalobjects.com
4 postcollector.paypal.com www.paypalobjects.com
3 t.paypal.com
1 lhr.stats.paypal.com
1 b.stats.paypal.com 1 redirects
1 c.paypal.com www.paypalobjects.com
1 backendmz2t.thesupportonline.net 1 redirects
44 9

This site contains links to these domains. Also see Links.

Domain
backendmz2t.thesupportonline.net
Subject Issuer Validity Valid
www.sandbox.paypal.com
DigiCert EV RSA CA G2		 2024-02-05 -
2025-02-04		 a year crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-13 -
2025-06-12		 a year crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-21 -
2025-06-20		 a year crt.sh

This page contains 3 frames:

Primary Page: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Frame ID: 8D17250ACC351A226EBF0BE0219D694C
Requests: 38 HTTP requests in this frame

Frame: https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html
Frame ID: 65EF11CE03673D1866EAE03633C859E7
Requests: 1 HTTP requests in this frame

Frame: https://lhr.stats.paypal.com/v1/counter2.cgi?r=cD1CQS0ySkMyMDkzNFVQMzk1NDkxMyZpPTMxLjIwNC4xNTAuMTM5JnQ9MTcyNTUwODg0MC42JmE9MjEmcz1VTklGSUVEX0xPR0lO6VAlmOyKCS-hOAlW8QdZtDj_Z5E
Frame ID: 82B256EA77C85CDDBD630D28C867DA26
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in op je PayPal-rekening

Page URL History Show full URLs

  1. https://backendmz2t.thesupportonline.net/paypal/ec-checkout HTTP 302
    https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Page Statistics

44
Requests

98 %
HTTPS

0 %
IPv6

3
Domains

9
Subdomains

6
IPs

3
Countries

364 kB
Transfer

1249 kB
Size

20
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://backendmz2t.thesupportonline.net/paypal/ec-checkout HTTP 302
    https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35
  • https://b.stats.paypal.com/v1/counter.cgi?r=cD1CQS0ySkMyMDkzNFVQMzk1NDkxMyZpPTMxLjIwNC4xNTAuMTM5JnQ9MTcyNTUwODg0MC42JmE9MjEmcz1VTklGSUVEX0xPR0lO6VAlmOyKCS-hOAlW8QdZtDj_Z5E HTTP 302
  • https://lhr.stats.paypal.com/v1/counter2.cgi?r=cD1CQS0ySkMyMDkzNFVQMzk1NDkxMyZpPTMxLjIwNC4xNTAuMTM5JnQ9MTcyNTUwODg0MC42JmE9MjEmcz1VTklGSUVEX0xPR0lO6VAlmOyKCS-hOAlW8QdZtDj_Z5E

44 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request webscr
www.sandbox.paypal.com/
Redirect Chain
  • https://backendmz2t.thesupportonline.net/paypal/ec-checkout
  • https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
31 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5e5569161569d71fed0ef6a919d9a09ef1091312ab5b53431ab9e9fef1d4500f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-NKRosREelVdOgaDlhRqX0p513B477tV8ljYnaxe1mCTcNhGd' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
accept-ranges
bytes
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-NKRosREelVdOgaDlhRqX0p513B477tV8ljYnaxe1mCTcNhGd' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Thu, 05 Sep 2024 04:00:40 GMT
etag
W/"7979-dt98cXrlBbqnbtD+j1t0LfcCnco"
http_x_pp_az_locator
ccg18.slc
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f9687667dcda8
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server-timing
content-encoding;desc=gzip
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f9687667dcda8-5100bffc3d5ae5d5-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-content-type-options
nosniff
x-served-by
cache-fra-eddf8230127-FRA, cache-fra-eddf8230127-FRA, cache-ams21023-AMS
x-sigsci-origin-status
200
x-timer
S1725508840.573026,VS0,VE1126
x-xss-protection
1; mode=block

Redirect headers

Cache-Control
no-cache, private
Connection
Keep-Alive
Content-Length
604
Content-Type
text/html; charset=UTF-8
Date
Thu, 05 Sep 2024 04:00:23 GMT
Keep-Alive
timeout=5, max=100
Location
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Server
Apache/2.4.46 (Ubuntu)
ngrlCaptcha.min.js
www.paypalobjects.com/webcaptcha/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Requested by
Host: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48F2) /
Resource Hash
d81bfefd8585b694222d3e94e9dee5d7935049c65355f9fd096800301d51545b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
518c49ba7249b
dc
ccg11-origin-www-1.paypal.com
content-length
6757
last-modified
Wed, 17 Jul 2024 16:51:14 GMT
server
ECAcc (ama/48F2)
traceparent
00-0000000000000000000518c49ba7249b-d0e4bb5497f646fc-01
etag
W/"6697f682-5a55"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 05 Sep 2024 05:00:40 GMT
contextualLoginElementalUIv5.css
www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/css/ 		192 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/css/contextualLoginElementalUIv5.css
Requested by
Host: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48B0) /
Resource Hash
4ad0286f0a79554f19dc084f7752558d20b2ef3bfc7ddb046c40ea29e881c90a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
d2e936240a61f
dc
ccg11-origin-www-1.paypal.com
content-length
30119
last-modified
Fri, 30 Aug 2024 21:11:53 GMT
server
ECAcc (ama/48B0)
traceparent
00-0000000000000000000d2e936240a61f-3e4f852aadcdb3d0-01
etag
W/"66d23599-3008e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Fri, 05 Sep 2025 04:00:40 GMT
modernizr-2.6.1.js
www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/js/lib/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/js/lib/modernizr-2.6.1.js
Requested by
Host: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48B0) /
Resource Hash
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
c3c74281869c4
dc
ccg11-origin-www-1.paypal.com
content-length
1788
last-modified
Fri, 30 Aug 2024 21:11:56 GMT
server
ECAcc (ama/48B0)
traceparent
00-0000000000000000000c3c74281869c4-960819ea97069c46-01
etag
W/"66d2359c-edf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Fri, 05 Sep 2025 04:00:40 GMT
close.svg
www.paypalobjects.com/paypal-ui/icons/v3/svg/ 		289 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/paypal-ui/icons/v3/svg/close.svg
Requested by
Host: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/488E) /
Resource Hash
47096fcf22c58f177936f84eac91ef9113639043881ee6de5358162077fd62b0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
85f58dab33656
dc
ccg11-origin-www-1.paypal.com
content-length
181
last-modified
Thu, 12 May 2022 21:24:27 GMT
server
ECAcc (ama/488E)
traceparent
00-000000000000000000085f58dab33656-d70af9daef0a7009-01
etag
W/"627d7b0b-121"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 05 Sep 2024 05:00:40 GMT
icon-PN-check.png
www.paypalobjects.com/images/shared/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/shared/icon-PN-check.png
Requested by
Host: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48E0) /
Resource Hash
4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
b30183cafa1e5
dc
ccg11-origin-www-1.paypal.com
content-length
2236
last-modified
Sat, 13 Feb 2021 00:20:23 GMT
accept-ch
DPR, Viewport-Width, Width, ECT, Downlink
server
ECAcc (ama/48E0)
traceparent
00-0000000000000000000b30183cafa1e5-59eeae2e4b9ec5a1-01
etag
"60271b47-8bc"
content-type
image/png
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 05 Sep 2024 05:00:40 GMT
glyph_alert_critical_big-2x.png
www.paypalobjects.com/images/shared/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png
Requested by
Host: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48C1) /
Resource Hash
13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
7e4aca33794e3
dc
ccg11-origin-www-1.paypal.com
content-length
5828
last-modified
Fri, 12 Sep 2014 15:08:04 GMT
accept-ch
DPR, Viewport-Width, Width, ECT, Downlink
server
ECAcc (ama/48C1)
traceparent
00-00000000000000000007e4aca33794e3-0f9a8994d0e013d4-01
etag
"54130c54-16c4"
content-type
image/png
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 05 Sep 2024 05:00:40 GMT
fn-sync-telemetry-min.js
www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/js/lib/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/js/lib/fn-sync-telemetry-min.js
Requested by
Host: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48BE) /
Resource Hash
8b202d5bd55968ce4bfc21c063166eaebe62104275ce7ec362d78b64b2581c95
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
8bfb2d314e784
dc
ccg11-origin-www-1.paypal.com
content-length
2303
last-modified
Fri, 30 Aug 2024 21:11:56 GMT
server
ECAcc (ama/48BE)
traceparent
00-00000000000000000008bfb2d314e784-78781dccd19bf8e6-01
etag
W/"66d2359c-159e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Fri, 05 Sep 2025 04:00:40 GMT
checkout-split.js
www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/js/ 		255 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/js/checkout-split.js
Requested by
Host: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48B6) /
Resource Hash
f61339cc18d9c63deefc0f642e13c7a43fc0ace7e1dd582c443b33a4ccaadcd6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
5ef37cd73391e
dc
ccg11-origin-www-1.paypal.com
content-length
59287
last-modified
Fri, 30 Aug 2024 21:11:56 GMT
server
ECAcc (ama/48B6)
traceparent
00-00000000000000000005ef37cd73391e-ec99a8498de1c697-01
etag
W/"66d2359c-3fa58"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Fri, 05 Sep 2025 04:00:40 GMT
pa.js
www.paypalobjects.com/pa/js/min/ 		68 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/js/min/pa.js
Requested by
Host: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48F0) /
Resource Hash
06d26b40ac30d4f467f2dd70e5f81547210f8bd465c9648b26cd7af3ae9b55f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
191ec819af425
dc
ccg11-origin-www-1.paypal.com
content-length
25683
last-modified
Wed, 04 Sep 2024 22:54:50 GMT
server
ECAcc (ama/48F0)
traceparent
00-0000000000000000000191ec819af425-4c202fb6aa8e7fe9-01
etag
"66d8e53a-111a7+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Thu, 05 Sep 2024 05:00:40 GMT
grcenterprise_v3_static.js
www.paypalobjects.com/webcaptcha/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.js
Requested by
Host: www.sandbox.paypal.com
URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48B8) /
Resource Hash
75c159c9974a7207171cf1f4ed302f91f90ae95233fdd64e994fd66ada89ab20
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
09d846e0181a0
dc
ccg11-origin-www-1.paypal.com
content-length
1829
last-modified
Wed, 13 Mar 2024 17:36:44 GMT
server
ECAcc (ama/48B8)
traceparent
00-000000000000000000009d846e0181a0-03b7f9ee2b5df5e3-01
etag
W/"65f1e42c-180e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 05 Sep 2024 05:00:40 GMT
paypal-mark-color.svg
www.paypalobjects.com/paypal-ui/logos/svg/ 		1 KB
693 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/paypal-ui/logos/svg/paypal-mark-color.svg
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/css/contextualLoginElementalUIv5.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48B5) /
Resource Hash
f9035e34f5734e89ddb03b601b1c0fd58323a93f176c5c7e220d7aa7a2062ed5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/css/contextualLoginElementalUIv5.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
12ee90be25800
dc
ccg11-origin-www-1.paypal.com
content-length
548
last-modified
Wed, 15 Jun 2022 22:33:20 GMT
server
ECAcc (ama/48B5)
traceparent
00-000000000000000000012ee90be25800-8f8432431226388b-01
etag
W/"62aa5e30-436"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 05 Sep 2024 05:00:40 GMT
PayPalOpen-Regular.woff2
www.paypalobjects.com/paypal-ui/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/paypal-ui/fonts/PayPalOpen-Regular.woff2
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/css/contextualLoginElementalUIv5.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48D9) /
Resource Hash
9ae7b95f034d76b21aaf8fcc0cdd39f4ba7ba59dd9751348a32c7e5cfdfdb6df
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/css/contextualLoginElementalUIv5.css
Origin
https://www.sandbox.paypal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
b91a21d0ebb71
dc
ccg11-origin-www-1.paypal.com
content-length
27457
last-modified
Thu, 02 Jun 2022 17:26:24 GMT
server
ECAcc (ama/48D9)
traceparent
00-0000000000000000000b91a21d0ebb71-36652096df351584-01
etag
"6298f2c0-6b41"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 05 Sep 2024 05:00:40 GMT
PayPalOpen-Medium.woff2
www.paypalobjects.com/paypal-ui/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/paypal-ui/fonts/PayPalOpen-Medium.woff2
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/css/contextualLoginElementalUIv5.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48A6) /
Resource Hash
8d0e74dfe39c809f2dde1119f404841405d107fa40165669ea74fca51722311b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/css/contextualLoginElementalUIv5.css
Origin
https://www.sandbox.paypal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
4c69efffb995d
dc
ccg11-origin-www-1.paypal.com
content-length
27633
last-modified
Thu, 11 Jan 2024 20:08:22 GMT
server
ECAcc (ama/48A6)
traceparent
00-00000000000000000004c69efffb995d-5f2e2b76c3932c5e-01
etag
"65a04ab6-6bf1"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 05 Sep 2024 05:00:40 GMT
latmconf.js
www.paypalobjects.com/pa/mi/paypal/ 		321 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/mi/paypal/latmconf.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/js/min/pa.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48A7) /
Resource Hash
f8fd37b2b5e2c25c13f0875d52cdb66df06ce33e0e7ae95ea71aa693114023f7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
Origin
https://www.sandbox.paypal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
dcc53c0e8b841
dc
ccg11-origin-www-1.paypal.com
content-length
35442
last-modified
Wed, 04 Sep 2024 22:54:50 GMT
server
ECAcc (ama/48A7)
traceparent
00-0000000000000000000dcc53c0e8b841-eaa3284248c0f6d6-01
etag
W/"66d8e53a-502cf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Thu, 05 Sep 2024 05:00:40 GMT
grcenterprise_v3_static.html
www.paypalobjects.com/webcaptcha/ Frame 65EF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48EE) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
2064
content-type
text/html
date
Thu, 05 Sep 2024 04:00:41 GMT
dc
ccg11-origin-www-1.paypal.com
etag
"6633898b-19bd+gzip"
expires
Thu, 05 Sep 2024 05:00:41 GMT
last-modified
Thu, 02 May 2024 12:39:39 GMT
paypal-debug-id
ad908e8d795de
server
ECAcc (ama/48EE)
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-0000000000000000000ad908e8d795de-f24794bcd434966d-01
vary
Accept-Encoding
x-cache
HIT
x-content-type-options
nosniff
patleaf.js
www.paypalobjects.com/pa/3pjs/tl/6.4.65/ 		154 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/tl/6.4.65/patleaf.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/js/min/pa.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48A5) /
Resource Hash
5a0ea7e0ead74c66f762b54be56abacf5a9e284935c07d67e4801bc833ab12cf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
Origin
https://www.sandbox.paypal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
343acb8df6b89
dc
ccg11-origin-www-1.paypal.com
content-length
50665
last-modified
Wed, 04 Sep 2024 22:54:50 GMT
server
ECAcc (ama/48A5)
traceparent
00-0000000000000000000343acb8df6b89-438c02cea8cd98b4-01
etag
"66d8e53a-267db+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Thu, 05 Sep 2024 05:00:41 GMT
sandboxpatlcfg.js
www.paypalobjects.com/pa/3pjs/tl/6.4.65/sandbox/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/tl/6.4.65/sandbox/sandboxpatlcfg.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/js/min/pa.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48BF) /
Resource Hash
d62ce55eafd625dbe9d16c9b16867703406313db3e17e9d3c55d898c76cc6d21
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
Origin
https://www.sandbox.paypal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
9e073bb571019
dc
ccg11-origin-www-1.paypal.com
content-length
2663
last-modified
Wed, 04 Sep 2024 22:54:50 GMT
server
ECAcc (ama/48BF)
traceparent
00-00000000000000000009e073bb571019-46b2c76bad56a049-01
etag
"66d8e53a-18f2+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Thu, 05 Sep 2024 05:00:41 GMT
76938917d7504ff7a962174c021690bd
postcollector.paypal.com/collector/switch/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://postcollector.paypal.com/collector/switch/76938917d7504ff7a962174c021690bd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Accept
*/*
Access-Control-Request-Headers
x-requested-with
Access-Control-Request-Method
GET
Origin
https://www.sandbox.paypal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
x-requested-with
access-control-allow-methods
GET
access-control-allow-origin
https://www.sandbox.paypal.com
access-control-max-age
3600
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length
0
date
Thu, 05 Sep 2024 04:00:41 GMT
server
istio-envoy
strict-transport-security
max-age=31557600
vary
Accept-Encoding,Origin
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-envoy-upstream-service-time
0
x-served-by
cache-bru1480049-BRU
x-timer
S1725508841.127503,VS0,VE335
76938917d7504ff7a962174c021690bd
postcollector.paypal.com/collector/switch/ 		1 B
149 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://postcollector.paypal.com/collector/switch/76938917d7504ff7a962174c021690bd
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
X-Requested-With
XMLHttpRequest

Response headers

date
Thu, 05 Sep 2024 04:00:41 GMT
content-encoding
gzip
via
1.1 varnish
strict-transport-security
max-age=31557600
age
0
x-cache
MISS
x-envoy-upstream-service-time
1
nodeid
wscollector-5df4f448c7-mskjn
content-length
21
x-served-by
cache-bru1480049-BRU
dcname
prod-dal
server
istio-envoy
x-timer
S1725508841.481381,VS0,VE336
vary
Accept-Encoding,Origin
content-type
application/json
access-control-allow-origin
https://www.sandbox.paypal.com
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
client-log
www.sandbox.paypal.com/signin/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/signin/client-log
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
18799214bb5fd7129e094b4dfb058189fb9b93755a27ffcb586bcfccea9f4fbd
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-1fkkpQMK5mnILElK4TTkjnSS5o+sZV4cZ9T7BHczWkMaMNY2' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-1fkkpQMK5mnILElK4TTkjnSS5o+sZV4cZ9T7BHczWkMaMNY2' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
x-sigsci-origin-status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f417051552fa6
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=gzip
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230064-FRA, cache-fra-eddf8230064-FRA, cache-ams21023-AMS
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f417051552fa6-b9b6b4ecf8fa1b12-01
x-timer
S1725508841.081552,VS0,VE216
etag
W/"848-fgbpbTaM0BhfqOxpPpENQM1pJoU"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
bytes
x-cache-hits
0, 0, 0
fb_fp.js
c.paypal.com/da/r/ 		63 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/da/r/fb_fp.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/web/res/f10/76fd8d2e17ddb54f60145dc3f98b5/js/checkout-split.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ECAcc (ama/489B) /
Resource Hash
b6c8e6c9ef42a1509be875834572e7289a2e5d5dbcda1f7ec0d5cad73dab67b7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Fri, 06 Sep 2024 04:00:41 GMT
date
Thu, 05 Sep 2024 04:00:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
via
1.1 varnish
age
796950
x-cache
HIT, HIT
paypal-debug-id
cf772de487428
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
22036
x-served-by
cache-ams21038-AMS
last-modified
Wed, 14 Aug 2024 01:02:42 GMT
server
ECAcc (ama/489B)
traceparent
00-0000000000000000000cf772de487428-2e7bf41239a74c4e-01
x-timer
S1725508841.131481,VS0,VE1
etag
W/"66bc0232-fc83"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=86400
access-control-allow-credentials
false
access-control-max-age
86400
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
x-csrf-token
x-cache-hits
2504
client-log
www.sandbox.paypal.com/signin/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/signin/client-log
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
80a25e3da5a2fef05592309bafebea8195b88863cc86cf915927c4b17188a013
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-lceWyleSlEeNlq/tLsRcdE2/nr4XS6MOtKg9VGaXPiwnix9x' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-lceWyleSlEeNlq/tLsRcdE2/nr4XS6MOtKg9VGaXPiwnix9x' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
x-sigsci-origin-status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f4170513654a5
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=gzip
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230121-FRA, cache-fra-eddf8230121-FRA, cache-ams21023-AMS
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f4170513654a5-83ce0c98ab2d6944-01
x-timer
S1725508841.085004,VS0,VE240
etag
W/"792-Na5Bxb3D8zReOEnGaKhZLv1GjXw"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
bytes
x-cache-hits
0, 0, 0
client-log
www.sandbox.paypal.com/signin/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/signin/client-log
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f398332095b5ad5089951f01700232e75f1f7195382e004cd82b4c8c0e6cc417
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-OvceHCWD5LmXDXLp2oYz73l9QRtVg4ukJ6hERCxTTlKRDW+r' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-OvceHCWD5LmXDXLp2oYz73l9QRtVg4ukJ6hERCxTTlKRDW+r' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
x-sigsci-origin-status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f4170519b5444
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=gzip
x-xss-protection
1; mode=block
x-served-by
cache-fra-etou8220048-FRA, cache-fra-etou8220048-FRA, cache-ams21023-AMS
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f4170519b5444-b76953bcc5ca0b85-01
x-timer
S1725508841.086885,VS0,VE249
etag
W/"7b7-EMCIlbsLgBb6NEEeV2o4+uVI1OU"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
bytes
x-cache-hits
0, 0, 0
client-log
www.sandbox.paypal.com/signin/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/signin/client-log
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
93ef042464833a1b53b3625c636a82d19c74b977b532598db99dd078f432b24c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-QqYtQuyseocs3nOQFRA76xaAG3JW0lpSYFJDWUk1Cov2b93o' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-QqYtQuyseocs3nOQFRA76xaAG3JW0lpSYFJDWUk1Cov2b93o' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 04:00:42 GMT
via
1.1 varnish, 1.1 varnish
x-sigsci-origin-status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f417051208f4c
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=gzip
x-xss-protection
1; mode=block
x-served-by
cache-fra-etou8220065-FRA, cache-fra-etou8220136-FRA, cache-ams21023-AMS
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f417051208f4c-653a4b8e9ffd4e96-01
x-timer
S1725508841.095944,VS0,VE1091
etag
W/"801-90F7ghgDHJ+Y2VZ6Gsq8dgtUHPc"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
bytes
x-cache-hits
0, 0, 0
client-log
www.sandbox.paypal.com/signin/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/signin/client-log
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6eb42d5d8a77edb9b58e1a1636026d30bf894349d76878b23767a2972aa4c291
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-q/+SZcKF85F43z2RkoWvpS9rpiaR9J5sZ3eBUq22SV26GX+H' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-q/+SZcKF85F43z2RkoWvpS9rpiaR9J5sZ3eBUq22SV26GX+H' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
x-sigsci-origin-status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f417051595e68
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=gzip
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230085-FRA, cache-fra-eddf8230085-FRA, cache-ams21023-AMS
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f417051595e68-aa99551fcebf315f-01
x-timer
S1725508841.096130,VS0,VE624
etag
W/"7fe-0hAbHY4j1wxZZlPu213uoDZQjbk"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
bytes
x-cache-hits
0, 0, 0
cookie-banner
www.sandbox.paypal.com/signin/ 		19 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/signin/cookie-banner?flowId=EC-2XF48138WL5894707&cookieBannerVariant=hidden&
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9dfa418f264ab036bb757a4fe09c634a88d2a84e3f479b5c126cc3de0169e821
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-EBZpkDsUuQLKFukef3kz9SkMigL7guFAIDBd+NPLCz7IGwsB' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-EBZpkDsUuQLKFukef3kz9SkMigL7guFAIDBd+NPLCz7IGwsB' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
x-sigsci-origin-status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f41705142d600
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=gzip
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230022-FRA, cache-fra-eddf8230022-FRA, cache-ams21023-AMS
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f41705142d600-eca11ab87846af0e-01
x-timer
S1725508841.095937,VS0,VE244
etag
W/"4db7-lDs5JgrsFznnpcL96U/307O56dA"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
bytes
x-cache-hits
0, 0, 0
load-resource
www.sandbox.paypal.com/signin/ 		17 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/signin/load-resource
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ecf58114cb9eeb6b3fd3308b09d7a7727ecc14ee95e915ad9352190b3b05a744
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-whq8ZmiITzPQWtR1FMq/sVNHo0LpsWC6wvcSzeH19wsEunLo' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-whq8ZmiITzPQWtR1FMq/sVNHo0LpsWC6wvcSzeH19wsEunLo' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
x-sigsci-origin-status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f41705142db9e
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=gzip
x-xss-protection
1; mode=block
x-served-by
cache-fra-etou8220046-FRA, cache-fra-etou8220071-FRA, cache-ams21023-AMS
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f41705142db9e-3418157af6c52800-01
x-timer
S1725508841.096859,VS0,VE837
etag
W/"44e5-rkuK5cTnXrTk8dsSklsDFrrK59A"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
bytes
x-cache-hits
0, 0, 0
client-log
www.sandbox.paypal.com/signin/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/signin/client-log
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
559e4950f6081149d3ae380b3ff48a862a373b237b5bba4b8877c7e2dc143756
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-Y3IQGYaNhWp0TbrwMHIJdqUkruIJ+PGjDBf8IF8XdVWvTJ6D' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-Y3IQGYaNhWp0TbrwMHIJdqUkruIJ+PGjDBf8IF8XdVWvTJ6D' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
x-sigsci-origin-status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f417051305ce6
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=gzip
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230072-FRA, cache-fra-eddf8230072-FRA, cache-ams21023-AMS
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f417051305ce6-4fc4a1033fbfdeda-01
x-timer
S1725508841.096818,VS0,VE243
etag
W/"796-Lcp2KCcdErlukX8FJk5AJnHKiNY"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
bytes
x-cache-hits
0, 0, 0
client-log
www.sandbox.paypal.com/signin/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/signin/client-log
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c1a3c014d67502d4176bebd6364ab500b9b7e77750b20983622e55aee9a4d3d7
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-kuktTdo6r8XdXgruq5xvptNCnB6BokEDPlYJNRfUPx6rO1Dv' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-kuktTdo6r8XdXgruq5xvptNCnB6BokEDPlYJNRfUPx6rO1Dv' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
x-sigsci-origin-status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f41705118dbda
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=gzip
x-xss-protection
1; mode=block
x-served-by
cache-fra-etou8220041-FRA, cache-fra-etou8220056-FRA, cache-ams21023-AMS
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f41705118dbda-bdfe06fe9d247f1b-01
x-timer
S1725508841.097557,VS0,VE235
etag
W/"796-WLEZAD3VypmBf8CnMgJkaXh8ijU"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
bytes
x-cache-hits
0, 0, 0
client-log
www.sandbox.paypal.com/signin/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/signin/client-log
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c0064a1ea62feb9104cba34963e2b04c55487c2af299839a1917e23e1dc1aa32
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-RmAqvJY0Zzi1f9t2nwhzP7GJbXF0gMMoBIKd0Sfxp3t4jnFO' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-RmAqvJY0Zzi1f9t2nwhzP7GJbXF0gMMoBIKd0Sfxp3t4jnFO' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
x-sigsci-origin-status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f417051027834
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=gzip
x-xss-protection
1; mode=block
x-served-by
cache-fra-eddf8230078-FRA, cache-fra-eddf8230078-FRA, cache-ams21023-AMS
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f417051027834-7f12eaf07716a7b2-01
x-timer
S1725508841.102431,VS0,VE618
etag
W/"7c1-692ANGjXsTSaMdnRuUrzWrMIYpE"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
bytes
x-cache-hits
0, 0, 0
pp_favicon_x.ico
www.paypalobjects.com/en_US/i/icon/ 		5 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48D5) /
Resource Hash
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
73592894eaa90
dc
ccg11-origin-www-1.paypal.com
content-length
1403
last-modified
Fri, 16 Aug 2019 04:57:33 GMT
server
ECAcc (ama/48D5)
traceparent
00-000000000000000000073592894eaa90-f4527ebd9ace7e70-01
etag
W/"5d5637bd-1536"
vary
Accept-Encoding
content-type
image/x-icon
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Thu, 05 Sep 2024 05:00:41 GMT
p1
c.sandbox.paypal.com/v1/r/d/b/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c.sandbox.paypal.com/v1/r/d/b/p1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.sandbox.paypal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
none
access-control-allow-credentials
true
access-control-allow-headers
Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST
access-control-allow-origin
https://www.sandbox.paypal.com
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
br
correlation-id
f41705142cca4
date
Thu, 05 Sep 2024 04:00:41 GMT
http_x_pp_az_locator
ccg18.slc
paypal-debug-id
f41705142cca4
server-timing
content-encoding;desc=br
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f41705142cca4-91cbd6b9d16c34a7-01
vary
accept-encoding
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-served-by
cache-fra-eddf8230093-FRA, cache-fra-eddf8230159-FRA, cache-ams21024-AMS
x-sigsci-origin-status
200
x-timer
S1725508841.243454,VS0,VE558
p2
c.sandbox.paypal.com/v1/r/d/b/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c.sandbox.paypal.com/v1/r/d/b/p2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.sandbox.paypal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
none
access-control-allow-credentials
true
access-control-allow-headers
Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST
access-control-allow-origin
https://www.sandbox.paypal.com
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
br
correlation-id
f41705171405c
date
Thu, 05 Sep 2024 04:00:41 GMT
http_x_pp_az_locator
ccg18.slc
paypal-debug-id
f41705171405c
server-timing
content-encoding;desc=br
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f41705171405c-965a0a68c1b3ed28-01
vary
accept-encoding
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS, MISS
x-cache-hits
0, 0, 0
x-served-by
cache-fra-etou8220092-FRA, cache-fra-etou8220092-FRA, cache-ams21024-AMS
x-sigsci-origin-status
200
x-timer
S1725508841.243451,VS0,VE557
p1
c.sandbox.paypal.com/v1/r/d/b/ 		213 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.sandbox.paypal.com/v1/r/d/b/p1
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f5efce5785235a383db787c2c6d709467e76d6efc194e9320b835e46005a07df
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.sandbox.paypal.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 05 Sep 2024 04:00:42 GMT
via
1.1 varnish, 1.1 varnish
content-encoding
br
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-sigsci-origin-status
200
x-cache
MISS, MISS, MISS
p3p
policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id
f11472452cd07
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=br
x-served-by
cache-fra-etou8220028-FRA, cache-fra-etou8220069-FRA, cache-ams21023-AMS
correlation-id
f11472452cd07
traceparent
00-0000000000000000000f11472452cd07-51f643eeac4c02c6-01
x-timer
S1725508842.819275,VS0,VE630
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.sandbox.paypal.com
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
none
x-cache-hits
0, 0, 0
p2
c.sandbox.paypal.com/v1/r/d/b/ 		125 B
946 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.sandbox.paypal.com/v1/r/d/b/p2
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a772318a0b9cb9efe392233fb88a2636e827bb52f414291fac9ede616058e538
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.sandbox.paypal.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 05 Sep 2024 04:00:42 GMT
via
1.1 varnish, 1.1 varnish
content-encoding
br
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-sigsci-origin-status
200
x-cache
MISS, MISS, MISS
p3p
policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id
f114724c76fc7
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=br
x-served-by
cache-fra-etou8220150-FRA, cache-fra-etou8220150-FRA, cache-ams21023-AMS
correlation-id
f114724c76fc7
traceparent
00-0000000000000000000f114724c76fc7-bc58625210045559-01
x-timer
S1725508842.818373,VS0,VE596
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.sandbox.paypal.com
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
none
x-cache-hits
0, 0, 0
counter2.cgi
lhr.stats.paypal.com/v1/ Frame 82B2
Redirect Chain
  • https://b.stats.paypal.com/v1/counter.cgi?r=cD1CQS0ySkMyMDkzNFVQMzk1NDkxMyZpPTMxLjIwNC4xNTAuMTM5JnQ9MTcyNTUwODg0MC42JmE9MjEmcz1VTklGSUVEX0xPR0lO6VAlmOyKCS-hOAlW8QdZtDj_Z5E
  • https://lhr.stats.paypal.com/v1/counter2.cgi?r=cD1CQS0ySkMyMDkzNFVQMzk1NDkxMyZpPTMxLjIwNC4xNTAuMTM5JnQ9MTcyNTUwODg0MC42JmE9MjEmcz1VTklGSUVEX0xPR0lO6VAlmOyKCS-hOAlW8QdZtDj_Z5E
42 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lhr.stats.paypal.com/v1/counter2.cgi?r=cD1CQS0ySkMyMDkzNFVQMzk1NDkxMyZpPTMxLjIwNC4xNTAuMTM5JnQ9MTcyNTUwODg0MC42JmE9MjEmcz1VTklGSUVEX0xPR0lO6VAlmOyKCS-hOAlW8QdZtDj_Z5E
Protocol
HTTP/1.1
Server
34.147.177.40 London, United Kingdom, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
40.177.147.34.bc.googleusercontent.com
Software
PayPal-B.Stats/1.0 /
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Thu, 05 Sep 2024 04:00:41 GMT
Server
PayPal-B.Stats/1.0
Connection
close
Content-Length
42
Content-Type
image/jpeg

Redirect headers

Location
https://lhr.stats.paypal.com/v1/counter2.cgi?r=cD1CQS0ySkMyMDkzNFVQMzk1NDkxMyZpPTMxLjIwNC4xNTAuMTM5JnQ9MTcyNTUwODg0MC42JmE9MjEmcz1VTklGSUVEX0xPR0lO6VAlmOyKCS-hOAlW8QdZtDj_Z5E
Date
Thu, 05 Sep 2024 04:00:41 GMT
Server
PayPal-B.Stats/1.0
Connection
close
Content-Length
0
Content-Type
application/octet-stream
p3
c.sandbox.paypal.com/v1/r/d/b/ 		0
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.sandbox.paypal.com/v1/r/d/b/p3?f=BA-2JC20934UP3954913&s=UL_CHECKOUT_INPUT_EMAIL_TRMT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.sandbox.paypal.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
content-encoding
br
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-sigsci-origin-status
200
x-cache
MISS, MISS, MISS
paypal-debug-id
f4170515c3c15
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=br
x-served-by
cache-fra-etou8220051-FRA, cache-fra-etou8220037-FRA, cache-ams21023-AMS
correlation-id
f4170515c3c15
traceparent
00-0000000000000000000f4170515c3c15-0c00a94aa445ad3f-01
x-timer
S1725508841.211447,VS0,VE592
vary
accept-encoding
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
none
x-cache-hits
0, 0, 0
ts
t.paypal.com/ 		42 B
942 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?v=1.8.22&t=1725508841355&g=-120&pgrp=main%3Aprivacy%3Apolicy&page=main%3Aprivacy%3Apolicy%3Agdpr_v2.1&qual=input_email&pgst=1725508840504&calc=f9687667dcda8&nsid=ILeP0fTIeiZ8gDZb_0l9rPpMQjWU8B51&rsta=nl_NL&pgtf=Nodejs&env=sandbox&s=ci&ccpg=NL&csci=0c9775293e9f4c27be051b769279caf3&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=gdpr_v2.1&transition_name=ss_prepare_email&cookie_disabled_request=true&userRedirected=true&fltk=EC-2XF48138WL5894707&flid=EC-2XF48138WL5894707&ctx_login_ot_content=0&obex=checkout&landing_page=login&browser_client_type=Browser&state_name=begin_email&ctx_login_content_fetch=success&ctx_login_ctxid_fetch=success%7Cparse-success&ctx_login_lang_footer=shown&ctx_login_cancel_url=shown&forced_signup_offered=1&ctx_login_signup_btn=shown%7CcreateAccount&context_id=EC-2XF48138WL5894707&ctx_login_intent=checkout&ctx_login_flow=Express%20checkout&ctx_login_state_transition=login_loaded&post_login_redirect=returnUri&ret_url=%2Fwebapps%2Fhermes&api_name=cookieBanner&displaypage=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail&ppage=privacy_banner&bannertype=cookiebanner&flag=gdpr_v2.1&bannerversion=v6&bannersource=ConsentNodeServ&bannervariant=hidden&eligibility_reason=true&is_native=false&cookie_disabled=false&reason_to_hide=Invisible%20banner%20loaded&event_name=cookie_banner_shown&product=consentNodeServ&e=ac
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.3.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Thu, 05 Sep 2024 04:00:41 GMT
date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
afb9295fd3f37
server-timing
"traceparent;desc="00-0000000000000000000afb9295fd3f37-78d94ace1ae64b73-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-fra-eddf8230143-FRA, cache-ams2100113-AMS
pragma
no-cache
correlation-id
afb9295fd3f37
traceparent
00-0000000000000000000afb9295fd3f37-1a73cc8543468cf3-01
x-timer
S1725508841.416013,VS0,VE173
vary
Accept-Encoding
content-type
image/gif
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
ts
t.paypal.com/ 		42 B
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?v=1.8.22&t=1725508841561&g=-120&pgrp=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail&page=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail%3A%3A%3A&qual=input_email&pgst=1725508840504&calc=f9687667dcda8&nsid=ILeP0fTIeiZ8gDZb_0l9rPpMQjWU8B51&rsta=nl_NL&pgtf=Nodejs&env=sandbox&s=ci&ccpg=NL&csci=0c9775293e9f4c27be051b769279caf3&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=gdpr_v2.1&xe=100208%2C100183%2C100332%2C100332%2C101644%2C101644%2C100732%2C100733%2C102942%2C103000%2C101497%2C103408%2C100208%2C101644%2C103000&xt=107239%2C100438%2C100926%2C100926%2C105821%2C105821%2C102335%2C102337%2C111487%2C111692%2C105258%2C113338%2C107239%2C105821%2C111692&transition_name=ss_prepare_email&cookie_disabled_request=true&userRedirected=true&fltk=EC-2XF48138WL5894707&flid=EC-2XF48138WL5894707&ctx_login_ot_content=0&obex=checkout&landing_page=login&browser_client_type=Browser&state_name=begin_email&ctx_login_content_fetch=success&ctx_login_ctxid_fetch=success%7Cparse-success&ctx_login_lang_footer=shown&ctx_login_cancel_url=shown&forced_signup_offered=1&ctx_login_signup_btn=shown%7CcreateAccount&context_id=EC-2XF48138WL5894707&ctx_login_intent=checkout&ctx_login_flow=Express%20checkout&ctx_login_state_transition=login_loaded&post_login_redirect=returnUri&ret_url=%2Fwebapps%2Fhermes&e=im&imsrc=setup&view=%7B%22t10%22%3A51%2C%22t11%22%3A17685%2C%22tcp%22%3A17470%2C%22et%22%3A%224g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A50%7D&pt=Log%20in%20op%20je%20PayPal-rekening&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&t1=51&t1c=51&t1d=14&t1s=20&t2=1142&t3=3&t4d=0&t4=0&t4e=7&tt=17639&rdc=0&protocol=h2&cenc=gzip&res=%7B%7D&t12=17490
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.3.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Thu, 05 Sep 2024 04:00:41 GMT
date
Thu, 05 Sep 2024 04:00:41 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
00d9e0172eb78
server-timing
"traceparent;desc="00-000000000000000000000d9e0172eb78-c87d5da3a279944e-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-fra-eddf8230031-FRA, cache-ams2100113-AMS
pragma
no-cache
correlation-id
00d9e0172eb78
traceparent
00-000000000000000000000d9e0172eb78-441c3766192d7ef9-01
x-timer
S1725508842.570061,VS0,VE173
vary
Accept-Encoding
content-type
image/gif
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
collectorPost
postcollector.paypal.com/collector/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://postcollector.paypal.com/collector/collectorPost
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Accept
*/*
Access-Control-Request-Headers
content-encoding,content-type,x-pageid,x-requested-with,x-tealeaf,x-tealeaf-messagetypes,x-tealeaf-page-url,x-tealeaf-saas-appkey,x-tealeaf-saas-tltdid,x-tealeaf-saas-tltsid,x-tealeaf-syncxhr,x-tealeaftype
Access-Control-Request-Method
POST
Origin
https://www.sandbox.paypal.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-encoding, content-type, x-pageid, x-requested-with, x-tealeaf, x-tealeaf-messagetypes, x-tealeaf-page-url, x-tealeaf-saas-appkey, x-tealeaf-saas-tltdid, x-tealeaf-saas-tltsid, x-tealeaf-syncxhr, x-tealeaftype
access-control-allow-methods
POST
access-control-allow-origin
https://www.sandbox.paypal.com
access-control-max-age
3600
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length
0
date
Thu, 05 Sep 2024 04:00:41 GMT
server
istio-envoy
strict-transport-security
max-age=31557600
vary
Accept-Encoding,Origin
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-envoy-upstream-service-time
0
x-served-by
cache-bru1480049-BRU
x-timer
S1725508842.616776,VS0,VE85
collectorPost
postcollector.paypal.com/collector/ 		38 B
209 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://postcollector.paypal.com/collector/collectorPost
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.67.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
1d4fdec9bbde03db70d2add577e12d713e8cceb38fb75ba13df9c89252475f60
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Content-Encoding
gzip
X-Tealeaf-SaaS-TLTDID
86018352367813395627139253812272
X-Tealeaf
device (UIC) Lib/6.4.65
X-Tealeaf-SyncXHR
false
X-Tealeaf-MessageTypes
1,2,5,7,12,14
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json
X-Tealeaf-SaaS-AppKey
76938917d7504ff7a962174c021690bd
X-Tealeaf-SaaS-TLTSID
33107860586052309265425303803396
X-Requested-With
fetch
X-TealeafType
GUI
X-PageId
P.82L6JTT6HUHF9GC5UNEHQVMLMJY7
X-TeaLeaf-Page-Url
/webscr
Referer
https://www.sandbox.paypal.com/

Response headers

expires
Fri, 31 Dec 1998 12:00:00 GMT
date
Thu, 05 Sep 2024 04:00:42 GMT
via
1.1 varnish
strict-transport-security
max-age=31557600
x-cache
MISS
tltsid
33107860586052309265425303803396
x-envoy-upstream-service-time
1
nodeid
wscollector-5df4f448c7-xg2cv
content-length
38
x-served-by
cache-bru1480049-BRU
dcname
prod-dal
server
istio-envoy
x-timer
S1725508842.722205,VS0,VE333
vary
Accept-Encoding,Origin
content-type
application/json
access-control-allow-origin
https://www.sandbox.paypal.com
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
verifygrcenterprise
www.sandbox.paypal.com/auth/ 		0
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sandbox.paypal.com/auth/verifygrcenterprise
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.131.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-AyJs7d5nvvgWdXIWHjqESZ4cXGX7ciYAY4VrGws6AvMdoc75' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
x-requested-with
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-AyJs7d5nvvgWdXIWHjqESZ4cXGX7ciYAY4VrGws6AvMdoc75' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
date
Thu, 05 Sep 2024 04:00:42 GMT
content-encoding
br
x-sigsci-origin-status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS, MISS
paypal-debug-id
f114724380922
http_x_pp_az_locator
ccg18.slc
server-timing
content-encoding;desc=br
x-xss-protection
1; mode=block
x-served-by
cache-fra-etou8220042-FRA, cache-fra-etou8220104-FRA, cache-ams21023-AMS
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
traceparent
00-0000000000000000000f114724380922-d192852200bafa24-01
x-timer
S1725508842.353366,VS0,VE314
vary
accept-encoding
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
origin-trial
AmF3SS0NWoXo3HaojgmIVVXavukRnZH597u+xZNXRCiKWzSKzfNPHw9NC32GmblY12+HXpkCEYeYGyvRBNkkJg0AAABbeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
none
x-cache-hits
0, 0, 0
ts
t.paypal.com/ 		42 B
650 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?v=1.8.22&t=1725508842562&g=-120&pgrp=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail&page=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail%3A%3A%3A&qual=input_email&pgst=1725508840504&calc=f9687667dcda8&nsid=ILeP0fTIeiZ8gDZb_0l9rPpMQjWU8B51&rsta=nl_NL&pgtf=Nodejs&env=sandbox&s=ci&ccpg=NL&csci=0c9775293e9f4c27be051b769279caf3&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=gdpr_v2.1&xe=100208%2C100183%2C100332%2C100332%2C101644%2C101644%2C100732%2C100733%2C102942%2C103000%2C101497%2C103408%2C100208%2C101644%2C103000&xt=107239%2C100438%2C100926%2C100926%2C105821%2C105821%2C102335%2C102337%2C111487%2C111692%2C105258%2C113338%2C107239%2C105821%2C111692&transition_name=ss_prepare_email&cookie_disabled_request=true&userRedirected=true&fltk=EC-2XF48138WL5894707&flid=EC-2XF48138WL5894707&ctx_login_ot_content=0&obex=checkout&landing_page=login&browser_client_type=Browser&state_name=begin_email&ctx_login_content_fetch=success&ctx_login_ctxid_fetch=success%7Cparse-success&ctx_login_lang_footer=shown&ctx_login_cancel_url=shown&forced_signup_offered=1&ctx_login_signup_btn=shown%7CcreateAccount&context_id=EC-2XF48138WL5894707&ctx_login_intent=checkout&ctx_login_flow=Express%20checkout&ctx_login_state_transition=login_loaded&post_login_redirect=returnUri&ret_url=%2Fwebapps%2Fhermes&event_name=c_paypal_cpl&t1=50&t1c=50&t1d=16&t1s=19&t2=17&t3=4&tt=71&protocol=h2&cenc=gzip&cdn=fastly&tmpl=%2F%2Fc.paypal.&view=%7B%22t10%22%3A50%2C%22t11%22%3A71%2C%22nt%22%3A%22res%22%7D&e=pf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.3.1 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Thu, 05 Sep 2024 04:00:42 GMT
date
Thu, 05 Sep 2024 04:00:42 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
fd9c207b4721f
server-timing
"traceparent;desc="00-0000000000000000000fd9c207b4721f-617ff82a553ce4e5-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-fra-etou8220053-FRA, cache-ams2100113-AMS
pragma
no-cache
correlation-id
fd9c207b4721f
traceparent
00-0000000000000000000fd9c207b4721f-45491c425f34450b-01
x-timer
S1725508843.570704,VS0,VE218
vary
Accept-Encoding
content-type
image/gif
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| paypalADSInterceptorInjected object| html5 object| Modernizr function| isEligibleIntegration object| antiClickjack object| PAYPAL function| $ object| fpti string| fptiserverurl object| fptiOptions boolean| trackLazyData object| _ifpti function| init function| setStyle function| resizeWidget function| getListenerSearchKey function| getTargetOrigin function| renderGRCV3Enterprise function| recaptchaClientLogPostData object| latmconf object| laDataLayer object| pako object| TLT function| bindGdprEvents function| hideGdprBanner function| showGdprBanner

20 Cookies

Domain/Path Name / Value
www.recaptcha.net/recaptcha Name: _GRECAPTCHA
Value: 09AIXqFLraD97H1vOzRfDbLR4GCjmDxDk241fUNY3wZX86MW7Lpi1fazBrVIn3DJmgNuQCF2tOEXIuGSvhHuN22Vk
backendmz2t.thesupportonline.net/ Name: XSRF-TOKEN
Value: eyJpdiI6ImJUR2t1bmpjNFZHOUh4S3R6T1NvT1E9PSIsInZhbHVlIjoiOTlSSEk5WHJtemZZNnF4QVwvU0tqeEI4Z1U5eDFHTDlWZWs1SlZuKzlYNGNMMVdjaEsxSmh6NytJdkRlSCtsODIiLCJtYWMiOiI1MGFhYjllZTA3ZTgyM2Y5NTIwNWM2NDUwMjhkNDU4ZWM4NGI1ZDllMjZiZWIxMmUzZjhmZGVmMjgzNzZhODA4In0%3D
backendmz2t.thesupportonline.net/ Name: movies_zero_2_ten_session
Value: eyJpdiI6IlhxSG9FS3lFK3BpZ3ZPU2hOR01CMGc9PSIsInZhbHVlIjoiS2IwQU9uOHJqanlyWWwrWlUrM3VIZVlHRkpRQThrUXJzUlA1SzVMM2hkUUJkeUQ4WERNZndCNDZXdXcxSmlvUSIsIm1hYyI6IjUxZmU0YWI5MTVmOWU4ZGI5MTNiYWNmMjU2MzZiYTRjMGQ2M2NjOWE1MDg2Y2U2ZmYxYTRjMzU3NzVlMmE3MDIifQ%3D%3D
.paypal.com/ Name: enforce_policy
Value: gdpr_v2.1
.paypal.com/ Name: cookie_check
Value: yes
.paypal.com/ Name: d_id
Value: 0c9775293e9f4c27be051b769279caf31725508840523
.paypal.com/ Name: LANG
Value: nl_NL%3BNL
www.sandbox.paypal.com/ Name: nsid
Value: s%3AILeP0fTIeiZ8gDZb_0l9rPpMQjWU8B51.FaWIjj6eNhk9s5TwNr%2BFX2NwfIlF75Ie%2FYzizIT6DOk
.paypal.com/ Name: ts_c
Value: vr%3Dc05768ee1910aac4844d7780fffa3128%26vt%3Dc05768ee1910aac4844d7780fffa3127
.paypal.com/ Name: TLTSID
Value: 33107860586052309265425303803396
.paypal.com/ Name: TLTDID
Value: 86018352367813395627139253812272
.paypal.com/ Name: rssk
Value: d%7DC9%4088%3A5%3C9%3D79%3D%3F%3Exqx%3E~%3B%3Cj93pn%3F14
.stats.paypal.com/ Name: c
Value: c757c52c06bba5bd61a2
.paypal.com/ Name: cookie_prefs
Value: T%3D0%2CP%3D0%2CF%3D0%2Ctype%3Dinitial
.sandbox.paypal.com/ Name: sc_f_qa
Value: Bai0J4bNzGeQ2a1Si1EhrImE0AieZ0HexPLe38F6Lucu6fcWnk1sd2TpXhxnKf_n8eLHvOSVh-2ZM-DZXKlOzCZRaw7Yq_Sc0Pd_Vm
.sandbox.paypal.com/ Name: UGZUWCKM6F_awXE8WyEURJrBYQG
Value: 1WOnW7tfIoL-OC3uJOBFtUssX398USqUCB0eLJPbdomFjHYxvRQFwqgLUu40ZfxJb69LWctd6okdMPxM
.paypal.com/ Name: l7_az
Value: dcg18.slc
.paypal.com/ Name: x-pp-s
Value: eyJ0IjoiMTcyNTUwODg0MjU4MCIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/ Name: tsrce
Value: authchallengenodeweb
.paypal.com/ Name: ts
Value: vreXpYrS%3D1820116842%26vteXpYrS%3D1725510642%26vr%3Dc05768ee1910aac4844d7780fffa3128%26vt%3Dc05768ee1910aac4844d7780fffa3127%26vtyp%3Dnew

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=EC-2XF48138WL5894707
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-NKRosREelVdOgaDlhRqX0p513B477tV8ljYnaxe1mCTcNhGd' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.stats.paypal.com
backendmz2t.thesupportonline.net
c.paypal.com
c.sandbox.paypal.com
lhr.stats.paypal.com
postcollector.paypal.com
t.paypal.com
www.paypalobjects.com
www.sandbox.paypal.com
151.101.129.21
151.101.131.1
151.101.3.1
151.101.67.1
192.229.221.25
31.186.241.25
34.147.177.40
06d26b40ac30d4f467f2dd70e5f81547210f8bd465c9648b26cd7af3ae9b55f6
13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
18799214bb5fd7129e094b4dfb058189fb9b93755a27ffcb586bcfccea9f4fbd
1d4fdec9bbde03db70d2add577e12d713e8cceb38fb75ba13df9c89252475f60
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
47096fcf22c58f177936f84eac91ef9113639043881ee6de5358162077fd62b0
4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653
4ad0286f0a79554f19dc084f7752558d20b2ef3bfc7ddb046c40ea29e881c90a
559e4950f6081149d3ae380b3ff48a862a373b237b5bba4b8877c7e2dc143756
5a0ea7e0ead74c66f762b54be56abacf5a9e284935c07d67e4801bc833ab12cf
5e5569161569d71fed0ef6a919d9a09ef1091312ab5b53431ab9e9fef1d4500f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6eb42d5d8a77edb9b58e1a1636026d30bf894349d76878b23767a2972aa4c291
75c159c9974a7207171cf1f4ed302f91f90ae95233fdd64e994fd66ada89ab20
80a25e3da5a2fef05592309bafebea8195b88863cc86cf915927c4b17188a013
8b202d5bd55968ce4bfc21c063166eaebe62104275ce7ec362d78b64b2581c95
8d0e74dfe39c809f2dde1119f404841405d107fa40165669ea74fca51722311b
93ef042464833a1b53b3625c636a82d19c74b977b532598db99dd078f432b24c
9ae7b95f034d76b21aaf8fcc0cdd39f4ba7ba59dd9751348a32c7e5cfdfdb6df
9dfa418f264ab036bb757a4fe09c634a88d2a84e3f479b5c126cc3de0169e821
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
a772318a0b9cb9efe392233fb88a2636e827bb52f414291fac9ede616058e538
b6c8e6c9ef42a1509be875834572e7289a2e5d5dbcda1f7ec0d5cad73dab67b7
c0064a1ea62feb9104cba34963e2b04c55487c2af299839a1917e23e1dc1aa32
c1a3c014d67502d4176bebd6364ab500b9b7e77750b20983622e55aee9a4d3d7
d62ce55eafd625dbe9d16c9b16867703406313db3e17e9d3c55d898c76cc6d21
d81bfefd8585b694222d3e94e9dee5d7935049c65355f9fd096800301d51545b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecf58114cb9eeb6b3fd3308b09d7a7727ecc14ee95e915ad9352190b3b05a744
f398332095b5ad5089951f01700232e75f1f7195382e004cd82b4c8c0e6cc417
f5efce5785235a383db787c2c6d709467e76d6efc194e9320b835e46005a07df
f61339cc18d9c63deefc0f642e13c7a43fc0ace7e1dd582c443b33a4ccaadcd6
f8fd37b2b5e2c25c13f0875d52cdb66df06ce33e0e7ae95ea71aa693114023f7
f9035e34f5734e89ddb03b601b1c0fd58323a93f176c5c7e220d7aa7a2062ed5