Submitted URL: https://www.xoom.com/track-my-transaction?trackingNumber=X725318141
Effective URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Submission: On September 22 via manual from US — Scanned from DE

Summary

This website contacted 10 IPs in 3 countries across 8 domains to perform 31 HTTP transactions. The main IP is 205.189.102.141, located in United States and belongs to XOOM, US. The main domain is www.xoom.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 27th 2020. Valid for: 2 years.
This is the only time www.xoom.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 205.189.102.141 21893 (XOOM)
12 104.111.232.202 16625 (AKAMAI-AS)
1 13.32.22.53 16509 (AMAZON-02)
6 151.101.193.35 54113 (FASTLY)
1 18.66.110.125 16509 (AMAZON-02)
4 151.101.66.133 54113 (FASTLY)
2 52.35.195.250 16509 (AMAZON-02)
2 52.222.206.172 16509 (AMAZON-02)
1 2 64.4.245.84 17012 (PAYPAL)
1 104.110.16.216 16625 (AKAMAI-AS)
31 10
Domain Requested by
12 assets-cdn.s-xoom.com www.xoom.com
assets-cdn.s-xoom.com
5 c.paypal.com www.xoom.com
c.paypal.com
4 www.paypalobjects.com assets-cdn.s-xoom.com
www.paypalobjects.com
2 d1wnclalxop6x4.cloudfront.net cdn.segment.com
2 api.segment.io cdn.segment.com
2 www.xoom.com 1 redirects
1 c6.paypal.com www.xoom.com
1 t.xoom.com www.xoom.com
1 dub.stats.paypal.com www.xoom.com
1 b.stats.paypal.com 1 redirects
1 cdn.segment.com assets-cdn.s-xoom.com
1 images.ctfassets.net www.xoom.com
31 12

This site contains links to these domains. Also see Links.

Domain
help.xoom.com
news.xoom.com
www.paypal.com
control.kochava.com
Subject Issuer Validity Valid
www.xoom.com
DigiCert SHA2 Extended Validation Server CA
2020-02-27 -
2022-04-07
2 years crt.sh
assets-cdn.s-xoom.com
DigiCert SHA2 Extended Validation Server CA
2021-07-26 -
2022-08-26
a year crt.sh
images.ctfassets.net
Amazon
2021-03-19 -
2022-04-17
a year crt.sh
c.paypal.com
DigiCert SHA2 Extended Validation Server CA
2020-06-24 -
2022-06-29
2 years crt.sh
*.segment.com
DigiCert TLS RSA SHA256 2020 CA1
2021-07-19 -
2022-08-09
a year crt.sh
www.paypalobjects.com
DigiCert SHA2 Extended Validation Server CA
2021-04-29 -
2021-12-13
8 months crt.sh
*.cloudfront.net
Amazon
2021-03-19 -
2022-03-17
a year crt.sh
b.stats.paypal.com
DigiCert SHA2 High Assurance Server CA
2020-03-13 -
2022-06-03
2 years crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA
2020-11-17 -
2021-11-21
a year crt.sh

This page contains 3 frames:

Primary Page: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Frame ID: 806CAAFDA356B67C065791840588CA3D
Requests: 24 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: A88B07BAF0396F6A4803342312C826D7
Requests: 5 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/v2/counter2.cgi?p=1e2c2426039954251433095a2bdfccbf&s=XOOM
Frame ID: B99453E7FDFC5FBE539AB183D01E677D
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Einloggen | Xoom, ein Service von PayPal

Page URL History Show full URLs

  1. https://www.xoom.com/track-my-transaction?trackingNumber=X725318141 HTTP 303
    https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+(?:https?:)?//(?:assets|downloads|images|videos)\.(?:ct?fassets\.net|contentful\.com)

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com

Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

31
Requests

100 %
HTTPS

0 %
IPv6

8
Domains

12
Subdomains

10
IPs

3
Countries

328 kB
Transfer

1172 kB
Size

19
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.xoom.com/track-my-transaction?trackingNumber=X725318141 HTTP 303
    https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20
  • https://b.stats.paypal.com/v2/counter.cgi?p=1e2c2426039954251433095a2bdfccbf&s=XOOM HTTP 302
  • https://dub.stats.paypal.com/v2/counter2.cgi?p=1e2c2426039954251433095a2bdfccbf&s=XOOM

31 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set sign-in
www.xoom.com/
Redirect Chain
  • https://www.xoom.com/track-my-transaction?trackingNumber=X725318141
  • https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
20 KB
11 KB
Document
General
Full URL
https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.189.102.141 , United States, ASN21893 (XOOM, US),
Reverse DNS
Software
/
Resource Hash
9fb98bbba000c29da0f05bab6d7fc076b66160caaf6532e55c62e5abd26e55bb
Security Headers
Name Value
Content-Security-Policy connect-src https://*.xoom.com/ 'self' https://*.google-analytics.com/ https://*.mixpanel.com/ https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.braintreegateway.com/ https://*.googleapis.com/ wss://*.xoom.com/ https://*.doubleclick.net/ https://*.segment.io/ https://*.paypal.com/ https://*.s-xoom.com/ https://*.online-metrix.net/ https://*.braintree-api.com/ https://paypalobjects.com/; frame-ancestors https://*.salesforce.com/ https://*.paypal.com/ 'self'; script-src https://www.paypalobjects.com/ 'unsafe-inline' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.cardinalcommerce.com/ https://*.mxpnl.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.recaptcha.net/; img-src 'self' data: https:; style-src https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; frame-src https://www.paypalobjects.com/ https://connect.facebook.net/ https://*.xoom.com/ https://assets-cdn.s-xoom.com/ 'self' https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.facebook.com/ https://*.braintreegateway.com/ https://*.doubleclick.net/ https://*.paypal.com/ https://youtube.com/ https://www.youtube.com/ https://*.online-metrix.net/ https://media.mtvnservices.com/; base-uri 'self'; worker-src 'self'; report-uri https://csp.tsrs.cloud/r/15b76e5fbe4daeec65972e018e98b8fb6b21f0ea; object-src https://*.cardinalcommerce.com/ https://*.online-metrix.net/; font-src https://www.paypalobjects.com/ https://fonts.gstatic.com/ https://*.s3.amazonaws.com/ 'self' https://*.s-xoom.com/ https://fonts.googleapis.com/ data:; media-src https://ssl.gstatic.com/; form-action 'self' https://*.paypal.com/ https://*.cardinalcommerce.com/ https://help.xoom.com/;
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.xoom.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Cookie
mgaff_1=untracked; AB_1=1851154463433638144; ts=vr%3De71cd0235de14913c9f426a3ee76394e%26vteXpYrS%3D1632335480%26vt%3D04853271ecff456ac51f26a3ee76394e%26vtyp%3Dnew%26vreXpYrS%3D1726941680; xReCo=DE; FGP_1=0fa3614b-a875-47b9-c7b0-26a3ee76394e; xSoCu=EUR; loc_1=de_DE; enforce_policy=gdpr_eu; referringUrl_1=; FP_1=0c563d332c2894f82750a711292c35d6; JSESSIONID=7ac76aff-8b3c-4460-aa6c-ae81c56cc34c; FN_1=d644954b8c0bd49e687ced625b5e43648327e3091e44e61a4dcc647c7e29190e; PXSID=65A9D03FFB33B85D1BBAD77BC2ABD6A8.ocb; TS01a12024=014b09cbb7b5bd9a4ea019a6405941ca51abb97d6e5b9d9ab1a2afc944c477d9e1dac9fb66ea7c26b3aaa99b13a59dda56be4d380deffdec558f111bd04b536730656f8652a1dcb1a50efa51729efe6f8604be549ba329d5a55e3823997344c650d851410beab3effbbdff32b45e82a36f595277597c163ecb36f596906652a00d281bfa01172b17a8ec4b625a03921d7a1fb541a944e0b5b99d3b40753bf909331e3c8a0cde39b36e37e75acde076fb616b5464dfbcd62227d3e93c2fe8aa5e94f3c6aeff0164a1f6f71346362ae36f1209e786e4beb8aca4d674edf6ed9b3286d934d645446bf2b3d193df71297488d51fc00ae469616f60d624870d0b5e3778c12ccda54ea5062fe47fedce1961c6f4f1a5dae1; TS01b136be=014b09cbb7f424767ae04236f8645d28f32fd1f49f5b9d9ab1a2afc944c477d9e1dac9fb66553f88b7bbe8133a95ca2e8cfae12c1026e6bf8f3e59666f1d6626a4f183ddef
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Wed, 22 Sep 2021 18:01:20 GMT
Content-Type
text/html;charset=UTF-8
Connection
keep-alive
set-cookie
FGP_1=0fa3614b-a875-47b9-c7b0-26a3ee76394e; Max-Age=900; Path=/; Secure; HttpOnly; SameSite=Lax loc_1=de_DE; Expires=Mon, 10-Oct-2089 21:15:27 GMT; Path=/; Secure; HttpOnly; SameSite=Lax FN_1=1e2c2426039954251433095a2bdfccbf; Expires=Mon, 10-Oct-2089 21:15:27 GMT; Path=/; Secure; HttpOnly; SameSite=Lax JSESSIONID=4d56237d-2999-4df7-a198-e44ace02725d; Path=/; Secure; HttpOnly; SameSite=Lax xGDPR=; Expires=Wed, 22-Sep-21 01:21:20 GMT; Path=/
server-timing
intid;desc=67C5AE7872C848E8
x-xoom-requestid
1yVPFpUYZGvPSykW8K8YgGW2Gza
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
0
x-frame-options
DENY SAMEORIGIN
content-language
de-DE
content-security-policy
connect-src https://*.xoom.com/ 'self' https://*.google-analytics.com/ https://*.mixpanel.com/ https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.braintreegateway.com/ https://*.googleapis.com/ wss://*.xoom.com/ https://*.doubleclick.net/ https://*.segment.io/ https://*.paypal.com/ https://*.s-xoom.com/ https://*.online-metrix.net/ https://*.braintree-api.com/ https://paypalobjects.com/; frame-ancestors https://*.salesforce.com/ https://*.paypal.com/ 'self'; script-src https://www.paypalobjects.com/ 'unsafe-inline' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.cardinalcommerce.com/ https://*.mxpnl.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.recaptcha.net/; img-src 'self' data: https:; style-src https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; frame-src https://www.paypalobjects.com/ https://connect.facebook.net/ https://*.xoom.com/ https://assets-cdn.s-xoom.com/ 'self' https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.facebook.com/ https://*.braintreegateway.com/ https://*.doubleclick.net/ https://*.paypal.com/ https://youtube.com/ https://www.youtube.com/ https://*.online-metrix.net/ https://media.mtvnservices.com/; base-uri 'self'; worker-src 'self'; report-uri https://csp.tsrs.cloud/r/15b76e5fbe4daeec65972e018e98b8fb6b21f0ea; object-src https://*.cardinalcommerce.com/ https://*.online-metrix.net/; font-src https://www.paypalobjects.com/ https://fonts.gstatic.com/ https://*.s3.amazonaws.com/ 'self' https://*.s-xoom.com/ https://fonts.googleapis.com/ data:; media-src https://ssl.gstatic.com/; form-action 'self' https://*.paypal.com/ https://*.cardinalcommerce.com/ https://help.xoom.com/;
x-xss-protection
1; mode=block
x-envoy-upstream-service-time
25
Strict-Transport-Security
max-age=15768000; includeSubDomains
Set-Cookie
TS01a12024=014b09cbb74ecc79c5d7f079224c4a56f6da91b1bb5b9d9ab1a2afc944c477d9e1dac9fb66ea7c26b3aaa99b13a59dda56be4d380deffdec558f111bd04b536730656f8652a1dcb1a50efa51729efe6f8604be549ba329d5a55e3823997344c650d851410beab3effbbdff32b45e82a36f595277597c163ecb36f596906652a00d281bfa01172b17a8ec4b625a03921d7a1fb541a944e0b5b99d3b40753bf909331e3c8a0cde39b36e37e75acde076fb616b5464dfbcd62227d3e93c2fe8aa5e94f3c6aeff0164a1f6f71346362ae36f1209e786e4e9772969e31fdb3f01ed9214ac1bcb5d32def332c236c0b671f356267220a182f24ed21e697c7ce271809335ddc46b7d7e0218d9c166c15598f7b8c7673a0aa9; Path=/
Vary
Accept-Encoding
Content-Encoding
gzip
Transfer-Encoding
chunked

Redirect headers

Date
Wed, 22 Sep 2021 18:01:20 GMT
Content-Length
0
Connection
keep-alive
set-cookie
mgaff_1=untracked; Max-Age=604800; Path=/; Secure; SameSite=Lax AB_1=1851154463433638144; Max-Age=2147483647; Path=/; Secure; SameSite=Lax ts=vr%3De71cd0235de14913c9f426a3ee76394e%26vteXpYrS%3D1632335480%26vt%3D04853271ecff456ac51f26a3ee76394e%26vtyp%3Dnew%26vreXpYrS%3D1726941680; Max-Age=94608000; Domain=.xoom.com; Path=/; Secure; HttpOnly; SameSite=Lax xReCo=DE; Max-Age=31536000; Path=/; Secure; SameSite=Lax FGP_1=0fa3614b-a875-47b9-c7b0-26a3ee76394e; Max-Age=900; Path=/; Secure; HttpOnly; SameSite=Lax xSoCu=EUR; Max-Age=31536000; Path=/; Secure; SameSite=Lax loc_1=de_DE; Max-Age=31536000; Path=/; Secure; SameSite=Lax enforce_policy=gdpr_eu; Max-Age=604800; Path=/; Secure; SameSite=Lax referringUrl_1=; Max-Age=604800; Path=/; Secure; SameSite=Lax loc_1=de_DE; Expires=Mon, 10-Oct-2089 21:15:27 GMT; Path=/; Secure; HttpOnly; SameSite=Lax FP_1=0c563d332c2894f82750a711292c35d6; Expires=Mon, 10-Oct-2089 21:15:27 GMT; Path=/; Secure; HttpOnly; SameSite=Lax JSESSIONID=7ac76aff-8b3c-4460-aa6c-ae81c56cc34c; Path=/; Secure; HttpOnly; SameSite=Lax FN_1=d644954b8c0bd49e687ced625b5e43648327e3091e44e61a4dcc647c7e29190e; Expires=Mon, 10-Oct-2089 21:15:27 GMT; Path=/; Secure; HttpOnly; SameSite=Lax PXSID=65A9D03FFB33B85D1BBAD77BC2ABD6A8.ocb; Path=/; Secure; HttpOnly; SameSite=Lax ; mgaff_1=; Domain=.xoom.com; Expires=Wed, 22-Sep-21 01:21:20 GMT; Path=/ xGDPR=; Expires=Wed, 22-Sep-21 01:21:20 GMT; Path=/
server-timing
intid;desc=93C5973E557EC685
x-ua-compatible
IE=edge
x-xoom-requestid
795d545a-69a2-4892-96cc-32e7054e2097
location
/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-envoy-upstream-service-time
40
Strict-Transport-Security
max-age=15768000; includeSubDomains
X-Content-Type-Options
nosniff
Set-Cookie
TS01a12024=014b09cbb7b5bd9a4ea019a6405941ca51abb97d6e5b9d9ab1a2afc944c477d9e1dac9fb66ea7c26b3aaa99b13a59dda56be4d380deffdec558f111bd04b536730656f8652a1dcb1a50efa51729efe6f8604be549ba329d5a55e3823997344c650d851410beab3effbbdff32b45e82a36f595277597c163ecb36f596906652a00d281bfa01172b17a8ec4b625a03921d7a1fb541a944e0b5b99d3b40753bf909331e3c8a0cde39b36e37e75acde076fb616b5464dfbcd62227d3e93c2fe8aa5e94f3c6aeff0164a1f6f71346362ae36f1209e786e4beb8aca4d674edf6ed9b3286d934d645446bf2b3d193df71297488d51fc00ae469616f60d624870d0b5e3778c12ccda54ea5062fe47fedce1961c6f4f1a5dae1; Path=/ TS01b136be=014b09cbb7f424767ae04236f8645d28f32fd1f49f5b9d9ab1a2afc944c477d9e1dac9fb66553f88b7bbe8133a95ca2e8cfae12c1026e6bf8f3e59666f1d6626a4f183ddef; path=/; domain=.xoom.com
demeter.css
assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/
237 KB
33 KB
Stylesheet
General
Full URL
https://assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/demeter.css
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
61b181fef0e73492b33408bee9456f1502f7dca9a4f478dd2c86c23616067265
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
last-modified
Fri, 10 Sep 2021 07:01:00 GMT
etag
"613b02ac-3b21a"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=314333536
x-envoy-upstream-service-time
5
accept-ranges
bytes
content-length
33865
x-xss-protection
1; mode=block
expires
Mon, 08 Sep 2031 20:53:37 GMT
legacy-supplement.css
assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/
54 KB
10 KB
Stylesheet
General
Full URL
https://assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/legacy-supplement.css
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2ac55ce548e3a3932efb6d0f95e467184a038bdbc74d58522e3580a3cd5a943d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
last-modified
Fri, 10 Sep 2021 07:01:00 GMT
etag
"613b02ac-d7ca"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=314333572
x-envoy-upstream-service-time
5
accept-ranges
bytes
content-length
9799
x-xss-protection
1; mode=block
expires
Mon, 08 Sep 2031 20:54:13 GMT
signin.css
assets-cdn.s-xoom.com/siteContent/24.1.20210907130731/css/apps/user-access/
4 KB
1 KB
Stylesheet
General
Full URL
https://assets-cdn.s-xoom.com/siteContent/24.1.20210907130731/css/apps/user-access/signin.css
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d3e337a957ad2aac0c942666652ae673f762040a639056ed6d2d0521c142b1c4
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 07:01:00 GMT
etag
"61385fac-fea"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=314166221
x-envoy-upstream-service-time
6
accept-ranges
bytes
content-length
1254
x-xss-protection
1; mode=block
expires
Sat, 06 Sep 2031 22:25:02 GMT
xoom-analytics-init.js
assets-cdn.s-xoom.com/siteContent/24.1.20210907130731/js/
8 KB
3 KB
Script
General
Full URL
https://assets-cdn.s-xoom.com/siteContent/24.1.20210907130731/js/xoom-analytics-init.js
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
20bc61d46fc8c87054b5a6a3fe57a4c457f0754c03919f0c69b0ef68dbfd6126
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 07:01:00 GMT
etag
"61385fac-2158"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=314208406
x-envoy-upstream-service-time
7
accept-ranges
bytes
content-length
3004
x-xss-protection
1; mode=block
expires
Sun, 07 Sep 2031 10:08:07 GMT
xoom_pp_vertical_white_logo_150x50_de.svg
images.ctfassets.net/fyvbo1b1kt27/1aCaeEbqRYHPhbPqjuyQyA/318594c40832358c69d5103ba7f42dab/
11 KB
4 KB
Image
General
Full URL
https://images.ctfassets.net/fyvbo1b1kt27/1aCaeEbqRYHPhbPqjuyQyA/318594c40832358c69d5103ba7f42dab/xoom_pp_vertical_white_logo_150x50_de.svg
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.22.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-22-53.fra56.r.cloudfront.net
Software
Contentful Images API /
Resource Hash
35d8d431c789a316f4f145aacfe4f719b87c34fb7e5128f6f6c54a6db4a13d66

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 05:18:58 GMT
content-encoding
gzip
last-modified
Fri, 21 May 2021 20:25:06 GMT
server
Contentful Images API
age
45744
etag
W/"66754f9cd8a67afdf8cb4b091d5b8a35"
vary
Accept-Encoding
x-edge-origin-shield-skipped
0
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-C2
x-amz-cf-id
D5rYn7IZ6TcsBeYLtj97R_87OzIw65zGyIGbICDMQeGEYvdckzSpYg==
via
1.1 421d6f0c8b018cdf0b78f7d15df10d0c.cloudfront.net (CloudFront)
common.js
assets-cdn.s-xoom.com/xvx/2.28.0/js/
91 KB
29 KB
Script
General
Full URL
https://assets-cdn.s-xoom.com/xvx/2.28.0/js/common.js
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c91742299369178d81bd9e937dece27e5299620b00a88b15f9c78b225f0806cf
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
last-modified
Fri, 10 Sep 2021 07:01:00 GMT
etag
"613b02ac-16b06"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=314333629
x-envoy-upstream-service-time
4
accept-ranges
bytes
content-length
29766
x-xss-protection
1; mode=block
expires
Mon, 08 Sep 2031 20:55:10 GMT
header.js
assets-cdn.s-xoom.com/xvx/2.28.0/js/
8 KB
3 KB
Script
General
Full URL
https://assets-cdn.s-xoom.com/xvx/2.28.0/js/header.js
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
12c3948d00c4eec926af12933331fa9de93e0361fb7957faffc63066ca72a4f9
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
last-modified
Fri, 10 Sep 2021 07:01:00 GMT
etag
"613b02ac-1f30"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=314333728
x-envoy-upstream-service-time
6
accept-ranges
bytes
content-length
2634
x-xss-protection
1; mode=block
expires
Mon, 08 Sep 2031 20:56:49 GMT
main.js
assets-cdn.s-xoom.com/xvx/2.28.0/js/
38 KB
11 KB
Script
General
Full URL
https://assets-cdn.s-xoom.com/xvx/2.28.0/js/main.js
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cef824fb8367c99451fb750ac69e997ae19c9c6654e13cab72b6f4188c2ac5f7
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
last-modified
Fri, 10 Sep 2021 07:01:00 GMT
etag
"613b02ac-991d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=314333585
x-envoy-upstream-service-time
5
accept-ranges
bytes
content-length
11366
x-xss-protection
1; mode=block
expires
Mon, 08 Sep 2031 20:54:26 GMT
xoom-xvx-init.js
assets-cdn.s-xoom.com/siteContent/24.1.20210907130731/js/
55 KB
20 KB
Script
General
Full URL
https://assets-cdn.s-xoom.com/siteContent/24.1.20210907130731/js/xoom-xvx-init.js
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d565897ad03c72b50634e6ab28c7d01d481ba7bdc6d9e14d8e78f578b93ebe90
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 07:01:00 GMT
etag
"61385fac-db88"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=314166048
x-envoy-upstream-service-time
6
accept-ranges
bytes
content-length
20664
x-xss-protection
1; mode=block
expires
Sat, 06 Sep 2031 22:22:09 GMT
fb.js
c.paypal.com/da/r/
53 KB
19 KB
Script
General
Full URL
https://c.paypal.com/da/r/fb.js
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f46e0d4331801815971dc491f3543631620a49095b61ee2beefcb6095c0dd07f
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31557600
content-encoding
gzip
x-content-type-options
nosniff
age
156530
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, HIT
paypal-debug-id
5999f32f2f81
x-cache-hits
4, 1, 70347
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
18575
etag
W/"610b110d-d38b"
x-served-by
cache-sjc10036-SJC, cache-fra19135-FRA, cache-fra19169-FRA
last-modified
Wed, 04 Aug 2021 22:13:33 GMT
x-timer
S1632333681.281843,VS0,VE2
date
Wed, 22 Sep 2021 18:01:21 GMT
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=86400
access-control-allow-credentials
false
accept-ranges
bytes
expires
Thu, 23 Sep 2021 18:01:21 GMT
analytics.min.js
cdn.segment.com/analytics.js/v1/HRMXxtDkmQkcxdAobhOakMc6bwCyl6zE/
432 KB
88 KB
Script
General
Full URL
https://cdn.segment.com/analytics.js/v1/HRMXxtDkmQkcxdAobhOakMc6bwCyl6zE/analytics.min.js
Requested by
Host: assets-cdn.s-xoom.com
URL: https://assets-cdn.s-xoom.com/siteContent/24.1.20210907130731/js/xoom-analytics-init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cf3b6e52abdb68e5493ab0e34ac47c7b0230b839dbe6a29e1d17397e5a184336

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id
2unqWtDOwgJBvpqvTb0KlBHocoVJSS0r
content-encoding
gzip
etag
W/"69922892ff3474b8b9b2146559aca485"
x-amz-cf-pop
FRA56-P5
x-cache
Hit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Fri, 17 Sep 2021 22:24:57 GMT
server
AmazonS3
date
Wed, 22 Sep 2021 18:01:21 GMT
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
via
1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
cache-control
public, max-age=120
x-amz-cf-id
2VJOGlgmwhwc4vHyEqV9e3kA5uX4io9UsjJ4fomZGH9nnjOzeRzmBQ==
icon-white-pp.c66009d7.svg
assets-cdn.s-xoom.com/xvx/2.28.0/images/
2 KB
1 KB
Image
General
Full URL
https://assets-cdn.s-xoom.com/xvx/2.28.0/images/icon-white-pp.c66009d7.svg
Requested by
Host: assets-cdn.s-xoom.com
URL: https://assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/demeter.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3f00da56c69d88ca8b0f49ef2ff8b802dac5b172ef6f26ee7d5f9d9474d8a0fa
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/demeter.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
last-modified
Fri, 10 Sep 2021 07:01:00 GMT
etag
"613b02ac-800"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=314333669
x-envoy-upstream-service-time
5
accept-ranges
bytes
content-length
1020
x-xss-protection
1; mode=block
expires
Mon, 08 Sep 2031 20:55:50 GMT
BTN-android-small.2186b59b.png
assets-cdn.s-xoom.com/xvx/2.28.0/images/
2 KB
2 KB
Image
General
Full URL
https://assets-cdn.s-xoom.com/xvx/2.28.0/images/BTN-android-small.2186b59b.png
Requested by
Host: assets-cdn.s-xoom.com
URL: https://assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/legacy-supplement.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
004518367b7fca116cec42218658e8432fd124460bb57d47b44948ed89352737
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/legacy-supplement.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
last-modified
Fri, 10 Sep 2021 07:01:00 GMT
etag
"613b02ac-791"
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=314333712
x-envoy-upstream-service-time
0
accept-ranges
bytes
content-length
1937
x-xss-protection
1; mode=block
expires
Mon, 08 Sep 2031 20:56:33 GMT
BTN-apple-small.1fdf0fb9.png
assets-cdn.s-xoom.com/xvx/2.28.0/images/
2 KB
2 KB
Image
General
Full URL
https://assets-cdn.s-xoom.com/xvx/2.28.0/images/BTN-apple-small.1fdf0fb9.png
Requested by
Host: assets-cdn.s-xoom.com
URL: https://assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/legacy-supplement.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
acd9b512fa356580dd8b1c054966eaa35159067492d7c1503016f2425c7eac6d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/legacy-supplement.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
last-modified
Fri, 10 Sep 2021 07:01:00 GMT
etag
"613b02ac-7c8"
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=314333553
x-envoy-upstream-service-time
1
accept-ranges
bytes
content-length
1992
x-xss-protection
1; mode=block
expires
Mon, 08 Sep 2031 20:53:54 GMT
PayPalSansBig-Regular.woff2
www.paypalobjects.com/paypal-ui/fonts/
25 KB
25 KB
Font
General
Full URL
https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Regular.woff2
Requested by
Host: assets-cdn.s-xoom.com
URL: https://assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/demeter.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1f70ff447ed799a34f4c3ae37ef1f49ed4af71123ba2c2aefe354565354284be
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
https://assets-cdn.s-xoom.com/
Origin
https://www.xoom.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 18:01:21 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
HIT, HIT
paypal-debug-id
f0d54d922f150
dc
phx-origin-www-2.paypal.com
content-length
25368
x-served-by
cache-sjc10075-SJC, cache-hhn4072-HHN
last-modified
Sat, 13 Feb 2021 00:27:06 GMT
x-timer
S1632333681.264453,VS0,VE0
etag
"60271cda-6318"
strict-transport-security
max-age=31557600
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public,max-age=3600
accept-ranges
bytes
x-cache-hits
643, 187
PayPalSansBig-Medium.woff2
www.paypalobjects.com/paypal-ui/fonts/
18 KB
18 KB
Font
General
Full URL
https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Medium.woff2
Requested by
Host: assets-cdn.s-xoom.com
URL: https://assets-cdn.s-xoom.com/xvx/2.28.0/styles/themes/demeter/demeter.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
https://assets-cdn.s-xoom.com/
Origin
https://www.xoom.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 18:01:21 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
x-cache
HIT, HIT
paypal-debug-id
ee2d63a9257bf
dc
ccg11-origin-www-1.paypal.com
content-length
18508
x-served-by
cache-sjc10026-SJC, cache-hhn4072-HHN
last-modified
Sat, 13 Feb 2021 00:27:06 GMT
x-timer
S1632333681.264524,VS0,VE0
etag
"60271cda-484c"
strict-transport-security
max-age=31557600
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public,max-age=3600
accept-ranges
bytes
x-cache-hits
72191, 107
p
api.segment.io/v1/
21 B
139 B
XHR
General
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/HRMXxtDkmQkcxdAobhOakMc6bwCyl6zE/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.35.195.250 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-35-195-250.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer
https://www.xoom.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.xoom.com
date
Wed, 22 Sep 2021 18:01:21 GMT
content-length
21
vary
Origin
content-type
application/json
instrumentation-spec-rftgd379dm-OJMMvuVf7U.json
d1wnclalxop6x4.cloudfront.net/
2 B
344 B
Fetch
General
Full URL
https://d1wnclalxop6x4.cloudfront.net/instrumentation-spec-rftgd379dm-OJMMvuVf7U.json
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/HRMXxtDkmQkcxdAobhOakMc6bwCyl6zE/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.206.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-206-172.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Cache-Control
no-cache
Referer
https://www.xoom.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 18:00:54 GMT
via
1.1 e026b2802d48048e9935caadbecf124f.cloudfront.net (CloudFront)
server
AmazonS3
age
28
access-control-max-age
3000
x-edge-origin-shield-skipped
0
content-type
application/json
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P3
x-cache
Hit from cloudfront
access-control-allow-methods
GET, HEAD
content-length
2
x-amz-cf-id
EzV1Nf0hQ7RzLrL4ph4G1wwYEKev2y68z948zNf9lM48iDRTXlQbmg==
instrumentation-spec-rftgd379dm-OJMMvuVf7U.json
d1wnclalxop6x4.cloudfront.net/ Frame
0
0
Preflight
General
Full URL
https://d1wnclalxop6x4.cloudfront.net/instrumentation-spec-rftgd379dm-OJMMvuVf7U.json
Protocol
H2
Server
52.222.206.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-206-172.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
cache-control
Origin
https://www.xoom.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
x-amz-id-2
PoLb6QFqhguWYWCpMgUcLOWT7dqVX2ISczpm6X2vfi1xl+Yu7fK6rdNjffLy9ILbNiL2XGgpAxU=
x-amz-request-id
1BQFWPWKVC6ECP3E
date
Wed, 22 Sep 2021 18:01:23 GMT
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
access-control-allow-headers
cache-control
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
server
AmazonS3
x-edge-origin-shield-skipped
0
x-cache
Miss from cloudfront
via
1.1 e026b2802d48048e9935caadbecf124f.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amz-cf-id
9xjdgE9h-rUCXtY7KVmxpq67ce3IGPEELjssA2VVI1KD9wF8xOi3oQ==
i
c.paypal.com/v1/r/d/ Frame A88B
160 B
901 B
Document
General
Full URL
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
c.paypal.com
:scheme
https
:path
/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.xoom.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/

Response headers

correlation-id
e9dc9a2f4e3d7
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-security-policy-report-only
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type
text/html;charset=UTF-8
paypal-debug-id
e9dc9a2f4e3d7
x-content-type-options
nosniff
x-xss-protection
1; mode=block
accept-ranges
none
via
1.1 varnish, 1.1 varnish
date
Wed, 22 Sep 2021 18:01:21 GMT
x-served-by
cache-hhn4083-HHN, cache-fra19169-FRA
x-cache
MISS, MISS
x-cache-hits
0, 0
x-timer
S1632333682.598268,VS0,VE162
vary
Accept-Encoding
set-cookie
x-cdn=0300; Domain=paypal.com; Path=/; Secure
content-encoding
br
counter2.cgi
dub.stats.paypal.com/v2/ Frame B994
Redirect Chain
  • https://b.stats.paypal.com/v2/counter.cgi?p=1e2c2426039954251433095a2bdfccbf&s=XOOM
  • https://dub.stats.paypal.com/v2/counter2.cgi?p=1e2c2426039954251433095a2bdfccbf&s=XOOM
42 B
299 B
Image
General
Full URL
https://dub.stats.paypal.com/v2/counter2.cgi?p=1e2c2426039954251433095a2bdfccbf&s=XOOM
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software
PayPal-B.Stats/1.0 /
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 22 Sep 2021 18:01:21 GMT
Server
PayPal-B.Stats/1.0
Connection
close
Content-Length
42
Content-Type
image/jpeg

Redirect headers

Location
https://dub.stats.paypal.com/v2/counter2.cgi?p=1e2c2426039954251433095a2bdfccbf&s=XOOM
Date
Wed, 22 Sep 2021 18:01:21 GMT
Server
PayPal-B.Stats/1.0
Connection
close
Content-Length
0
Content-Type
application/octet-stream
pa_xoom.js
www.paypalobjects.com/pa/js/
51 KB
20 KB
Script
General
Full URL
https://www.paypalobjects.com/pa/js/pa_xoom.js
Requested by
Host: assets-cdn.s-xoom.com
URL: https://assets-cdn.s-xoom.com/siteContent/24.1.20210907130731/js/xoom-analytics-init.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9fd24b7c2e41cb864f6b0a687953773a65e82c37bd7c536fc48f13fe52660ff9
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
paypal-debug-id
1753206ead390
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
19698
via
1.1 varnish, 1.1 varnish
x-served-by
cache-sjc10073-SJC, cache-hhn4030-HHN
last-modified
Thu, 09 Sep 2021 01:01:01 GMT
x-timer
S1632333682.609397,VS0,VE1
etag
W/"61395ccd-ca4c"
strict-transport-security
max-age=31557600
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
x-cache-hits
581, 1
t
api.segment.io/v1/
21 B
140 B
XHR
General
Full URL
https://api.segment.io/v1/t
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/HRMXxtDkmQkcxdAobhOakMc6bwCyl6zE/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.35.195.250 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-35-195-250.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer
https://www.xoom.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.xoom.com
date
Wed, 22 Sep 2021 18:01:21 GMT
content-length
21
vary
Origin
content-type
application/json
latmconf.js
www.paypalobjects.com/pa/mi/xoom/
2 KB
962 B
Script
General
Full URL
https://www.paypalobjects.com/pa/mi/xoom/latmconf.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/js/pa_xoom.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4acb782511e437de1e5b006ce4539bee648c8eaf66d4224de614e286e7335c23
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
https://www.xoom.com/
Origin
https://www.xoom.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, MISS
paypal-debug-id
3ac1b169616c1
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
709
via
1.1 varnish, 1.1 varnish
x-served-by
cache-sjc10020-SJC, cache-hhn4072-HHN
last-modified
Mon, 19 Jul 2021 22:04:04 GMT
x-timer
S1632333682.624924,VS0,VE154
etag
W/"60f5f6d4-63f"
strict-transport-security
max-age=31557600
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=3600
accept-ranges
bytes
access-control-allow-headers
x-csrf-token
x-cache-hits
1725, 0
ts
t.xoom.com/
42 B
703 B
Image
General
Full URL
https://t.xoom.com/ts?v=1.5.5&t=1632333681696&g=0&page=xoom%3Asign-in&pgrp=xoom%3Asign-in&tenant_name=xoom&residence_country_code=DE&send_currency_code=EUR&language=de_DE&mgaff=untracked&fingerprint_id=0fa3614b-a875-47b9-c7b0-26a3ee76394e&product=xoom&event_props=residence_country_code%2C%20send_currency_code%2C%20receive_country_code%2C%20language%2C%20mgaff%2C%20fingerprint_id%2C%20product&e=im&ef_policy=gdpr_eu&pl=pdf&pt=Einloggen%20%7C%20Xoom%2C%20ein%20Service%20von%20PayPal&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Sep 2021 18:01:21 GMT
via
1.1 varnish
x-timer
S1632333682.742483,VS0,VE147
x-cache
MISS
p3p
policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
b2009112ed15a
expires
Wed, 22 Sep 2021 18:01:21 GMT
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-cache-hits
0
accept-ranges
bytes
content-type
image/gif
content-length
42
x-served-by
cache-hhn4068-HHN
fb.js
c.paypal.com/da/r/ Frame A88B
53 KB
19 KB
Script
General
Full URL
https://c.paypal.com/da/r/fb.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f46e0d4331801815971dc491f3543631620a49095b61ee2beefcb6095c0dd07f
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31557600
content-encoding
gzip
x-content-type-options
nosniff
age
156531
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, HIT, HIT
paypal-debug-id
5999f32f2f81
x-cache-hits
4, 1, 70349
dc
ccg11-origin-www-1.paypal.com
vary
Accept-Encoding
content-length
18575
etag
W/"610b110d-d38b"
x-served-by
cache-sjc10036-SJC, cache-fra19135-FRA, cache-fra19169-FRA
last-modified
Wed, 04 Aug 2021 22:13:33 GMT
x-timer
S1632333682.776556,VS0,VE2
date
Wed, 22 Sep 2021 18:01:21 GMT
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=86400
access-control-allow-credentials
false
accept-ranges
bytes
expires
Thu, 23 Sep 2021 18:01:21 GMT
p1
c.paypal.com/v1/r/d/b/ Frame A88B
125 B
724 B
XHR
General
Full URL
https://c.paypal.com/v1/r/d/b/p1
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5812a6fdebdb0ed90798c3b548a0e259a8630b38dceee0253c4e133788585835

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 22 Sep 2021 18:01:21 GMT
via
1.1 varnish, 1.1 varnish
correlation-id
85584f0003bea
x-served-by
cache-hhn4082-HHN, cache-fra19169-FRA
x-cache
MISS, MISS
p3p
policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id
85584f0003bea
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
content-type
application/json
content-length
125
x-cache-hits
0, 0
e
c.paypal.com/v1/r/d/b/ Frame A88B
15 B
103 B
XHR
General
Full URL
https://c.paypal.com/v1/r/d/b/e
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 22 Sep 2021 18:01:21 GMT
via
1.1 varnish, 1.1 varnish
correlation-id
f2347ff6af98b
x-served-by
cache-hhn4051-HHN, cache-fra19169-FRA
x-cache
MISS, MISS
content-type
application/json
paypal-debug-id
f2347ff6af98b
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
content-length
15
x-cache-hits
0, 0
p3
c6.paypal.com/v1/r/d/b/ Frame A88B
0
264 B
Image
General
Full URL
https://c6.paypal.com/v1/r/d/b/p3?f=1e2c2426039954251433095a2bdfccbf&s=XOOM
Requested by
Host: www.xoom.com
URL: https://www.xoom.com/sign-in?redirect-destination=track-my-transaction&trackingNumber=X725318141
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.110.16.216 Oslo, Norway, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-110-16-216.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 22 Sep 2021 18:01:22 GMT
CORRELATION-ID
ee9151fb357b
Paypal-Debug-Id
ee9151fb357b
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Expires
Wed, 22 Sep 2021 18:01:22 GMT
Popups.js
assets-cdn.s-xoom.com/siteContent/24.1.20210907130731/js/xoom/ui/
8 KB
4 KB
Script
General
Full URL
https://assets-cdn.s-xoom.com/siteContent/24.1.20210907130731/js/xoom/ui/Popups.js
Requested by
Host: assets-cdn.s-xoom.com
URL: https://assets-cdn.s-xoom.com/siteContent/24.1.20210907130731/js/xoom-xvx-init.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.111.232.202 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-232-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
289516803d8198f82f0b871d128f713afc051cbb7770744d2c0840855463a7f1
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.xoom.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
public
date
Wed, 22 Sep 2021 18:01:21 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 07:01:00 GMT
etag
"61385fac-1f89"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=314165945
x-envoy-upstream-service-time
2
accept-ranges
bytes
content-length
3459
x-xss-protection
1; mode=block
expires
Sat, 06 Sep 2031 22:20:26 GMT

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect boolean| originAgentCluster object| xoom object| analytics object| webpackChunkxoom_visual_experience function| XVXZepto number| _zid function| $ function| Zepto function| head boolean| tapHandling boolean| tappy object| Velocity function| $$$ function| setLinkerParameter object| core function| Tracktor function| normalize object| PAYPAL object| fpti string| fptiserverurl object| _ifpti object| latmconf

19 Cookies

Domain/Path Name / Value
www.xoom.com/ Name: mgaff_1
Value: untracked
www.xoom.com/ Name: AB_1
Value: 1851154463433638144
www.xoom.com/ Name: xReCo
Value: DE
www.xoom.com/ Name: FGP_1
Value: 0fa3614b-a875-47b9-c7b0-26a3ee76394e
www.xoom.com/ Name: xSoCu
Value: EUR
www.xoom.com/ Name: loc_1
Value: de_DE
www.xoom.com/ Name: enforce_policy
Value: gdpr_eu
www.xoom.com/ Name: referringUrl_1
Value:
www.xoom.com/ Name: FP_1
Value: 0c563d332c2894f82750a711292c35d6
www.xoom.com/ Name: PXSID
Value: 65A9D03FFB33B85D1BBAD77BC2ABD6A8.ocb
.xoom.com/ Name: TS01b136be
Value: 014b09cbb7f424767ae04236f8645d28f32fd1f49f5b9d9ab1a2afc944c477d9e1dac9fb66553f88b7bbe8133a95ca2e8cfae12c1026e6bf8f3e59666f1d6626a4f183ddef
www.xoom.com/ Name: FN_1
Value: 1e2c2426039954251433095a2bdfccbf
www.xoom.com/ Name: JSESSIONID
Value: 4d56237d-2999-4df7-a198-e44ace02725d
www.xoom.com/ Name: TS01a12024
Value: 014b09cbb74ecc79c5d7f079224c4a56f6da91b1bb5b9d9ab1a2afc944c477d9e1dac9fb66ea7c26b3aaa99b13a59dda56be4d380deffdec558f111bd04b536730656f8652a1dcb1a50efa51729efe6f8604be549ba329d5a55e3823997344c650d851410beab3effbbdff32b45e82a36f595277597c163ecb36f596906652a00d281bfa01172b17a8ec4b625a03921d7a1fb541a944e0b5b99d3b40753bf909331e3c8a0cde39b36e37e75acde076fb616b5464dfbcd62227d3e93c2fe8aa5e94f3c6aeff0164a1f6f71346362ae36f1209e786e4e9772969e31fdb3f01ed9214ac1bcb5d32def332c236c0b671f356267220a182f24ed21e697c7ce271809335ddc46b7d7e0218d9c166c15598f7b8c7673a0aa9
.xoom.com/ Name: ajs_anonymous_id
Value: %229c95dba1-a064-450d-880d-6eef21a81bb1%22
.xoom.com/ Name: ts
Value: vreXpYrS%3D1727028081%26vteXpYrS%3D1632335481%26vr%3De71cd0235de14913c9f426a3ee76394e%26vt%3D04853271ecff456ac51f26a3ee76394e%26vtyp%3Dnew
.xoom.com/ Name: ts_c
Value: vr%3De71cd0235de14913c9f426a3ee76394e%26vt%3D04853271ecff456ac51f26a3ee76394e
.c.paypal.com/ Name: sc_f
Value: pST07vVnNElL7JjzKNlMqDNdSSb0inY4FfZxJYK2U0dTOf0YNrp0EkE_OebldCn6ORDULEENLfSDgSk2hlEIgVRyY-p0S6wOBIhYA0
.paypal.com/ Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK
Value: G1fws4rvTEQcrjAxfblXrVkZbNOF6VUP4tEUGxv-A0KeQaGAKWnhfTpeECpBGC1L6beZLfKa1wXhvQ6V

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy connect-src https://*.xoom.com/ 'self' https://*.google-analytics.com/ https://*.mixpanel.com/ https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.braintreegateway.com/ https://*.googleapis.com/ wss://*.xoom.com/ https://*.doubleclick.net/ https://*.segment.io/ https://*.paypal.com/ https://*.s-xoom.com/ https://*.online-metrix.net/ https://*.braintree-api.com/ https://paypalobjects.com/; frame-ancestors https://*.salesforce.com/ https://*.paypal.com/ 'self'; script-src https://www.paypalobjects.com/ 'unsafe-inline' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.cardinalcommerce.com/ https://*.mxpnl.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.recaptcha.net/; img-src 'self' data: https:; style-src https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; frame-src https://www.paypalobjects.com/ https://connect.facebook.net/ https://*.xoom.com/ https://assets-cdn.s-xoom.com/ 'self' https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.facebook.com/ https://*.braintreegateway.com/ https://*.doubleclick.net/ https://*.paypal.com/ https://youtube.com/ https://www.youtube.com/ https://*.online-metrix.net/ https://media.mtvnservices.com/; base-uri 'self'; worker-src 'self'; report-uri https://csp.tsrs.cloud/r/15b76e5fbe4daeec65972e018e98b8fb6b21f0ea; object-src https://*.cardinalcommerce.com/ https://*.online-metrix.net/; font-src https://www.paypalobjects.com/ https://fonts.gstatic.com/ https://*.s3.amazonaws.com/ 'self' https://*.s-xoom.com/ https://fonts.googleapis.com/ data:; media-src https://ssl.gstatic.com/; form-action 'self' https://*.paypal.com/ https://*.cardinalcommerce.com/ https://help.xoom.com/;
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
assets-cdn.s-xoom.com
b.stats.paypal.com
c.paypal.com
c6.paypal.com
cdn.segment.com
d1wnclalxop6x4.cloudfront.net
dub.stats.paypal.com
images.ctfassets.net
t.xoom.com
www.paypalobjects.com
www.xoom.com
104.110.16.216
104.111.232.202
13.32.22.53
151.101.193.35
151.101.66.133
18.66.110.125
205.189.102.141
52.222.206.172
52.35.195.250
64.4.245.84
004518367b7fca116cec42218658e8432fd124460bb57d47b44948ed89352737
12c3948d00c4eec926af12933331fa9de93e0361fb7957faffc63066ca72a4f9
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1f70ff447ed799a34f4c3ae37ef1f49ed4af71123ba2c2aefe354565354284be
20bc61d46fc8c87054b5a6a3fe57a4c457f0754c03919f0c69b0ef68dbfd6126
289516803d8198f82f0b871d128f713afc051cbb7770744d2c0840855463a7f1
2ac55ce548e3a3932efb6d0f95e467184a038bdbc74d58522e3580a3cd5a943d
2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1
35d8d431c789a316f4f145aacfe4f719b87c34fb7e5128f6f6c54a6db4a13d66
3f00da56c69d88ca8b0f49ef2ff8b802dac5b172ef6f26ee7d5f9d9474d8a0fa
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4acb782511e437de1e5b006ce4539bee648c8eaf66d4224de614e286e7335c23
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5812a6fdebdb0ed90798c3b548a0e259a8630b38dceee0253c4e133788585835
61b181fef0e73492b33408bee9456f1502f7dca9a4f478dd2c86c23616067265
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
9fb98bbba000c29da0f05bab6d7fc076b66160caaf6532e55c62e5abd26e55bb
9fd24b7c2e41cb864f6b0a687953773a65e82c37bd7c536fc48f13fe52660ff9
acd9b512fa356580dd8b1c054966eaa35159067492d7c1503016f2425c7eac6d
c91742299369178d81bd9e937dece27e5299620b00a88b15f9c78b225f0806cf
cef824fb8367c99451fb750ac69e997ae19c9c6654e13cab72b6f4188c2ac5f7
cf3b6e52abdb68e5493ab0e34ac47c7b0230b839dbe6a29e1d17397e5a184336
d3e337a957ad2aac0c942666652ae673f762040a639056ed6d2d0521c142b1c4
d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5
d565897ad03c72b50634e6ab28c7d01d481ba7bdc6d9e14d8e78f578b93ebe90
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f46e0d4331801815971dc491f3543631620a49095b61ee2beefcb6095c0dd07f